C2SP
pass-rofi-gui
C2SP | pass-rofi-gui | |
---|---|---|
15 | 1 | |
236 | 7 | |
8.1% | - | |
7.4 | 10.0 | |
about 1 month ago | over 1 year ago | |
Python | Rust | |
GNU General Public License v3.0 or later | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
C2SP
- Sunlight, a Certificate Transparency log implementation
-
Do any libraries exist for zero-trust file storage (storing client-encrypted data on the server without the key)?
Age is a modern, respected crypto solution: https://github.com/C2SP/C2SP/blob/main/age.md
-
argon2 vs bcrypt vs scrypt vs pbkdf2
Argon2 is the best choice, but scrypt may be more easily available: https://github.com/C2SP/C2SP/issues/10
-
Age: Modern file encryption format with multiple pluggable recipients
Hi! I read and appreciated your issues and discussions, sorry I didn't get to respond to them yet, but I've been thinking about it.
Although I don't disagree that parsing text is hard, I also think that parsing variable-size binary formats is hard (and there is a tall, tall pile of bugs to confirm that). Really, parsing is hard. Rather than count on one design or the other to be bug-proof, I worked on a large test suite to help implementations catch their parsing bugs. [https://c2sp.org/CCTV/age] I think it would have found one of the issues you reported if that implementation had integrated it, and I am going to add vectors for various resource exhaustion scenarios which I hope would have found the other. (I am not going to look at what it is exactly, so I will know if I made the suite comprehensive enough without being too specific about this bug.)
I also liked your observation that it would have been nice if the header was streamable. [https://github.com/C2SP/C2SP/issues/28] It went on the pile labeled "regrets / for v2 when it comes", thank you.
-
age.el: age encryption support for Emacs
I think it's ironic that you imply a "dozen of immature crypto libraries" are used in the Age spec. It's quite the opposite and the Age spec provides a reduction in so-called "yolo crypto" versus the OpenPGP spec. See: https://github.com/C2SP/C2SP/blob/main/age.md and also give https://latacora.micro.blog/2019/07/16/the-pgp-problem.html# for a pretty accurate overview of what's wrong with OpenPGP.
-
Pa – a simple password manager based on age
… okay, then look at the spec, which is beautifully simple: https://github.com/C2SP/C2SP/blob/main/age.md#the-scrypt-rec...
- The recent security issues with LastPass made me wonder - couldn't I just use an encrypted notepad app on my phone to achieve the same level of security?
-
Age WASM - age encryption tool in the browser
I had the same question. I believe it refers to “Actually Good Encryption” (https://github.com/C2SP/C2SP/blob/main/age.md).
pass-rofi-gui
-
Pa – a simple password manager based on age
That's true, the simple & fast UI (TUI/GUI) helps a lot. However, I would not extrapolate it to a huge problem. I am person, who have written own pass/passage implementation [0], just because I disliked how many steps I need to make to select the password for the form input, modify it or sync secrets.
Initially, I had used the `gopass`. It is probably the most convenient way to start using the password-store. It is cross-platform, 100% compatible with pass & pass-otp. To copy the password, you basically type the part of the file you are looking for. If you type "gopass show github", it will display a TUI, where you can select the file you are looking for (let's say you have two files "personal/github.com.gpg" and "work/github.com.gpg"). Unfortunately, the search function was far from perfect, and it had a problem with typos like "gtihbu" at the time, when I was using it.
To get rid of this issue, I decided to adapt pass/gopass to use `fzf` [2]. In the same time, my .password-store/ dir was rapidly growing that made me think about implementing pass from scratch. I improved the implementation to have better caching, synchronization between machines/mobile, but more importantly - a simple `secret [arg]` command that will execute `fzf` to list all known creds and simplify selection of the password. Of course, it accepted an argument that was limiting the results, which is great when you need to get back to the previous credential to retype something.
The introduction of `fzf` made it really convenient, and I decided to add more commands with fuzzy search, such as:
- `otp` - limits results files containing TOTP/HOTP token, calculates and copies it to the clipboard.
- `secret-edit`, `secret-remove`, `secret-show`... aliases to sub-commands that open `fzf` command in multi-selection mode, so by utilizing space key I could select what files are meant to be modified, removed, displayed etc. Quite handy for mass-edit.
- `secret-qr` - similar to the gopass' feature, but it made a simplified way to create and display QR codes dedicated to share contacts, WiFI SSID+password combination (etc.) to someone who was asking for creds from me.
Awesome, but alt-tabbing got me annoyed after a few years of using. I started pursuing for more sophisticated interface. I decided to give `rofi` [3] a try. I managed to fork that repo and also adapt to my convention of using password-store, but I left i3 for a macOS.
Currently, I have started working on a browser extension that takes care of suggesting password-store creds (based on the path, input parameters, location on the website etc.) similarly to what uBlock Origin does. That configuration is passed to my pass implementation, so on the github.com, my browser have only "work" and "personal" auto-suggestion, when I am focusing the text input.
I plan to create a similar app to Shortcat [4], but it will preserve the information what password has been asked for the focused app. I think, with VoiceOver assistance, it is more than possible to mitigate the need for alt-tabbing to the terminal for electron/native apps.
[0]: It is a private repository, maybe when it will be polished enough I will open-source it.
[1]: https://github.com/gopasspw/gopass
[2]: https://github.com/junegunn/fzf
[3]: https://github.com/alecdwm/pass-rofi-gui
[4]: https://shortcat.app/
What are some alternatives?
sops - Simple and flexible tool for managing secrets
age.el - Transparent age encryption support for Emacs modeled after EPG/EPA
age - A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.
pa - a simple password manager. encryption via age, written in portable posix shell
rage - A simple, secure and modern file encryption tool (and Rust library) with small explicit keys, no config options, and UNIX-style composability.
passage - A fork of password-store (https://www.passwordstore.org) that uses age (https://age-encryption.org) as backend.
age-plugin-yubikey - YubiKey plugin for age