summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJason A. Donenfeld <Jason@zx2c4.com>2014-03-18 23:05:39 -0600
committerJason A. Donenfeld <Jason@zx2c4.com>2014-03-18 23:07:43 -0600
commit51f9b6888ce1640c887c308d869c5f716d071430 (patch)
tree23f82b4b577980daa6fac2f86f5755213307a37c
parent9b27d7384e22405b109e9c3883ee9d01cfaa89ec (diff)
downloadpass-51f9b6888ce1640c887c308d869c5f716d071430.tar.gz
pass-51f9b6888ce1640c887c308d869c5f716d071430.tar.bz2
pass-51f9b6888ce1640c887c308d869c5f716d071430.zip
Do not compress passwords.
According to a forthcoming paper by Alfredo Pironti, OpenPGP compression can reveal entropy levels. We thus disable compression. Existing password stores can be reencrypted without compression using the "--reencrypt" flag for "init". Reported-by: Alfredo Pironti <alfredo.pironti@inria.fr> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to '')
-rwxr-xr-xsrc/password-store.sh2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/password-store.sh b/src/password-store.sh
index 2500253..d0a8ab8 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -8,7 +8,7 @@ umask 077
PREFIX="${PASSWORD_STORE_DIR:-$HOME/.password-store}"
ID="$PREFIX/.gpg-id"
GIT_DIR="${PASSWORD_STORE_GIT:-$PREFIX}/.git"
-GPG_OPTS="--quiet --yes --batch"
+GPG_OPTS="--quiet --yes --batch --compress-algo=none"
export GIT_DIR
export GIT_WORK_TREE="${PASSWORD_STORE_GIT:-$PREFIX}"