Do not compress passwords.

According to a forthcoming paper by Alfredo Pironti, OpenPGP compression can reveal entropy levels. We thus disable compression. Existing password stores can be reencrypted without compression using the "--reencrypt" flag for "init". Reported-by: Alfredo Pironti <alfredo.pironti@inria.fr> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
author: Jason A. Donenfeld <Jason@zx2c4.com> 2014-03-18 23:05:39 -0600
committer: Jason A. Donenfeld <Jason@zx2c4.com> 2014-03-18 23:07:43 -0600
commit: 51f9b6888ce1640c887c308d869c5f716d071430 (patch)
tree: 23f82b4b577980daa6fac2f86f5755213307a37c
parent: 9b27d7384e22405b109e9c3883ee9d01cfaa89ec (diff)
download: pass-51f9b6888ce1640c887c308d869c5f716d071430.tar.gz
pass-51f9b6888ce1640c887c308d869c5f716d071430.tar.bz2
pass-51f9b6888ce1640c887c308d869c5f716d071430.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/src/password-store.sh b/src/password-store.sh
index 2500253..d0a8ab8 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -8,7 +8,7 @@ umask 077
 PREFIX="${PASSWORD_STORE_DIR:-$HOME/.password-store}"
 ID="$PREFIX/.gpg-id"
 GIT_DIR="${PASSWORD_STORE_GIT:-$PREFIX}/.git"
-GPG_OPTS="--quiet --yes --batch"
+GPG_OPTS="--quiet --yes --batch --compress-algo=none"
 
 export GIT_DIR
 export GIT_WORK_TREE="${PASSWORD_STORE_GIT:-$PREFIX}"
author	Jason A. Donenfeld <Jason@zx2c4.com>	2014-03-18 23:05:39 -0600
committer	Jason A. Donenfeld <Jason@zx2c4.com>	2014-03-18 23:07:43 -0600
commit	51f9b6888ce1640c887c308d869c5f716d071430 (patch)
tree	23f82b4b577980daa6fac2f86f5755213307a37c
parent	9b27d7384e22405b109e9c3883ee9d01cfaa89ec (diff)
download	pass-51f9b6888ce1640c887c308d869c5f716d071430.tar.gz pass-51f9b6888ce1640c887c308d869c5f716d071430.tar.bz2 pass-51f9b6888ce1640c887c308d869c5f716d071430.zip