This is all a lot of effort, if I went down that road I might as well skip "pass... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		omtose on Nov 7, 2016 \| parent \| context \| favorite \| on: LessPass: sync-less open source password manager This is all a lot of effort, if I went down that road I might as well skip "pass" and handle the passwords myself. What I like about pass is that there isn't much setup. Full disk encryption also doesn't prevent a running application from seeing the directory structure. But I guess this is not a very realistic attack vector.

adilparvez on Nov 7, 2016 [–]

Yes, under that threat model you would lose with all of these password managers.

omtose on Nov 7, 2016 | [–]

How so? If the entire directory structure is also encrypted then no program can easily know which sites or services I have passwords for.

adilparvez on Nov 7, 2016 | | [–]

I was meaning if your machine was compromised.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact