From 51f9b6888ce1640c887c308d869c5f716d071430 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Tue, 18 Mar 2014 23:05:39 -0600 Subject: Do not compress passwords. According to a forthcoming paper by Alfredo Pironti, OpenPGP compression can reveal entropy levels. We thus disable compression. Existing password stores can be reencrypted without compression using the "--reencrypt" flag for "init". Reported-by: Alfredo Pironti Signed-off-by: Jason A. Donenfeld --- src/password-store.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/password-store.sh b/src/password-store.sh index 2500253..d0a8ab8 100755 --- a/src/password-store.sh +++ b/src/password-store.sh @@ -8,7 +8,7 @@ umask 077 PREFIX="${PASSWORD_STORE_DIR:-$HOME/.password-store}" ID="$PREFIX/.gpg-id" GIT_DIR="${PASSWORD_STORE_GIT:-$PREFIX}/.git" -GPG_OPTS="--quiet --yes --batch" +GPG_OPTS="--quiet --yes --batch --compress-algo=none" export GIT_DIR export GIT_WORK_TREE="${PASSWORD_STORE_GIT:-$PREFIX}" -- cgit v1.2.3