We advice to update to 1.2.1 or later as soon as possible and change any password you may have generated with the QtPass' password generator. Please note that this is an issue with the QtPass GUI and not in pass or the greater password-store ecosystem. Msecs since 1970 (not that that'd be secure anyway), but rather the The generator used libc's random(), seeded with srand(msecs), where msecs is not the Insecure Password Generation prior to 1.2.1Īll passwords generated with QtPass' built-in password generator prior to 1.2.1 are possibly predictable and enumerable by hackers. The use of external encryption devices like OpenPGP or x509/CMS based smartcards or USB tokens and per-folder ACL makes it easy to grant or take away privileges from users. Since we are based on GnuPG we have multi-key, multi recipient encryption out of the box. These encrypted files may be organized into meaningful folder hierarchies, copied from computer to computer, and, in general, manipulated using standard command line file management utilities.Ĭontrary to many Free, Libre and OpenSource password managers, pass and by extension QtPass are not bound to one user or device. With pass, each password lives inside of a gpg encrypted file whose filename is the title of the website or resource that requires the password. Password management should be simple and follow Unix philosophy. This means you are not stuck with QtPass, you can use the same password store with many clients. GUI for pass, the standard UNIX password manager
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |