Software:Pass

pass
Developer(s)	Jason A. Donenfeld
Initial release	September 4, 2012; 11 years ago
Written in	Bash
Operating system	FreeBSD, Linux, OpenBSD, OS X
Available in	English
Type	Password manager
License	GPL-2.0-or-later

pass is a password manager inspired by the Unix philosophy. It has a command-line interface, and uses GnuPG for encryption and decryption of stored passwords.^[1]^[2]

The passwords are encrypted and stored in separate files, and can be organized via the operating system's filesystem. A password file can contain additional text, such as the username, the email address, comments, or anything the user would like, since the password files are nothing more than encrypted text files.

There are several graphical user interfaces (GUIs) available, such as QtPass for Linux/Windows/MacOS or Password Store for Android operating systems. A syncing system is not implemented, but syncing can be achieved by using the Git version control system. The built in Git functionality also allows for automated version history tracking of the password store.

Vulnerabilities

In June 2018, pass was found to be vulnerable to a variant of the SigSpoof attack.^[3]^[4] The issue was patched the same day that the vulnerability was disclosed.^[3]

References

↑ Bruce Byfield (January 2014). "Remembrance of Things Pass". http://www.linux-magazine.com/Issues/2014/158/Command-Line-Pass.
↑ Joe Brockmeier (24 June 2014). "Using pass to Manage Your Passwords on Fedora". https://fedoramagazine.org/using-pass-to-manage-your-passwords-on-fedora/.
↑ ^3.0 ^3.1 "Pass gets a fail: Simple Password Store suffers GnuPG spoofing bug". https://www.theregister.co.uk/2018/06/19/gnupg_popped_again_in_pass/.
↑ "Decades-old PGP bug allowed hackers to spoof just about anyone's signature". 14 June 2018. https://arstechnica.com/information-technology/2018/06/decades-old-pgp-bug-allowed-hackers-to-spoof-just-about-anyones-signature/.

External links

Official website

0.00

(0 votes)

[1] Bruce Byfield (January 2014). "Remembrance of Things Pass". http://www.linux-magazine.com/Issues/2014/158/Command-Line-Pass.

[2] Joe Brockmeier (24 June 2014). "Using pass to Manage Your Passwords on Fedora". https://fedoramagazine.org/using-pass-to-manage-your-passwords-on-fedora/.

[reg-2018-06-19-3] 3.0 ^3.1 "Pass gets a fail: Simple Password Store suffers GnuPG spoofing bug". https://www.theregister.co.uk/2018/06/19/gnupg_popped_again_in_pass/.

[4] "Decades-old PGP bug allowed hackers to spoof just about anyone's signature". 14 June 2018. https://arstechnica.com/information-technology/2018/06/decades-old-pgp-bug-allowed-hackers-to-spoof-just-about-anyones-signature/.

[1]

[2]

[3]

[4]

v t e Password managers
Proprietary	1Password Dashlane Enpass Intuitive Password Keeper LastPass Mitto Myki Pleasant Password Server SafeInCloud
Open source	Bitwarden Factotum Firefox Lockwise GNOME Keyring KeePass KeePassX KeePassXC Keychain KWallet Pass Password Safe Seahorse
Discontinued	Gator eWallet KYPS Mitro Offer Assistant
Category List of password managers

Anonymous

Search

Software:Pass

Namespaces

More

Page actions

Contents

Vulnerabilities

See also

References

External links

Navigation

Navigation

Help

Translate

Wiki tools

Wiki tools

Anonymous

Search

Software:Pass

Vulnerabilities

See also

References

External links

Navigation

Wiki tools

Page tools

Other projects

Categories