Re: [dev] securiy guidance

From: Anselm Garbe <>
Date: Sat, 10 Mar 2018 09:21:26 -0800

Hi Markus,

On 10 March 2018 at 06:08, Markus Teich <> wrote:
> Should be fine, but the salt should not be secret (you need to sync it
> between devices where you want to use this system after all). The point is
> that you can give your encrypted database as it is stored on disk to anyone
> and they would not be able to derive anything (you care about) from it
> without the master password. Depending on what you care about, the whole

> In the end the master password should be the only thing that needs to be
> kept
> secret and you can easily "sync" that between devices by remembering it. ;)

I tried to grasp the overall suggestion, but how is that different to
a single text stream of the format:

user_AT_domain: password\n*

being encrypted using your own PGP public key into a single file? Each
time you want to know a username or password, you decrypt the file,
look it up and are done with it.

Are you concerned about portions becoming decrypted in memory on your
local host?

Best regards,
Received on Sat Mar 10 2018 - 18:21:26 CET

This archive was generated by hypermail 2.3.0 : Sat Mar 10 2018 - 18:24:19 CET