|
|
|
|
|
|
by Jfreegman
2279 days ago
|
|
|
My motivation for writing spicypass was actually a frustrating struggle I once had trying to get pass to play nicely with my GPG installation. I decided it would be easier (and more fun) to write my own. So one of the main differences is that spicypass is setup-free. You just pick a master password and go. It achieves this by using symmetric encryption via the libsodium library. A nice side-effect of this is that backups are as simple as copying the .spicypass file to your backup device/server. With asymmetric encryption you have to worry about backing up your private keys in addition to the store file(s). Another major difference is that it has an idle lock. Even if someone has root access to your machine and you leave it unattended while spicypass is running, they won't be able to see your passwords (assuming there's no keylogger involved). There's also the minimalist aspect. pass has a lot of features that I personally don't need and consider to be bloat. I designed spicypass to my own personal specs: A very simple notepad-like interface, but secure. I figure I can't be the only one who thinks all the bells and whistles that most password managers have just get in the way. |
|
|
When I want to push to a git repo and authenticate with my private key, I just run git push normally, and a pin-entry prompt comes up, and I just need to enter my master password. Similarly, when I want to use a stored password for logging into a website, I just click the passff extension and enter my master password into the pinentry program. It would seem like something like spicypass would just bloat my system, requiring multiple programs for authenticating in different ways.
I can understand the drive for minimalism, but I can't see any reasonable metric by which pass could be seen as bloated - it provides a small set of features that are important for a password store and nothing more.