~gpanders/passage

6 2

Motivation for the project

Details
Message ID
<C7IC3WOFWGDY.21YWZPD23MGFI@desktop-pc>
DKIM signature
missing
Download raw message
Hi,

I wanted to ask if someone would be nice enough to elaborate on the
advancments that this project brings over pass itself - are there some
real benefits to passage over pass as far as security goes?

Thanks!
Robin
Details
Message ID
<X8e5E3zzXngB1EnG@s1034043>
In-Reply-To
<C7IC3WOFWGDY.21YWZPD23MGFI@desktop-pc> (view parent)
DKIM signature
missing
Download raw message
On Wed, 02 Dec 2020 at 02:29 PM, Robin Opletal wrote:
>Hi,
>
>I wanted to ask if someone would be nice enough to elaborate on the
>advancments that this project brings over pass itself - are there some
>real benefits to passage over pass as far as security goes?
>
>Thanks!
>Robin

Hi Robin,

I expect that this will probably be a common question, so I do intend to 
add a "Motivation" section to the README or documentation at some point 
once I get the basic functionality stable.

My primary motivation for starting this project was initially runtime 
speed. I don't know if this is a common issue for others, but pass was 
often taking between 1.5-2 seconds to retrieve a single password. This 
just felt too slow to me and was particularly noticeable when using pass 
to retrieve credentials at program startup (for example, mutt uses pass 
to retrieve my IMAP password, and this was adding ~2 seconds to mutt's 
startup time).

Part of this is due to gpg itself. My unscientific analysis shows that 
gpg itself takes just under 1 second to decrypt a file. The remainder of 
the latency was solely due to pass (likely due to the fact that it's 
written in shell script).

My original intent was to simply "rewrite" pass in Rust with the dual 
intention of improving runtime performance as well as finally having an 
excuse to learn Rust. However, shortly after starting I realized that 
this was also an opportunity to take advantage of some of the 
up-and-coming encryption tools outside of gpg. I personally have no love 
lost for gpg, I find it complex and annoying to use. I think age 
(pronounced ah-GAY) is a well-designed, Unix like encryption tool with a 
lot of potential, and it just so happens to have a Rust implementation 
:)

The results so far are quite promising. Where pass takes anywhere from 
1.5-2 seconds to retrieve a password, passage can do it in about 12 
milliseconds. That's at least a 125x improvement in runtime performance.  
By using age instead of gpg, there's also no more futzing about with 
gpg's UX (this may or may not be appealing to you depending on how you 
feel about gpg, of course).

I hope that answers your question satisfactorily. Let me know if I can 
elaborate on anything.

Gregory
Details
Message ID
<C7IGD5IK6BZS.GSQWGHJJQH5F@desktop-pc>
In-Reply-To
<X8e5E3zzXngB1EnG@s1034043> (view parent)
DKIM signature
missing
Download raw message
> but pass was often taking between 1.5-2 seconds to retrieve a single password.

Thanks - I am not experiencing that big of a lag, I would say retrieving a
password and copying it to the clipboard takes 0.08s with an unlocked
keyring. Improvements are always welcome though - I was just curious :)
Details
Message ID
<X8fl82RWkt9Z7mnt@s1034043.srn.sandia.gov>
In-Reply-To
<C7IGD5IK6BZS.GSQWGHJJQH5F@desktop-pc> (view parent)
DKIM signature
missing
Download raw message
On Wed, 02 Dec 2020 at 17:50 +0100, Robin Opletal wrote:
>Thanks - I am not experiencing that big of a lag, I would say 
>retrieving a password and copying it to the clipboard takes 0.08s with 
>an unlocked keyring. Improvements are always welcome though - I was 
>just curious :)

It seems like this might just be an issue on macOS. I just tried pass on 
Ubuntu 16.04 and it was quite fast (~140ms).

This is good to know, thanks for sharing your experience.
Details
Message ID
<X8fpGT9JpyKLzrGz@s1034043.srn.sandia.gov>
In-Reply-To
<X8fl82RWkt9Z7mnt@s1034043.srn.sandia.gov> (view parent)
DKIM signature
missing
Download raw message
On Wed, 02 Dec 2020 at 12:07 -0700, Gregory Anders wrote:
>On Wed, 02 Dec 2020 at 17:50 +0100, Robin Opletal wrote:
>>Thanks - I am not experiencing that big of a lag, I would say 
>>retrieving a password and copying it to the clipboard takes 0.08s 
>>with an unlocked keyring. Improvements are always welcome though - I 
>>was just curious :)
>
>It seems like this might just be an issue on macOS. I just tried pass 
>on Ubuntu 16.04 and it was quite fast (~140ms).
>
>This is good to know, thanks for sharing your experience.

I actually figured out what the problem is:

     https://git.zx2c4.com/password-store/commit/?id=07b169ec32ad6961ed8625a0b932a663abcb01d2

On macOS, pass uses the brew command to find the path for GNU getopt.  
This is what is actually taking so long. The commit above fixes the 
issue.

I'm glad you said something or else I likely wouldn't ever have dug into 
this. It's good know that it's not pass itself that is slow.
Details
Message ID
<X8ftrHFGofEoiw6C@s1034043.srn.sandia.gov>
In-Reply-To
<X8fpGT9JpyKLzrGz@s1034043.srn.sandia.gov> (view parent)
DKIM signature
missing
Download raw message
On Wed, 02 Dec 2020 at 12:21 -0700, Gregory Anders wrote:
>I actually figured out what the problem is:
>
>    https://git.zx2c4.com/password-store/commit/?id=07b169ec32ad6961ed8625a0b932a663abcb01d2
>

Ironically, the person who authored that change [1] is also the author 
of age.

[1]: https://filippo.io/
Details
Message ID
<C7IKT8CDR9HF.7N1VEVGHOGZB@desktop-pc>
In-Reply-To
<X8ftrHFGofEoiw6C@s1034043.srn.sandia.gov> (view parent)
DKIM signature
missing
Download raw message
That's some great inside info in general - I am glad that the issues you
are experiencing are only local to MacOSX right now.

Thanks for updating this thread :)
Reply to thread Export thread (mbox)