Hi,
I wanted to ask if someone would be nice enough to elaborate on the
advancments that this project brings over pass itself - are there some
real benefits to passage over pass as far as security goes?
Thanks!
Robin
On Wed, 02 Dec 2020 at 02:29 PM, Robin Opletal wrote:
>Hi,>>I wanted to ask if someone would be nice enough to elaborate on the>advancments that this project brings over pass itself - are there some>real benefits to passage over pass as far as security goes?>>Thanks!>Robin
Hi Robin,
I expect that this will probably be a common question, so I do intend to
add a "Motivation" section to the README or documentation at some point
once I get the basic functionality stable.
My primary motivation for starting this project was initially runtime
speed. I don't know if this is a common issue for others, but pass was
often taking between 1.5-2 seconds to retrieve a single password. This
just felt too slow to me and was particularly noticeable when using pass
to retrieve credentials at program startup (for example, mutt uses pass
to retrieve my IMAP password, and this was adding ~2 seconds to mutt's
startup time).
Part of this is due to gpg itself. My unscientific analysis shows that
gpg itself takes just under 1 second to decrypt a file. The remainder of
the latency was solely due to pass (likely due to the fact that it's
written in shell script).
My original intent was to simply "rewrite" pass in Rust with the dual
intention of improving runtime performance as well as finally having an
excuse to learn Rust. However, shortly after starting I realized that
this was also an opportunity to take advantage of some of the
up-and-coming encryption tools outside of gpg. I personally have no love
lost for gpg, I find it complex and annoying to use. I think age
(pronounced ah-GAY) is a well-designed, Unix like encryption tool with a
lot of potential, and it just so happens to have a Rust implementation
:)
The results so far are quite promising. Where pass takes anywhere from
1.5-2 seconds to retrieve a password, passage can do it in about 12
milliseconds. That's at least a 125x improvement in runtime performance.
By using age instead of gpg, there's also no more futzing about with
gpg's UX (this may or may not be appealing to you depending on how you
feel about gpg, of course).
I hope that answers your question satisfactorily. Let me know if I can
elaborate on anything.
Gregory
> but pass was often taking between 1.5-2 seconds to retrieve a single password.
Thanks - I am not experiencing that big of a lag, I would say retrieving a
password and copying it to the clipboard takes 0.08s with an unlocked
keyring. Improvements are always welcome though - I was just curious :)
On Wed, 02 Dec 2020 at 17:50 +0100, Robin Opletal wrote:
>Thanks - I am not experiencing that big of a lag, I would say >retrieving a password and copying it to the clipboard takes 0.08s with >an unlocked keyring. Improvements are always welcome though - I was >just curious :)
It seems like this might just be an issue on macOS. I just tried pass on
Ubuntu 16.04 and it was quite fast (~140ms).
This is good to know, thanks for sharing your experience.
On Wed, 02 Dec 2020 at 12:07 -0700, Gregory Anders wrote:
>On Wed, 02 Dec 2020 at 17:50 +0100, Robin Opletal wrote:>>Thanks - I am not experiencing that big of a lag, I would say >>retrieving a password and copying it to the clipboard takes 0.08s >>with an unlocked keyring. Improvements are always welcome though - I >>was just curious :)>>It seems like this might just be an issue on macOS. I just tried pass >on Ubuntu 16.04 and it was quite fast (~140ms).>>This is good to know, thanks for sharing your experience.
I actually figured out what the problem is:
https://git.zx2c4.com/password-store/commit/?id=07b169ec32ad6961ed8625a0b932a663abcb01d2
On macOS, pass uses the brew command to find the path for GNU getopt.
This is what is actually taking so long. The commit above fixes the
issue.
I'm glad you said something or else I likely wouldn't ever have dug into
this. It's good know that it's not pass itself that is slow.
That's some great inside info in general - I am glad that the issues you
are experiencing are only local to MacOSX right now.
Thanks for updating this thread :)