I'm the author of mypass. First of all, I'm very sorry to drop support (temporarily at least) for macOS and Windows with the latest release. It was a necessity for adopting SQLCipher (without available bindings for Python 3). But I reached the point where rolling (and encrypting) my own data structures is no longer a reasonable option (in particular with added support for multi-context credentials). On the other hand, the latest release adds support for FreeBSD (in addition to Linux).Unlike most Show HN posts this isn't a new software, but one that I initially created back in 2014, and ended up spending a fair amount of time on recently, leading to its 2.0 version which I released today. In the beginning it was just a hack scratching a personal itch of mine. But I think mypass has matured a lot since then, and I'd love to get some feedback from other potential users.
adur1990|6 years ago
wallunit|6 years ago
Anyway, one issue I have with "pass" is that it leaks metadata, as it uses the file system to organize different credentials, while only the files storing the credentials itself are encrypted.
Also "pass" uses GPG for encryption, which can provide additional security if you store your private key on an external drive or smartcard, and take additional measures to make it more difficult to obtain access to your password store and private key at the same time. But in the more common setup where the password store is stored along the private key on the same device, cracking your GPG passphrase will require less computation than cracking a passphrase using PBKDF2 with 256,000 iterations like used for key derivation in mypass.