top | item 29600122

(no title)

jeremyw | 4 years ago

Can you clarify re not password-protecting keys?

If I run GUI applications, let's say, as my user -- as is the default in most operating systems -- they have general access to my files, including my keys-as-files, no? (Putting aside some minor restrictions MacOS and others are slowly making.)

discuss

FiloSottile|4 years ago

Yes, and they can also replace the age binary with one that uploads the password as soon as you type it. There is no meaningful security boundary to defend.

We implemented support for password-encrypted keys for the cases where you store the key file in, say, Dropbox.

darkwater|4 years ago

But in the "age binary replaced" threat scenario, isn't just gameover even with hardware keys? Eg. the same exact age code with an extra call after the print password to stdout that uploads it somewhere?

jeremyw|4 years ago

I suppose in a homebrew situation, but not if age is root-installed, correct? It seems like that's a hard boundary.

unknown|4 years ago

[deleted]