diff options
author | Anne Jan Brouwer <annejan@noprotocol.com> | 2015-05-05 19:16:59 +0200 |
---|---|---|
committer | Anne Jan Brouwer <annejan@noprotocol.com> | 2015-05-05 19:16:59 +0200 |
commit | c411e38f87fe272145a519e19b91bdb781341b64 (patch) | |
tree | 1562e4c195eda14027bec53b99f68abb83a13be4 | |
parent | 976216e292b4c2a98afd4651d079a3ae442aff10 (diff) | |
parent | 44bf53833b4e128110ea0d42385dd0fa5da9bc55 (diff) |
Merge branch 'master' into develop
-rw-r--r-- | README.md | 10 |
1 files changed, 6 insertions, 4 deletions
@@ -1,14 +1,14 @@ QtPass ====== -QtPass is a gui for [pass](http://www.passwordstore.org/) +QtPass is a GUI for [pass](http://www.passwordstore.org/) Features -------- * Using pass or git and gpg2 directly * Configurable shoulder surfing protection options * Cross platform: Linux, BSD, OS X and Windows -* Per-folder user selection for multi recepient encrypton +* Per-folder user selection for multi recipient encryption While QtPass will work with Qt4, currently multi-line editing is restricted to Qt5 only. @@ -16,6 +16,7 @@ Security considerations ----------------------- Using this program will not magically keep your passwords secure against compromised computers even if you use it in combination with a smartcard. + It does protect future and changed passwords though against anyone with access to your password store only but not your keys. Used with a smartcard it also protects against anyone just monitoring/copying @@ -25,6 +26,7 @@ Once you plug in your smartcard and enter your PIN (or due to CVE-2015-3298 even without your PIN) all your passwords available to the machine can be decrypted by it, if there is malicious software targeted specifically against it installed (or at least one that knows how to use a smartcard). + To get better protection out of use with a smartcard even against a targeted attack I can think of at least two options: * The smartcard must require explicit confirmation for each decryption operation. @@ -45,8 +47,8 @@ Planned features * Colour coding folders (possibly disabling folders you can't decrypt) * Optional table view of decrypted folder contents -Instalation ------------ +Installation +------------ On most systems all you need is: `qmake && make && make install` |