Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    Carl Dong
    @dongcarl
    @mssun also, I'm curious, do ssh keys with no passwords work?
    Mingshen Sun
    @mssun
    No special config. That's wired.
    Carl Dong
    @dongcarl
    I know the distinction, I'm just asking about this specific case
    yeah it really is
    Mingshen Sun
    @mssun
    Yes, should work. I have tested.
    Carl Dong
    @dongcarl
    @mssun okay let me try the key I usually use to ssh in then, sorry I keep a lot of different keys haha
    @mssun do you support OpenSSH format keys? Or only PEM format?
    Mingshen Sun
    @mssun
    I guess (but not sure) both are supported.
    [preauth] error is about authentication: https://unix.stackexchange.com/questions/102502/meaning-of-connection-closed-by-xxx-preauth-in-sshd-logs. Seems that passforios didn't initiate authentication.
    Carl Dong
    @dongcarl
    hmmmm, I'll look into it
    Raffaele Rossi
    @raffopazzo
    Hi There
    I might be a bit think but I can't find how to git pull/push with this app
    any help?
    ok found...I only needed need to scroll up....please add that to your wiki
    Mingshen Sun
    @mssun
    @raffopazzo OK, good suggestion. Thank you.
    Oh, it's in the wiki already (section: Synchronizing your password store).
    Raffaele Rossi
    @raffopazzo
    @mssun oops, I didn't see that. My bad, sorry :)
    Jaime Gómez Obregón
    @JaimeObregon
    Hello and, first and foremost: thank you very much for this project, @mssun!
    That said, I'd like to gather some feedback on privacy and security. I know the app is open source, but... is there any guarantee that this app won't steal my passwords or keys and stealthyly store or leak them over the internet? I mean: a guarantee by design.
    I know the app is open source and that I can read the code myself, but that doesn't necessarily mean the app downloadable from the app store is the same as the app hosted here at Github, isn't it? I am not familiar with mobile app development and thus my ignorance and suspiciousness :-)
    What I want ultimately to know is: is all a matter of trust and faith that my very private passwords won't be leaked, or am I missing some considerations which make this app "secure by design"?
    I am aware that this same questions apply to pass the Bash script itself, git, gpg and the rest of the stack, but in that case they are broadly trusted and well known tools, which run in an open environment (my Linux box), which I am able to audit. An iOS app, however, is a dark box to me, and I am not absolutely sure what is it exactly running inside, plus it is not so massively trusted and adopted.
    Thank you!
    Rodrigo Orem
    @rodorgas
    I don’t know a way to prove that the App Store version is the same of the GitHub version. But if you have access to a Mac, you can compile it on Xcode from source and install on your iPhone.
    Mingshen Sun
    @mssun
    @JaimeObregon Thanks, Jaime. I understand your concern. For your question on "secure by design", I cannot guarantee it right now.
    But I'm working on this. For example, using Apple's security framework to protect the private key.
    Indeed, as @rodorgas said. I cannot prove that the App Store version is the same of the GitHub version. You can compile the app by yourself from the source code and install it.
    For the current state, all credentials (password, passphrase, and others) are protected by the iOS sandbox. We should trust the OS.
    Raffaele Rossi
    @raffopazzo
    @mssun Perhaps you could hash the entire content of the repo when you tag and in the about info show the SHA256. You could the describe in the README how to run the same process
    e.g. $ find src/ -type f | xargs cat | shasum | tee signature
    311f5f7bf8d8a8ce8a56e326a4e62898e93f05c2
    Raffaele Rossi
    @raffopazzo
    then you put this hash in the about info for version x.y.z and I can just git checkout x.y.z and cat signature
    Raffaele Rossi
    @raffopazzo
    if you have too many files find src -type f | xargs cat might end up being too long and cause errors, you might work around with find src/ -type f | while read f; do cat $f; done | shasum | tee signature
    or maybe there are already tools that compute the sha of an entire folder...
    Johann Wagner
    @johannwagner
    Hey, maybe I use it wrong, but I want to clone a repo as my password store with git. git@bitbucket.org is the base url, but passforios does not allow that, because git does not match my normal username.. Is there a reason for this check ?
    Raffaele Rossi
    @raffopazzo
    I use bitbucket too and it works
    with ssh the username has to be git
    and you're supposed to put your username in the URL itself, I think it's documented on the wiki
    @johannwagner
    so in my case I configured ssh://git@bitbucket.org/username/reponame.git
    Jaime Gómez Obregón
    @JaimeObregon
    Undestood, @mssun; thank you! cc @rodorgas, @raffopazzo.
    Johann Wagner
    @johannwagner
    @raffopazzo Does not work for me.. I get an error regarding to url format..
    But it is correct...
    Carl Dong
    @dongcarl
    Is it possible to specify a custom port on passforios?
    Raffaele Rossi
    @raffopazzo
    @johannwagner don't know, this stuff is pretty common should just work if configured correctly. Maybe an example of you URL can help, even obfuscated
    Laurence Hubbard
    @laurence-hubbard
    Any chance there could be a single touch copy? Seems to me that the split option to Copy/Reveal is duplicating the functionality of the eyeball icon.
    Yishi Lin
    @yishilin14
    @laurence-hubbard You can long press the password entry to copy your password (yes, without even open the entry). This is not documented, personally I don't know where to put these guides.
    "Seems to me that the split option to Copy/Reveal is duplicating the functionality of the eyeball icon." Maybe there should be one more "copy" icon.
    Laurence Hubbard
    @laurence-hubbard
    @yishilin14 long press for me just brings up the Copy/Reveal option in a slightly different location and the password doesn’t go into the clipboard following this action.
    r.e. where to put guides - on the app Settings —> About —> Help leads to the GitHub wiki. Maybe adding a section or a page which is a user guide would work.
    Laurence Hubbard
    @laurence-hubbard
    Seems that submodules aren't supported for the password repo. I was thinking about attempting a contribution for this but can't find any suitable documentation for ObjectiveGit or the libgit2 api in this area. Would you have to recognise and loop through submodules and handle them as repos in their own right?