15 lines
763 B
Markdown
15 lines
763 B
Markdown
|
# Threat model/Warnings {#threat-model-warnings}
|
||
|
|
||
|
This project has not been audited by a security professional.
|
||
|
|
||
|
People unfamiliar with `age` might be surprised that secrets are not
|
||
|
authenticated. This means that every attacker that has write access to
|
||
|
the secret files can modify secrets because public keys are exposed.
|
||
|
This seems like not a problem on the first glance because changing the
|
||
|
configuration itself could expose secrets easily. However, reviewing
|
||
|
configuration changes is easier than reviewing random secrets (for
|
||
|
example, 4096-bit rsa keys). This would be solved by having a message
|
||
|
authentication code (MAC) like other implementations like GPG or
|
||
|
[sops](https://github.com/Mic92/sops-nix) have, however this was left
|
||
|
out for simplicity in `age`.
|