#[0] if you're ever bored and desperately need another micro app fix, how about a password manager?
I have an open bounty of 2.1 mil for it.
Discussion
Oh, that’s a really cool idea actually!
do you have it on nostrbounties.com? wanna check out the spec
Wow, can’t believe I didn’t put 1 and 1 together till now, but password manager is such a good use case for nostr and such an absolute shit show right now with the walled gardens of 1pass, last pass, iCloud, etc
Yeah.
Remember 12 words and get access to your passwords from anywhere, kinda cool.
it’s an amazing idea; I love it.
I have my passwords scattered around a bunch of silos, I have to remember each time where each different password is. Portability is non existent.
I freaking love this idea.
Not so obvious to me
Why is it such a good idea?
Can’t we use our wallet keys to replace passwords entirely?
I don't use browser extensions, and nostrbounties relies on that unfortunately.
I put the PR to bounstr, but it didn't yet get deployed to the website.
https://github.com/coinkite/bountsr.org.pub/blob/main/2023-04-07-password-manager
I have a PR pending for nos2x to implement NIP-46, which will allow you to do this https://www.youtube.com/shorts/gfItS5Qe6tI on any site that uses NIP-07 extensions.
I also have a daemon you can run on your node, where you already might keep LN keys, to do the signing for you; so you keep your nsec in a single place where you already have keys and sign everything from there.
I’ll dockerize this and publish it on Umbrel as well to make this easier to deploy.
Spec wise, I'm thinking either NIP4 for each password, or maybe a NIP51 encrypted list of all passwords.
It would be best for the client to be cross platform, desktop, android, ios. No need for app stores, sideloading is good enough (at least for Android, dunno / don't care about ios myself)
Maybe the NIP4 encryption should be ontop of a password encryption, kinda like a 2fa, the client remembers the private key, but always requires the password to fully decrypt. But maybe a 13th word passphrase works better.
Yeah, agreed about the importance of having another secret on top of the nsec to prevent unauthorized clients from decrypting these.
#[4] in 5 days
A fun way to pay out the bounty would be to put the 2.1 mil sats onchain in a new wallet, put it into the password manager, announce that this encrypted event is holding keys with sats, and if it's not cracked within a week/month, the bounty gets paid.
