This seems like a really bad idea to me. What is the intended use case, to replace your password manager on your computer? How do we know this devs crypto implementation is done correct? The big question is how is this superior to using a years old, reviewed by many password manager in a dedicated vm with no internet?
Introducing...
Vault - NOSTR Password Manager
A free, open source, and decentralized password manager.
Download extension:
https://chrome.google.com/webstore/detail/vault-password-manager-on/namadahddjnkmjgdnncdlhioopmjiflm
Source code:
https://github.com/jinglescode/nostr-password-manager
-- == --
More info:
Vault utilizes zero-knowledge encryption to safeguard your data while storing it on NOSTR network for enhanced resilience.
Vault saves all your passwords and notes securely by encrypting your data twice; once with your secret key and once with your passcode.
Your data are not stored on any centralized server, but rather on a set of relay servers. This means that it is resilient to attacks and that you are the only one who can access your passwords.
Security experts recommend that you use a different, randomly generated password for every account that you create, and Vault makes this easy. Vault can generate passwords and store them for you, this means that you only need to remember one password, your passcode.
Looking to store and swiftly retrieve your data? Vaults facilitate searchable items, allowing you to effortlessly copy the desired information with a single click.
Vault is free, open source, and decentralized; and will always be.
-- == --
Status and questions:
- Version 1.0.0 approved on Chrome Web Store. Version 1.0.1 is the real version I wanna push to you guys, might have to wait for 24 hours for approval
- Enhanced Safe Browsing? - Apparently for new developers, it generally takes a few months to become trusted.
- Read history? - not really, just that need to read what page you are currently on and paste the URL when you add new items
-- == --
nostr:npub19mduaf5569jx9xz555jcx3v06mvktvtpu0zgk47n4lcpjsz43zzqhj6vzk
nostr:npub1xtscya34g58tk0z605fvr788k263gsu6cy9x0mhnm87echrgufzsevkk5s
nostr:npub1qny3tkh0acurzla8x3zy4nhrjz5zd8l9sy9jys09umwng00manysew95gx
nostr:npub1dergggklka99wwrs92yz8wdjs952h2ux2ha2ed598ngwu9w7a6fsh9xzpc
nostr:npub180cvv07tjdrrgpa0j7j7tmnyl2yr6yr7l8j4s3evf6u64th6gkwsyjh6w6
nostr:npub1sg6plzptd64u62a878hep2kev88swjh3tw00gjsfl8f237lmu63q0uf63m
nostr:npub18ams6ewn5aj2n3wt2qawzglx9mr4nzksxhvrdc4gzrecw7n5tvjqctp424
Discussion
If your answer in convenience then you can gfy.
Dev crypto done correctly?: check source code. Used publicly used crypto packages too.
Centralised password manager servers vs “dedicated vm” I suppose you mean relay?: 2 layer of encryption, even if their entire VM is hacked, there’s no way to decrypt the data.
Replace you password manager?: it’s your choice, currently all if not all stored and controlled centrally, they can change policy, change billing, change anything they want. Here, it’s running on open protocol.
"Dev crypto done correctly?: check source code. Used publicly used crypto packages too."
Libbitcoin could have said the same thing. Anyone could have checked their source code, but now we have https://milksad.info.
"Centralised password manager servers vs “dedicated vm” I suppose you mean relay?: 2 layer of encryption, even if their entire VM is hacked, there’s no way to decrypt the data."
What are you smoking? I mean a dedicated vault virtual machine with no internet. Preferably on Qubes OS.
"Replace you password manager?: it’s your choice, currently all if not all stored and controlled centrally, they can change policy, change billing, change anything they want. Here, it’s running on open protocol."
WTF? My keepassx open source software cannot do any of that without me accepting by installing and running that version.