Replying to Avatar Jingles

Introducing...

Vault - NOSTR Password Manager

A free, open source, and decentralized password manager.

Download extension:

https://chrome.google.com/webstore/detail/vault-password-manager-on/namadahddjnkmjgdnncdlhioopmjiflm

Source code:

https://github.com/jinglescode/nostr-password-manager

-- == --

More info:

Vault utilizes zero-knowledge encryption to safeguard your data while storing it on NOSTR network for enhanced resilience.

Vault saves all your passwords and notes securely by encrypting your data twice; once with your secret key and once with your passcode.

Your data are not stored on any centralized server, but rather on a set of relay servers. This means that it is resilient to attacks and that you are the only one who can access your passwords.

Security experts recommend that you use a different, randomly generated password for every account that you create, and Vault makes this easy. Vault can generate passwords and store them for you, this means that you only need to remember one password, your passcode.

Looking to store and swiftly retrieve your data? Vaults facilitate searchable items, allowing you to effortlessly copy the desired information with a single click.

Vault is free, open source, and decentralized; and will always be.

-- == --

Status and questions:

- Version 1.0.0 approved on Chrome Web Store. Version 1.0.1 is the real version I wanna push to you guys, might have to wait for 24 hours for approval

- Enhanced Safe Browsing? - Apparently for new developers, it generally takes a few months to become trusted.

- Read history? - not really, just that need to read what page you are currently on and paste the URL when you add new items

-- == --

nostr:npub19mduaf5569jx9xz555jcx3v06mvktvtpu0zgk47n4lcpjsz43zzqhj6vzk

nostr:npub1xtscya34g58tk0z605fvr788k263gsu6cy9x0mhnm87echrgufzsevkk5s

nostr:npub1qny3tkh0acurzla8x3zy4nhrjz5zd8l9sy9jys09umwng00manysew95gx

nostr:npub1dergggklka99wwrs92yz8wdjs952h2ux2ha2ed598ngwu9w7a6fsh9xzpc

nostr:npub180cvv07tjdrrgpa0j7j7tmnyl2yr6yr7l8j4s3evf6u64th6gkwsyjh6w6

nostr:npub1sg6plzptd64u62a878hep2kev88swjh3tw00gjsfl8f237lmu63q0uf63m

nostr:npub18ams6ewn5aj2n3wt2qawzglx9mr4nzksxhvrdc4gzrecw7n5tvjqctp424

Avatar
armstrys 2y ago

I love the idea and will probably test it for some small stuff. The only feedback I might give is that one potential downside is the the encrypted data is publicly available, which isn’t true for a normal password manager.

Of course the data is still encrypted, but there are some concerns. Leaked keys and passwords carry much higher risk since it’s guaranteed that the hacker already has access to the encrypted content. Phishing attacks may be extremely prevalent and people need to be extremely careful of the client implementations.

Again, I love seeing new implementations on Nostr and have always thought a password manager would be interesting, but want to make sure we are talking about all the potential risks! Would be curious to hear your thoughts on these issues and how they could be mitigated

Reply to this note

Please Login to reply.

Discussion

Avatar
Jingles 2y ago

Hey. In my next version which is currently being review. It has a bit more explanations in the FAQ section.

I’m short, it’s pretty save in my opinion. Because it’s is encrypted twice with 2 different things.

You need to lose your secret key, and also the password. In order to lose your data.

Also, if the community and user base likes it, I have plan to include one time password, so you can encrypt and decrypt with google Authenticator (or equivalent).

Avatar
armstrys 2y ago

Authenticator would be a great addition IMO - especially if you can do physical security keys using U2F. Looking forward to the FAQ and congrats on the release!

Avatar
wispy🧉⚡⭐ 2y ago

Isn't that always the case? I mean, it's true that putting databases on relays instantly makes them public, but believing that in other implementations they are private is another security issue imo. Maybe I'm missing something, but everything on the internet should be treated as if it were public, don't be fooled into thinking that your passwords are private in the hands of a company. Even using solutions like keypass there are no guarantees, data can be intercepted at any time if shared between devices, strong encryption is the best solution we have.At least this is what I understand about online security, please correct me if I'm wrong