Replying to Avatar joe

This seems like a really bad idea to me. What is the intended use case, to replace your password manager on your computer? How do we know this devs crypto implementation is done correct? The big question is how is this superior to using a years old, reviewed by many password manager in a dedicated vm with no internet?

nostr:nevent1qqszrp62p4wkylk5va63hu4lnez0ua2lpc9gkt0f4lxfffxmhlk0xvspz3mhxue69uhhyetvv9ujuerpd46hxtnfdupzpm7r06tl5nadv70yvjm6vxzqpxmucas94n4sch6kk3jd9wvx5c8sqvzqqqqqqych2lt3

Avatar
Jingles 2y ago

Dev crypto done correctly?: check source code. Used publicly used crypto packages too.

Centralised password manager servers vs “dedicated vm” I suppose you mean relay?: 2 layer of encryption, even if their entire VM is hacked, there’s no way to decrypt the data.

Replace you password manager?: it’s your choice, currently all if not all stored and controlled centrally, they can change policy, change billing, change anything they want. Here, it’s running on open protocol.

Reply to this note

Please Login to reply.

Discussion

Avatar
joe 2y ago

"Dev crypto done correctly?: check source code. Used publicly used crypto packages too."

Libbitcoin could have said the same thing. Anyone could have checked their source code, but now we have https://milksad.info.

"Centralised password manager servers vs “dedicated vm” I suppose you mean relay?: 2 layer of encryption, even if their entire VM is hacked, there’s no way to decrypt the data."

What are you smoking? I mean a dedicated vault virtual machine with no internet. Preferably on Qubes OS.

"Replace you password manager?: it’s your choice, currently all if not all stored and controlled centrally, they can change policy, change billing, change anything they want. Here, it’s running on open protocol."

WTF? My keepassx open source software cannot do any of that without me accepting by installing and running that version.