armstrys's avatar
armstrys armstrys@nostr.directory 2 years ago
I love the idea and will probably test it for some small stuff. The only feedback I might give is that one potential downside is the the encrypted data is publicly available, which isn’t true for a normal password manager. Of course the data is still encrypted, but there are some concerns. Leaked keys and passwords carry much higher risk since it’s guaranteed that the hacker already has access to the encrypted content. Phishing attacks may be extremely prevalent and people need to be extremely careful of the client implementations. Again, I love seeing new implementations on Nostr and have always thought a password manager would be interesting, but want to make sure we are talking about all the potential risks! Would be curious to hear your thoughts on these issues and how they could be mitigated
↑ Parent

Replies (2)

Default avatar
npub1alph...6dsn 2 years ago
Hey. In my next version which is currently being review. It has a bit more explanations in the FAQ section. I’m short, it’s pretty save in my opinion. Because it’s is encrypted twice with 2 different things. You need to lose your secret key, and also the password. In order to lose your data. Also, if the community and user base likes it, I have plan to include one time password, so you can encrypt and decrypt with google Authenticator (or equivalent).
2 replies ↓
wispy🧉⚡⭐'s avatar
wispy🧉⚡⭐ wispy@wispydisk436.github.io/nip 2 years ago
Isn't that always the case? I mean, it's true that putting databases on relays instantly makes them public, but believing that in other implementations they are private is another security issue imo. Maybe I'm missing something, but everything on the internet should be treated as if it were public, don't be fooled into thinking that your passwords are private in the hands of a company. Even using solutions like keypass there are no guarantees, data can be intercepted at any time if shared between devices, strong encryption is the best solution we have.At least this is what I understand about online security, please correct me if I'm wrong