Aaaand also learning Ruby with the fantastic series of books Head First (I learned C#, I think, in 2008)
Was a nice Tuesday, he
Aaaand also learning Ruby with the fantastic series of books Head First (I learned C#, I think, in 2008)
Was a nice Tuesday, he
A simple vaultless password manager in Go
From the README:
> gokey is a password manager, which does not require a password vault. Instead of storing your passwords in a vault it derives your password on the fly from your master password and supplied realm string (for example, resource URL). This way you do not have to manage, backup or sync your password vault (or trust its management to a third party) as your passwords are available immediately anywhere.
A simple vaultless password manager in Go
From the README:
> gokey is a password manager, which does not require a password vault. Instead of storing your passwords in a vault it derives your password on the fly from your master password and supplied realm string (for example, resource URL). This way you do not have to manage, backup or sync your password vault (or trust its management to a third party) as your passwords are available immediately anywhere.
The login form is only used to generate a token and to store the data locally, absolutely no information is sent outside of the app.
I mainly built it for myself and does not depend on any external library except for the UI management, there's an option to store data using a technique taken from here.
It also feature things like generating throwaway email accounts, PIN and can generate an TOTP code from the key of the service.
Everything can be exported and imported via JSON or arbitrary URL.
Right now it's not welcoming for new users but I'm working on it, I'll make the source public once I get some things right and polish it a bit.
I'm also planning to have a compatible CLI version but right now I'm focusing on the PWA.
I've been playing with https://spectre.app although I think having to remember a Master Password + your accounts makes it difficult to use for the average user. You have to remember how exactly the username is stored, or... Having a vault again.
I'm thinking more of getting a Dynamic password, like a 9 digits OTP or similar, with seeds/keys stored in some device, like we actually do for 2FA/TOTP. I'll be not a 2 factor authentication, so I'm going around in circles.
Also, I've heard of OPAQUE as a way to avoid transmitting passwords, but that's another topic https://ctrlc.hu/opaque/
And lastly (for my 280+ characters twt), I like WebAuth with multiple implementations. Perhaps with the support of OS designers, it would be easier for users https://www.wired.com/story/apple-passkeys-password-ios16-ventura/ https://docs.microsoft.com/en-us/windows/security/id
If I can suggest something, I started changing my passwords to Passphrases, since these are easier to type in some situations when I can't copy-paste them, and due to the length/entropy should be more secure
from
SHCFELe-WpSjR*Zv9VCaFqc2t%Wq7HAvjrG?Ug6mBto
Empathy-Move-Busybody-Tamper9-Curdle-Kilowatt-Vest-UnsavedI've seen BIP39 from the cryptocurrency world for deterministic creation of the phrase, but perhaps there is some open alternative for it https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki
I've been playing with https://spectre.app although I think having to remember a Master Password + your accounts make it difficult to use for the average user. Furthermore you have to store
I'm thinking more of getting a Dynamic password, like a 9 digits OTP or similar, with seeds/keys stored in some device, like we actually do for 2FA/TOTP.
Also, I've heard of OPAQUE as a way to avoid transmitting passwords, but that's another topic https://ctrlc.hu/opaque/
I'm not sure I would try implementing it too soon but it might be some i can try to play with when everything is a bit more polished.
The main inspiration was from https://spectre.app/, https://www.lesspass.com/, https://aprico.org/ and https://altopass.io/.
Also, implementing features is pretty easy with my structure, once it's completed and public feel free to play with it!
I didn't know about v3 addresses, so I don't know the details rather than
The address is "the first 80 bits of the SHA-1 of the 1024-bit RSA key"So, did the keyphrase work for the conversion? Perhaps you could use the BIP39 word list (with 2,048 instead of 65,536 from keyphrase)
I didn't know about v3 addresses, so I don't know the details rather than
"
So, did the keyphrase work for the conversion? Perhaps you could use the BIP39 word list (with 2,048 instead of 65,536 from keyphrase)