I love the idea and will probably test it for some small stuff. The only feedback I might give is that one potential downside is the the encrypted data is publicly available, which isn’t true for a normal password manager.
Of course the data is still encrypted, but there are some concerns. Leaked keys and passwords carry much higher risk since it’s guaranteed that the hacker already has access to the encrypted content. Phishing attacks may be extremely prevalent and people need to be extremely careful of the client implementations.
Again, I love seeing new implementations on Nostr and have always thought a password manager would be interesting, but want to make sure we are talking about all the potential risks! Would be curious to hear your thoughts on these issues and how they could be mitigated
armstrys / Ryan
npub1eq…4er58
2023-08-10 15:32:06
in reply to nevent1q…rqze
Author Public Key
npub1eq94yj8maree90pm53gfr76wdc44su3cwcqmly848xfrv6es6usqg4er58Published at
2023-08-10 15:32:06Event JSON
{
"id": "6ca9b8ddf0965308d035a41be6fd4c8979cc0b324ad5f6b9d1d58d402e701b31",
"pubkey": "c80b5248fbe8f392bc3ba45091fb4e6e2b5872387601bf90f53992366b30d720",
"created_at": 1691674326,
"kind": 1,
"tags": [
[
"e",
"21874a0d5d627ed467751bf2bf9e44fe755f0e0a8b2de9afcc94a4dbbfecf332"
],
[
"p",
"2edbcea694d164629854a52583458fd6d965b161e3c48b57d3aff01940558884"
],
[
"p",
"32e1827635450ebb3c5a7d12c1f8e7b2b514439ac10a67eef3d9fd9c5c68e245"
],
[
"p",
"04c915daefee38317fa734444acee390a8269fe5810b2241e5e6dd343dfbecc9"
],
[
"p",
"6e468422dfb74a5738702a8823b9b28168abab8655faacb6853cd0ee15deee93"
],
[
"p",
"3bf0c63fcb93463407af97a5e5ee64fa883d107ef9e558472c4eb9aaaefa459d"
],
[
"p",
"82341f882b6eabcd2ba7f1ef90aad961cf074af15b9ef44a09f9d2a8fbfbe6a2"
],
[
"p",
"3f770d65d3a764a9c5cb503ae123e62ec7598ad035d836e2a810f3877a745b24"
],
[
"p",
"efc37e97fa4fad679e464b7a6184009b7cc7605aceb0c5f56b464d2b986a60f0"
]
],
"content": "I love the idea and will probably test it for some small stuff. The only feedback I might give is that one potential downside is the the encrypted data is publicly available, which isn’t true for a normal password manager. \n\nOf course the data is still encrypted, but there are some concerns. Leaked keys and passwords carry much higher risk since it’s guaranteed that the hacker already has access to the encrypted content. Phishing attacks may be extremely prevalent and people need to be extremely careful of the client implementations. \n\nAgain, I love seeing new implementations on Nostr and have always thought a password manager would be interesting, but want to make sure we are talking about all the potential risks! Would be curious to hear your thoughts on these issues and how they could be mitigated",
"sig": "839fb2e48269efafe676a8150789ae5f6cf91ae3b779d430fa9190911735acbf3e18a56091e833577c9a21c033b52ba646bf3be244346bd5d172ebc222402b9f"
}