Hi Guys,
I have made a Password Manager
which is written on dotnet and runs wtih local db. So, No Need of Internet!. Tired of remembering passwords, try this out. The name is,
I have gone through all password managers most of them are more complex in UI and needs more time to understand but also requires money after certain time of usage, some are limited to storage and some are only online password managers. So, I made a simple and more secure password manager. The same operations that all other password managers do, but in offline.
Operations are on Initial Phase, But it functions well, Some of them are given below:
- SignUp
- SignIn
- Create, Read, Update, Delete Passwords
- Copy Decrypted Passwords For Instant Use
- File Encryption and Decryption
- Update Master Password
- Export User Stored Passwords
- View Decrypted Version of Browser Passwords
- Export Browser Passwords
- Remember User Credentials
- SignOut
It's free and open source so, if you want to modify the code, feel free to do!.
Here's the Link to Github Page - Mona - Password Manager
Top comments (2)
I find that claim highly unlikely. Those companies have hundreds of employees, with a good portion of them only being responsible for the cryptography part. They had multiple security audits by independent companies done to their product. And a lot of them already had multiple security vulnerabilities uncovered and fixed.
By any means, creating a password manager is probably a good exercise. But it shouldn't be considered save to use unless it got properly reviewed.
On that note, AFAIK, 3DES has been deprecated by the NIST in favor of
AESdue to it being vulnerable to block hash collisions. This only applies if it is used to encrypt large amounts of data. And that should apply to your use-case, since you use it for files.I don't mean to talk smack to you. It's hard to write secure software. But you probably shouldn't use it for your passwords but treat it more like a pet project. There are a lot of free, open source, battle-tested password managers. Keypass(X), pass, bitwarden (self-hosted via Vaultwarden for example), gnome-keyring/seahorse that do not sync your database to the internet. But it's always a trade-off between convenience and trust. Do you trust the service provider to securely store your files? If not, you need to invest time to properly set it up yourself: Regular, automated, encrypted backups of your database (file), self-hosting on your local network.
I have taken a note on 3DES. Thank you for your review.