So, I made a simple and more secure password manager.
I find that claim highly unlikely. Those companies have hundreds of employees, with a good portion of them only being responsible for the cryptography part. They had multiplesecurity audits by independent companies done to their product. And a lot of them already had multiplesecurity vulnerabilities uncovered and fixed.
By any means, creating a password manager is probably a good exercise. But it shouldn't be considered save to use unless it got properly reviewed.
On that note, AFAIK, 3DES has been deprecated by the NIST in favor of AES due to it being vulnerable to block hash collisions. This only applies if it is used to encrypt large amounts of data. And that should apply to your use-case, since you use it for files.
I don't mean to talk smack to you. It's hard to write secure software. But you probably shouldn't use it for your passwords but treat it more like a pet project. There are a lot of free, open source, battle-tested password managers. Keypass(X), pass, bitwarden (self-hosted via Vaultwarden for example), gnome-keyring/seahorse that do not sync your database to the internet. But it's always a trade-off between convenience and trust. Do you trust the service provider to securely store your files? If not, you need to invest time to properly set it up yourself: Regular, automated, encrypted backups of your database (file), self-hosting on your local network.
I find that claim highly unlikely. Those companies have hundreds of employees, with a good portion of them only being responsible for the cryptography part. They had multiple security audits by independent companies done to their product. And a lot of them already had multiple security vulnerabilities uncovered and fixed.
By any means, creating a password manager is probably a good exercise. But it shouldn't be considered save to use unless it got properly reviewed.
On that note, AFAIK, 3DES has been deprecated by the NIST in favor of
AESdue to it being vulnerable to block hash collisions. This only applies if it is used to encrypt large amounts of data. And that should apply to your use-case, since you use it for files.I don't mean to talk smack to you. It's hard to write secure software. But you probably shouldn't use it for your passwords but treat it more like a pet project. There are a lot of free, open source, battle-tested password managers. Keypass(X), pass, bitwarden (self-hosted via Vaultwarden for example), gnome-keyring/seahorse that do not sync your database to the internet. But it's always a trade-off between convenience and trust. Do you trust the service provider to securely store your files? If not, you need to invest time to properly set it up yourself: Regular, automated, encrypted backups of your database (file), self-hosting on your local network.
I have taken a note on 3DES. Thank you for your review.