fsebugoutzone.org:9999

       Post ALp5WUCumWehlcAnDc by bogart@mastodon.madrid
 (DIR) More posts by bogart@mastodon.madrid
 (DIR) Post #ALmtqSPHb92gCynKlM by seb@ioc.exchange
       2022-07-23T15:48:40Z
       
       0 likes, 0 repeats
       
       An open source password manager with peer2peer client sync (instead of a central server) would be the most secure architecture that still allows for all the features we are used to now.I guess we need Bitwarden and Syncthing to have a baby..?Does this kind of software not exist because it is hard to make money from peer2peer software?#foss #passwords #infosec
       
 (DIR) Post #ALn0RN03GOAVsWyfoW by seb@ioc.exchange
       2022-07-23T17:02:36Z
       
       0 likes, 0 repeats
       
       @sheogorath Central servers need to offer network protocols/services to the public Internet to allow syncing, which is software that will have vulnerabilities. Peer2peer sync can happen on the local network only and doesn’t need to be exposed to the public Internet.Also, central password manager services house the passwords of many users, which makes them higher value targets.
       
 (DIR) Post #ALonIzsORSpOl1zauO by nitros@ioc.exchange
       2022-07-24T13:44:49Z
       
       0 likes, 0 repeats
       
       @seb couldn&#39;t you self host a Bitwarden instance and just not give it a route out to the internet and get the same thing? I have not looked into the requirements for self hosting but I assume it&#39;s doable.
       
 (DIR) Post #ALoqdqLBOFeZ7w5fCS by seb@ioc.exchange
       2022-07-24T14:22:15Z
       
       0 likes, 0 repeats
       
       @nitros I assume you can, if you have some sysadmin skills.
       
 (DIR) Post #ALp5WUCumWehlcAnDc by bogart@mastodon.madrid
       2022-07-24T17:08:59Z
       
       0 likes, 0 repeats
       
       @seb What about local password manager + syncthing sharing the same DB locally?
       
 (DIR) Post #ALplL1NN6fAG7haI4G by seb@ioc.exchange
       2022-07-25T00:57:32Z
       
       0 likes, 0 repeats
       
       @bogart It just needs to be made easier for normal people. I don’t think normal people can handle syncthing in its current state.
       
 (DIR) Post #ALqFoxkw7vwWCzneu8 by chfkch@ruhr.social
       2022-07-25T06:39:05Z
       
       0 likes, 0 repeats
       
       @sebyou can still host vaultwarden and dont expose it to the outside@sheogorath
       
 (DIR) Post #ALrveTtgg2cxwLXO7c by seb@ioc.exchange
       2022-07-26T02:02:30Z
       
       0 likes, 0 repeats
       
       @sheogorath I think that a compromised web interface or a bug in authentication creates different levels of risk for a central web-based vault with many users vs a p2p application that only houses the secrets of a single user.You are right that the high number of users creates the target value. However, the architecture does drive the number of users - If everyone can have their own vault without additional work, the users will likely choose that option - Don’t you think?
       
 (DIR) Post #ALsyTi5U4VabmlZS1w by seb@ioc.exchange
       2022-07-26T14:08:53Z
       
       0 likes, 0 repeats
       
       @sheogorath Good conversation! What is that persistence benefit with client-server?
       
 (DIR) Post #ALsztTvjQlKVMQrVMu by seb@ioc.exchange
       2022-07-26T14:24:45Z
       
       0 likes, 0 repeats
       
       @sheogorath I see. That makes sense.