hngopher.com

       [HN Gopher] Show HN: SpicyPass - A free and open-source minimali...
       ___________________________________________________________________
        
       Show HN: SpicyPass - A free and open-source minimalist password
       manager
        
       Author : Jfreegman
       Score  : 22 points
       Date   : 2020-03-28 22:18 UTC (41 minutes ago)
        
 (HTM) web link (github.com)
 (TXT) w3m dump (github.com)
        
       | animalnewbie wrote:
       | Sometimes you don't want minimalist- you want to quickly find and
       | visualise things.
       | 
       | What I'd love is a Tui "curses" interface to keepassdb with quick
       | vim like navigation. GUI is both too heavy and not too keyboard
       | friendly.
       | 
       | In fact, unless there's a specific (and specified) reason, all
       | password managers should be based on the somewhat de facto
       | standard of keepassdb
        
       | p0llard wrote:
       | Why might I want to use this over something like pass
       | (https://www.passwordstore.org/)?
        
         | sdan wrote:
         | The benefit of Pass is it already has Chrome/Firefox plugins so
         | all you need to do is press a keyboard shortcut and it
         | automatically fills it in on the site.
         | 
         | Given SpicyPass doesn't have that, I think I'll still be with
         | Pass, because it's free and simply amazing.
        
       | rudolph9 wrote:
       | I've been looking for something like this for awhile but not
       | enough of a security expert to know if this is something I can
       | trust
        
         | bscphil wrote:
         | Not an expert, but I think I'm decently knowledgeable. The
         | design as outlined in the security section of the readme looks
         | just fine to me, assuming the key is securely derived from the
         | password. I would hope for more emphasis on the importance of
         | choosing a secure master password. Ideally you should be able
         | to treat its hash (which is prepended to the database) as
         | public knowledge, even if in practice you'll keep the database
         | as private as you can.
         | 
         | That said, barring an audit by a respectable security firm, I
         | think a lot of eyeballs on an open source project who can
         | confirm that the implementation is correct is the most
         | important thing. For that reason, I don't plan to switch away
         | from Keypass in the near future.
        
       ___________________________________________________________________
       (page generated 2020-03-28 23:00 UTC)