21
AlgoRythm
81d

Just submitted my first app to the Microsoft Store 🎉🎉

It's a simple offline password manager that also accepts other formats of data such as credit card and personal info.

Made it using WinUI 3. To prevent you from forgetting your master password, each "locker" accepts an unlimited number of passwords. If you forgot one, you can just use a different one. This is my idea to make offline password managers a little less of a hassle.

Can't wait for approval from the store!

Comments
  • 2
    Isn't there a lot of rules for storing credit card info?
  • 4
    @Demolishun probably not locally
  • 2
    @Demolishun I’m not storing anything!
  • 3
    @retoor > "probably not locally"

    PCI compliance only applies to businesses that follow the process.
  • 4
    @AlgoRythm > "I’m not storing anything!"

    So when the app closes/machine reboots, anything/everything is lost?
  • 2
    @PaperTrail The data gets stored only on the local machine in a locker file. I'm not storing anything, the user is.
  • 9
    I almost forgot that the Microsoft Store exists 😂
  • 1
    @Lensflare that is how I get bedrock. Little else though.
  • 2
    Microsoft actually has an approval process for items in that dumpster fire!?!?
  • 0
    @mrgadget yes it took just under a day
  • 2
    @AlgoRythm does it still include giving them your first born and talking trash about Apple?
  • 1
    @Demolishun no but they made me publish a privacy policy :(
  • 1
    Cool thing to add to a portfolio, that's for sure.
  • 0
    @AlgoRythm > " I'm not storing anything, the user is."

    I'm not familiar with that technology. Does it protect you in the case of a breach?

    ABC company uses your app to store customer user name/passwords, credit card info, etc, ABC is hacked and the press release is "It's not our fault, AlgoRythm didn't use the military grade encryption XYZ, blame him!!"
  • 0
    @PaperTrail i guess we’ll see
  • 0
    did you have problems or missed features in KeePass? because it seems to be exactly that
  • 1
    @vlord KeePass is fine. My program has a few more QoL features out of the box. My original motivation was to find solutions for if the user forgets their master password.
  • 0
    @AlgoRythm IDK KeePassXC has some pretty fresh features. OTP is one of those kinds of features that has been pretty killer for me.
  • 0
    how exactly are you achieving the "infinite master passwords" thing? every way i can think to do it either wastes a shitload of space or leads to trivial bypass of master passwords outright.
  • 1
    @Parzi no waste! A random key is generated and used to encrypt the whole locker. Then, the random key is encrypted using the password and the resulting cipher text is stored in the locker. So, given a valid password, you can decrypt the random key and unlock the locker
  • 1
    @AlgoRythm thats cool
  • 0
    @AlgoRythm if i have 20 passwords for the vault, do you store 20 copies of the master key encrypted under 20 different passwords? that was my meaning of incredibly wasteful, yes.
  • 3
    @Parzi you’re actually either trolling or just a goofy guy. Each hash/ cypher text pair is a total of about 550 bytes before compression. It would take an insanely unrealistic number of passwords to even reach a single uncompressed megabyte. Calling that wasteful, especially calling it “incredibly wasteful” is a complete joke.
  • 1
    @AlgoRythm a lot of hardware security devices are available with extra embedded storage, but a decent chunk only go up to around 32-64KB. 550 bytes is a lot at that scale, especially since this has to contain other encrypted passwords to be a password manager. also consider things like transmission times or larger-scale synchronization networks requiring multiple retransmits to catch every node up to the current data, and the fact that encrypted data doesn't usually compress well (the point is that it looks more like noise than the original data, and noise compresses like shit) and yes, 500 bytes per password can definitely start to stack up.

    if you're compressing before encryption, that might expose you to device usage time attacks like hertzbleed due to needing to decompress data after every decryption attempt.
  • 0
    @Parzi compression occurs after encryption, this program doesn’t run on embedded devices, and the idea is to have maybe 5 passwords. Which is optional. You need only a single password.
  • 1
    @AlgoRythm you're gonna get poor returns on the compression, it may be worth it to just skip it if you're not saving at least 20% just to help prevent power-based attacks.
Add Comment