On Thursday, September 17, 2015 at 10:12:52 AM UTC+2, Tobias Beer wrote: > > I was wondering if using a combination of encryption and maybe TiddlySpot > was safe enough for recreating something like keepass > <http://keepass.info/> or mitto <https://app.mitto.com> with TiddlyWiki > (minus any 1-click-login). > > Thoughts? >
The encryption may be safe enough, but the workflow isn't. eg: - keepass removes plain text passwords from the system memory after 10 seconds. - If you decrypt TW all the stuff is plain text in the browser. If you copy a password it will stay in memory. - switching the browser window into the background, will not activate the encryption agina ... eg: - autofill passwords with keepass has a special mechanism to avoid "key locking" - if you copy / paste a PW with TW "key locking" will be trivial So in no way I personally would use TW as a cloud based password store. Not because of the javascript based encryption software but because of the unsafe workflow. just my thoughts mario -- You received this message because you are subscribed to the Google Groups "TiddlyWiki" group. To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywiki+unsubscr...@googlegroups.com. To post to this group, send email to tiddlywiki@googlegroups.com. Visit this group at http://groups.google.com/group/tiddlywiki. To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/3a9d8ba2-ab38-4798-9a12-9f567869509d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.