On Thursday, September 17, 2015 at 10:12:52 AM UTC+2, Tobias Beer wrote:
>
> I was wondering if using a combination of encryption and maybe TiddlySpot
> was safe enough for recreating something like keepass
> <http://keepass.info/> or mitto <https://app.mitto.com> with TiddlyWiki
> (minus any 1-click-login).
>
> Thoughts?
>
The encryption may be safe enough, but the workflow isn't.
eg:
- keepass removes plain text passwords from the system memory after 10
seconds.
- If you decrypt TW all the stuff is plain text in the browser. If you
copy a password it will stay in memory.
- switching the browser window into the background, will not activate
the encryption agina ...
eg:
- autofill passwords with keepass has a special mechanism to avoid "key
locking"
- if you copy / paste a PW with TW "key locking" will be trivial
So in no way I personally would use TW as a cloud based password store. Not
because of the javascript based encryption software but because of the
unsafe workflow.
just my thoughts
mario
--
You received this message because you are subscribed to the Google Groups
"TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to tiddlywiki+unsubscr...@googlegroups.com.
To post to this group, send email to tiddlywiki@googlegroups.com.
Visit this group at http://groups.google.com/group/tiddlywiki.
To view this discussion on the web visit
https://groups.google.com/d/msgid/tiddlywiki/3a9d8ba2-ab38-4798-9a12-9f567869509d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
