Hi Kuba, Are you the owner of the company? github suggests it.
There has been a topic about TW5 as a password store. My opinion [1] about an html app as a password store has not changed very much. I definitely think, that a single purpose app is less vulnerable, if always loaded from https, than a "framework" like TW5, which is designed to include all sorts of 3rd party plugins. ... I think it is a good move, that you inform your users at the "Security" section of your page [2], about the pro and cons. I want to point out 2 sentences, that make me think: "Once you start using EveryPass, the original signatures will no longer > match since you add your data to the mix, you can however use our Validator > service to check files you are unsure about. " > You provide 2 checksums on your page, that should make users feel save but in the text you write, that these 2 values are broken in the second I use the program. - So what's the value of those checksums? - How can I use the app offline, if I need an online validator to check its integrity? - If I download an empty version, how can I locally check the integrity (How can I calculate the checksum of a file?) "Alternatively, you could download a new copy and import the data from the > copy that you no longer trust." > IMO it doesn't make sense to move possibly compromised data to a new app. The data may be compromised, you can't trust it anymore, so you need to change all your passwords ... immediately. ------------ I did play a little bit with the browser dev console. I think plain text passwords should _not_ be stored in the DOM, longer as necessary (<10 seconds). It's too easy to read them, with a one liner and a little bit of "getElementsByTagName" There is no count down, that "re-encrypts" the stuff. ... So if I change the browser tab and leave the pc, everything is there to be used. ... IMO you should think about the delete button dialog again! I think: "havefun" as a pw is not OK and "havefunmario" is not a strong password, even if the app thinks so. have fun! mario [1] https://groups.google.com/d/msg/tiddlywiki/zsUIynWxmww/qO6W-d0YCrwJ [2] https://www.consunet.com.au/products/everypass/ -- You received this message because you are subscribed to the Google Groups "TiddlyWikiDev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/tiddlywikidev. For more options, visit https://groups.google.com/d/optout.
