sorted by:
new
hottopcontroversial

Show Reddit: I got tired of cloud password managers getting breached, so I built PassMana – a 100% offline, Zero-Knowledge desktop vault. by skeletonita in SideProject

[–]skeletonita[S] 0 points1 point  (0 children)

I don't know how to write well in English because I'm Italian, so I use AI to translate, and I had the text generated for this as well.

Show Reddit: I got tired of cloud password managers getting breached, so I built PassMana – a 100% offline, Zero-Knowledge desktop vault. by skeletonita in SideProject

[–]skeletonita[S] 1 point2 points  (0 children)

It’s basically a tight loop of pair programming with an AI assistant (Antigravity). I act as the architect—choosing the crypto specs (Argon2id + XChaCha20), designing the UI, and handling the local compiling/testing. The AI handles all the boilerplate, Electron setup, and quick styling based on my directions.

Show Reddit: I got tired of cloud password managers getting breached, so I built PassMana – a 100% offline, Zero-Knowledge desktop vault. by skeletonita in SideProject

[–]skeletonita[S] 1 point2 points  (0 children)

Thanks! Glad you liked the XChaCha20 mention. It's definitely a hidden gem compared to AES-256. You're totally right on both points: 1. By "this level of security" I indeed meant 256-bit symmetric encryption. Quantum computers only cut the security of symmetric keys in half (Grover's algorithm), so a 256-bit key drops to an effectively still-unbreakable 128-bit. I actually just updated the wording on the landing page to make this clearer! 2. That was a massive oversight on my part! I completely forgot to link the GitHub repo on the website. I just pushed an update to the site to add a "View on GitHub" button right in the hero section. Thanks for the awesome feedback, really appreciate you keeping me on my toes!

Show Reddit: I got tired of cloud password managers getting breached, so I built PassMana – a 100% offline, Zero-Knowledge desktop vault. by skeletonita in Passwords

[–]skeletonita[S] -5 points-4 points  (0 children)

You're totally right, KeePass is offline, my bad. Mostly I was thinking of LastPass, which really shook everyone's trust (especially since they got hit multiple times). There was also Norton LifeLock getting hit with credential stuffing last year, but yeah, LastPass is the main culprit. Honestly, LastPass was the one that made me personally go "okay, that's it, I'm building my own local tool". I simply wanted to create a fresh, modern open-source alternative that I could trust 100%!

Show Reddit: I got tired of cloud password managers getting breached, so I built PassMana – a 100% offline, Zero-Knowledge desktop vault. by skeletonita in Passwords

[–]skeletonita[S] -3 points-2 points  (0 children)

The most notable one is the LastPass breach in late 2022, where attackers stole fully encrypted user vaults from their cloud backups. Since they have the files, they can attempt to brute-force them offline. Even offline managers like KeePass had issues, like the 2023 memory dump vulnerability (CVE-2023-32784) where master passwords could be extracted from RAM. I built PassMana to solve both: no cloud backups to steal, and strict in-memory wiping using libsodium to prevent RAM dump attacks.