Decentralized password manager

Hello !
I will post my idea with a new thread so that we can discuss better.
I have an idea that I already talked about in the Telegram group.

It would be a decentralized password manager, just as Bitwarden but with no central server. Each user would be able to store his passwords on the blockchain, encrypted with their private address using a secured algorithm (don’t know which one).

Koinos would enable it with free transactions so that you can store a new password for free (or modify it)

Share with me your idea about this potentiel Dapp.

I am a bitwarden user but I have no idea how it works. Not knowing how it works is a lot like what Luke said in the recent AMA about an application being “socially reviewed”. Many people use it, but that must mean its safe right?

WRONG!

The only way to know its safe is to verify the code itself. I have no idea if anyone has done this for bitwarden, but with the way smart contracts work on blockchains, id imagine that there would be a service that verifies security of a smart contract.

I like the idea, but its also scary that passwords are so easily accessible on a blockchain. How strong would encryption be for something like this?

On bitwarden, you save the login user and password together. Maybe its two different things on a blockchain that gets tornadoed?

From Luke

2 thoughts:

  1. If you have secret data, probably best to store it off chain. Encryption isn’t quantum resistant, so the data could be hacked on a public blockchain in time. This matters more for things like protected health information. Passwords could always be changed.
  2. If websites start allowing you to log in with your wallet by signing something with your private key, passwords are no longer needed. You will likely always need a few passwords, though, so integrating those with your wallet could be useful.

I think the idea could be worthwhile

This is a great example of how alternate solutions are totally different but come to the same conclusion. Maybe the trick here is that you only ever need to remember that 1 password?

Looks at how Multisig works. If you can sign something with 2 things you own, you’d be hard press to say that both devices are compromised. Someone had proposed there to be a centralized services that holds the 2nd part of a 3 part signature contract. If you signed it, then the centralize service would also sign it on your behalf, thats 2/3 keys signed and the funds are released.

The key here is that the centralized service can never sign alone and you would always be alerted if they are trying to do something. Another key thing is how does that service know its really you signing?

If you could solve this, you potentially could not have much need for remembering all these passwords.