New ask Hacker News story: Ask HN: Why shouldn’t I roll my own password manager?
Ask HN: Why shouldn’t I roll my own password manager?
2 by nexuist | 1 comments on Hacker News.
Hi all! I’m currently working on a personal assistant bot (no 3rd parties involved, self hosted) that uses one SQLite file as its single source of truth. I would like to add password manager functionality to this so I can e.g. ask it to fill out online forms or save registration information. All passwords would be saved to the SQLite database hashed and salted with AES-256 and they’d need a master password (not stored anywhere) to be decrypted. I know the golden rule is to not roll your own crypto, and I’m thinking this is somewhat adjacent to that. What does a password manager do in terms of security that I haven’t / can’t? Or am I on the right track and all password managers work in this same basic way?
2 by nexuist | 1 comments on Hacker News.
Hi all! I’m currently working on a personal assistant bot (no 3rd parties involved, self hosted) that uses one SQLite file as its single source of truth. I would like to add password manager functionality to this so I can e.g. ask it to fill out online forms or save registration information. All passwords would be saved to the SQLite database hashed and salted with AES-256 and they’d need a master password (not stored anywhere) to be decrypted. I know the golden rule is to not roll your own crypto, and I’m thinking this is somewhat adjacent to that. What does a password manager do in terms of security that I haven’t / can’t? Or am I on the right track and all password managers work in this same basic way?
No comments