Well, even if you carry the app with you on a USB stick you'll still need to be able to trust what's on it. Otherwise someone could borrow it and modify the app to, say, send your private key to their web server. So unless you never let the USB stick out of your sight, you'll need to have the block device encrypted and/or have the app cryptographically signed. Either way, you'll need some separate trusted crypto software to either decrypt the block device or verify the app signature. And then you'll still be vulnerable to browser bugs allowing for, say, information leakage or code injection across tabs (although that would probably need to be attacks specifically targeted against your app).
If you do never let the USB stick out of sight - or manually check all the source code each time you use it - then I suppose you should be reasonably safe. If not, I suggest weighing the risks against how paranoid you want to be. /Emil On Wed, 9 Mar 2016, 19:46 eirc, <[email protected]> wrote: > I've made this https://github.com/eirc/pass.js which is a simple webpage > where you drop the key & encrypted file and it decrypts the file in the > browser. Many people have raised concerns about JavaScript security and I > don't know if it really fits your use case but I'll just throw it out there. > > On Tue, Mar 8, 2016 at 9:14 AM, Sergei G <[email protected]> wrote: > >> Hi, >> >> I just run into https://www.passwordstore.org and it appears to be a >> great application. I especially like many import types. I would have to >> import from 1password application as it is getting expensive to keep up. >> >> I have a self-hosted web server at home and I'd like to be able to access >> my passwords using web interface. Is there a web application for that >> scenario? Is it easy to maintain for family members? >> >> Or is it intended that iPhone/Android and other desktop applications can >> get to the server data? What is the access method in this case (REST over >> web, dropbox, ssh, etc)? >> >> >> thank you >> >> _______________________________________________ >> Password-Store mailing list >> [email protected] >> http://lists.zx2c4.com/mailman/listinfo/password-store >> >> > _______________________________________________ > Password-Store mailing list > [email protected] > http://lists.zx2c4.com/mailman/listinfo/password-store >
_______________________________________________ Password-Store mailing list [email protected] http://lists.zx2c4.com/mailman/listinfo/password-store
