Fuck password stores too. Use some basic cryptography. One salt on disk, one salt generated from a master password via pbkdf2 (memorized), the site name. Hash it all together. Use the charset used by lastpass to encode. Now you have passwords of arbitrary length. No need to synchronize as long as you have that disk salt somewhere. Your computer can burn to the ground and you lose nothing.
I don't know why no one has published that software. You can code it in 5 minutes.
Better would be if no sites used passwords at all. Since we are in a situation where we need managers outside the browser anyway you could just use one to sign a phrase with asymmetric cryptography. Now you don't have to trust that sites manage passwords correctly. If you have to trust another party to do anything correctly that's bad security.
Thedancingsousa 1 points 1 day ago
SiNgLe SiGnIn.
Fuck password stores too. Use some basic cryptography. One salt on disk, one salt generated from a master password via pbkdf2 (memorized), the site name. Hash it all together. Use the charset used by lastpass to encode. Now you have passwords of arbitrary length. No need to synchronize as long as you have that disk salt somewhere. Your computer can burn to the ground and you lose nothing.
I don't know why no one has published that software. You can code it in 5 minutes.
Better would be if no sites used passwords at all. Since we are in a situation where we need managers outside the browser anyway you could just use one to sign a phrase with asymmetric cryptography. Now you don't have to trust that sites manage passwords correctly. If you have to trust another party to do anything correctly that's bad security.