undefined | Better HN

0 pointsLelouBil3y ago0 comments

They have a paper about their architecture.

Basically, your master password is never sent, and everything is encrypted and decrypted locally.

You can't audit the server side code, but you can audit the client (and compile it from source) to make sure that the encryption is local and the master password is not sent.

0 comments

arcastroe3y ago

Hah, so I suppose the next step would be a browser extension that performs this auditing on every visit

j / k navigate · click thread line to collapse

0 pointsLelouBil3y ago0 comments

They have a paper about their architecture.

Basically, your master password is never sent, and everything is encrypted and decrypted locally.

You can't audit the server side code, but you can audit the client (and compile it from source) to make sure that the encryption is local and the master password is not sent.

0 comments

arcastroe3y ago

Hah, so I suppose the next step would be a browser extension that performs this auditing on every visit

j / k navigate · click thread line to collapse