Show HN: Encrypted, synced, offline first todo list
encrypted-todos.comThis is a PoC I worked on over the last week while I've had a little bit of free time.
In general I'd love to have an ecosystem of apps (calendars, notifications, etc) built on this type of platform, I've done a lot of the ground wrt. encrypting/decrypting/signing/verifying general operations.
Tech wise it's deployed on Netlify (the backend is just a Netlify function) with:
- Frontend: React, Grommet, web.crypto.subtle
- Backend: Node.js, Mongo, native crypto module
I looked into your challenge handshake logic, and it looks legit. Really impressed. Do you have a solution for pw derived keys?
(Also, you have a few UI issues: login exists across browser sessions, stuff like that. Feel free to ping me to talk more.)
1. PW derived keys. Yes this is on V2 of the roadmap. It is definitely possible today, however a bunch of research our end is required to ensuring the security of private keys we hold (this includes an audit)
2. Logins across browsers. Securing private keys is definitely still part of V1, this is easy locally, just need to make it part of the UI. UI/UX is definitely our weak point
Is it possible to consult code on Github?
Not currently. Which I agree makes it 10 times more difficult to verify if this is secure.
I'm currently working on adding a kanban/trello board type page to this using the same backend. Maybe after that and cleaning up the code I can consider open sourcing it