I've build Clipperz inspired alternative

[shlima]

I've been using clipperz for a long time, but I guess the project doesn't have maintain any more. So I decided to build clipperz alternative with power of secure features provided by modern browsers.

The project is called wault.pw (Github).

It uses go on backend, Nuxt and Vue on top of Typescript on frontend. Google Protobuf as transport layer and Postgres for the database.

Cryptographic primitives are used built into the browser via Webcrypto API (RSA, HMAC, SHA, AES-GCM, сryptographically-secure pseudorandom number generator). SRP6a is a self-written. This allowed to significantly speed up the flow.

MVP closes following issues:

• [Feature Request] Two-Factor Authentication (2FA) - Google Authenticator Support #131
• Delete account #143
• Password visibility #138
• Able to create two accounts with the same username #116
• Add support for a 2-factor auth system such as U2F #104
• Can't login into offline copy if passphrase is 32 length long #91

Thanks for your work. Thanks for Clipperz! ❤️

[shlima]

#72 (QR codes) had also been closed

[shlima]

#108 also closed

[cobyism]

It would be great to hear from any of the maintainers of this project if there are plans to continue work on it. It does seem a little unfortunate that there hasn't been any updates to this repo since 2019 yet the @clipperz twitter account seems very much current and active.

@shlima Your fork looks great! Thanks for sharing your work! 😍 🔐 ✨

[KubaO]

"Fixing" issue 116 (Able to create two accounts with the same username) actually breaks the core concept that makes this thing secure... IMHO a wrong move. The account must be identified by the pair (username hash, password hash), not by the username (or its hash) alone. The old concept of unique user accounts is irrelevant in these applications. If two users try and use the same password, it's game over for both of them anyway. Having user accounts identified by username alone gives a false impression of security.