Hacker News Show7/3 03:2958 分
Bramble:开源本地优先密码管理器,支持P2P跨设备同步
Show HN: Bramble – Local-first password manager
中文摘要
Bramble是一款开源的本地优先密码管理器,采用P2P跨设备同步技术,无需依赖云端服务器。其同步功能基于Nostr中继(可自托管),设备间通过WebRTC直接传输端到端加密数据,确保密码不会在云端留存。项目已发布Chrome扩展和Android应用,iOS版本正待审核,最新版本还支持全平台通行密钥存储。加密模块使用Rust编写,确保密钥在内存中的安全处理。开发者强调了对云服务商频繁涨价、数据泄露及透明度不足的担忧,旨在提供功能全面、透明可控的替代方案。
原文内容
I'm currently working on Bramble, an open source password manager with P2P cross-device sync. Initially I released the Chrome extension, but recently I also published the Android app and iOS is pending Apple's approval. Besides that, the latest version also includes passkey storage for all platforms!
About Bramble:
It aims to be as feature-rich as all popular and a replacement for cloud-based providers. I don't think we need to store our data in the cloud and be at the whims of companies raising their prices every year. There's always a breach and then we find out that some fields aren't encrypted, metadata is visible, and so on. I'm frustrated with this and the increasing lack of transparency during these breaches.
The P2P sync in Bramble uses a Nostr relay (which can be self-hosted) to keep your devices in sync. The relay just introduces the devices to each other; the data then flows directly over WebRTC, so there's no vault server and no cloud copy of your passwords anywhere. What leaves your device is end-to-end encrypted and your devices authenticate each other directly, so a snooping or MITM relay gets practically nothing.
Crypto is all done in Rust so I can control exactly how key material lives and dies in memory (secrets get zeroed out, no GB leaving copies lying around). In Chromium it's a wasm module, on mobile it's native builds bridged over via uniffi.
Android app:
I'm still deciding whether to publish the app on Play store or simply provide the signed APK which users can sideload. Reason for that is Google's plan to lock down Android and take away ownership from its users. Read more about it here: https://keepandroidopen.com/
The app uses no Play APIs whatsoever and runs perfectly on GrapheneOS, where I actually did all my testing.
Questions, feedback, feature requests - all welcome!
TL;DR: I dislike private-equity and venture funded companies messing with our security, so I created my own Password Manager which is local-first, free, open source and as transparent as it gets.
Comments URL: https://news.ycombinator.com/item?id=48766242
Points: 58
# Comments: 9