Browse GamesGame JamsUpload GameDeveloper LogsCommunity
Indie game storeFree gamesFun gamesHorror games
Game developmentAssetsComics
SalesBundles
Jobs
Tags
Kinami Imai 今井きなみ1 year ago(+1)

I like the idea, and the inclusion of a password strength meter is a nice touch.

However, I can not in good conscience recommend anyone use this tool. It does not store passwords in an encrypted format, so anyone with access to the file system can read them out. Furthermore, the source code is not available and not audited. On the plus side, it stores your passwords offline.

Overall, I do not think this is a bad application. It is impressive you could create something like this for this jam. It’s just that security critical software, like password managers, is an extremely poor choice of a utility to create during a game jam. If you are interested in making a password generation UI, consider using a readily available open-source password manager (such as KeepassXC) as a backend.

I am sorry if this sounds harsh, I just don’t want people to compromise their password security by using this tool.

Reply
FESFEW1 year ago(+1)

Firstly, thank you for checking it out.

Do not be sorrry. I completely understand you. 

Once this jam ends, an update will be published to the tool which makes all passwords encrypted on the .SQLite file.

I will also be making improvements to the overall security of the tool, that will make sure the user is the one using the app and not anything else.

I really thank you for your feedback!

Reply
Kinami Imai 今井きなみ1 year ago

Great, an encrypted DB would be a good start! 😄

Also consider releasing your source code, so that others can audit what operations you perform, and make sure it is secure! Maybe look into reproducible builds (https://en.wikipedia.org/wiki/Reproducible_builds) to ensure that the binary you publish is equivalent to the source code!

Reply
FESFEW206 days ago(+1)

Hi!

I'd like to let you know that a few days ago I went back to this project to make security better. The passwords in the database are now encrypted. If you are able to check it out, I would really appreciate that! It is still free and doesn't require any internet connection.

Reply
Kinami Imai 今井きなみ205 days ago

Hi!

Glad you are improving the security of this tool 🙂

If you make the source code available (on GitHub or GitLab for example), I could take a look.

Reply
AboutFAQBlogContact us
Copyright © 2024 itch corp · Directory · Terms · Privacy · Cookies