Stop with the Obfuscation: Encoding and Encryption are Not the Same

stop

This is a topic that has been talked about quite a bit, but I think it’s an important one to reiterate to our users. Encoding is not Encryption! Encryption is a specific subset of encoding where the encoded messages can only be accessed by authorized parties (the ones holding the decryption keys). Encoding is simply … Read more

Creating and Remembering a Strong Passphrase

photo 1509822929063 6b6cfc9b42f2

We all have hundreds of online accounts. Ideally, as many of those accounts as possible have unique passwords. Unique passwords however present a difficult problem: No one can remember hundreds of strong passwords. To fix this problem, we created password managers. Now, all of our passwords are neatly stored in one place, encrypted by one … Read more

BIP 32 Watch-Only Wallets

https://dissolve.com/video/Key-ring-frozen-ice-royalty-free-stock-video-footage/001-D617-9-730

Bitcoin improvement proposal 32 is, in my opinion, one of the most important BIPs we have. (Thanks Peter Wuille!) BIP 32 gave us Hierarchical Deterministic Wallets. That is, the ability to create a tree of keys from a single seed. In the early days of Bitcoin, each time a user wanted to receive new coins, … Read more

Trustworthy vs Trustless Apps

https://whyy.org/episodes/in-science-we-trust/

In the wake of the hearings about Facebook’s new Libra blockchain, it is more important than ever that we all understand the difference between trustworthy and trustless apps. A trustworthy app is an app whose developers are known and trusted by the community. The developer’s reputations and businesses are on the line, so it motivates … Read more

Snyk Security Review

snyk logo

We recently integrated Snyk into Qvault as a way to get more visibility into known vulnerabilities in Qvault’s codebase. Snyk has already patched a critical vulnerability in lodash for us. This allowed us to continue releasing new versions before the official fix for lodash was published a few days ago. We can’t speak to whether … Read more

Intro to Qvault

Qvault Logo

Qvault is a new opensource password manager, with an emphasis on user experience and customization options. Many who stumble upon Qvault ask the following, “How is this different from other password managers?” In this article we explain what sets Qvault apart. 1. Open Source Many password managers that exist today do not publish their code … Read more

Randomness and Entropy in Node and Electron

http://thehobbyts.com/fun-dice-games-ultimate-list/

Randomness is a hard problem for computers. For this reason most functions that generate randomness are not considered cryptographically secure. That means that it is possible that an attacker can take a good guess at what number a non-secure randomness generator generated. How Can Randomness Be Attacked? Many non-secure randomness (or entropy) generators would do … Read more

You Can’t Function in 2019 Without a Password Manager

Password Feature art

Secrets. You certainly have many and I don’t mean stretching the truth to a first date about interests and hobbies or being into My Little Pony as a forty-year-old man. I’m talking about digital secrets. Social security numbers, passwords, pin codes, cryptocurrency keys, credit cards, and bank account numbers, for instance, define our online personas … Read more

Dual Encryption

card

Qvault’s dual encryption allows users to require that two keys are needed to unlock their vault. A password, and a key card. You have probably heard of two factor authentication. According to Authy: 2FA is an extra layer of security used to make sure that people trying to gain access to an online account are who they … Read more