Qvault’s Offline Mode in Electron

videoblocks hand plugging connecting unplugging and disconnecting ethernet cable wire cord from white wifi router top down shot hstu1hrvv thumbnail full01

We recently added “Offline Mode” to Qvault as a new feature. This was in preparation to also add Bitcoin and cryptocurrency key generation. There is now a toggle switch at the top of the app that, when switched off, ensures that the app will make no network requests. You have always been able to use … Read more

Security in Dependencies

photo 1495145910046 717b12bffcf7

Choosing the right dependencies is a difficult task. Assuming the developer of an application is the best programmer in the world, the “best” thing to do would be to write the entire codebase alone. This would eliminate the bugs, vulnerabilities, and malicious intrusions of inferior developers. The trouble is that we like to move quickly … Read more

Stop with the Obfuscation: Encoding and Encryption are Not the Same

stop

This is a topic that has been talked about quite a bit, but I think it’s an important one to reiterate to our users. Encoding is not Encryption! Encryption is a specific subset of encoding where the encoded messages can only be accessed by authorized parties (the ones holding the decryption keys). Encoding is simply … Read more

Automatic Cross-Platform Deployments with Electron on a CI Server (Travis)

electron2

This is a tutorial on how to setup an Electron app on Travis CI, so that new versions are deployed to Github Releases with a simple pull request. Boilerplate I created a boilerplate repo that has all the necessary configuration to deploy a minimalistic app to Github releases. If you get lost during the tutorial … Read more

Creating and Remembering a Strong Passphrase

photo 1509822929063 6b6cfc9b42f2

We all have hundreds of online accounts. Ideally, as many of those accounts as possible have unique passwords. Unique passwords however present a difficult problem: No one can remember hundreds of strong passwords. To fix this problem, we created password managers. Now, all of our passwords are neatly stored in one place, encrypted by one … Read more

BIP 32 Watch-Only Wallets

https://dissolve.com/video/Key-ring-frozen-ice-royalty-free-stock-video-footage/001-D617-9-730

Bitcoin improvement proposal 32 is, in my opinion, one of the most important BIPs we have. (Thanks Peter Wuille!) BIP 32 gave us Hierarchical Deterministic Wallets. That is, the ability to create a tree of keys from a single seed. In the early days of Bitcoin, each time a user wanted to receive new coins, … Read more

Trustworthy vs Trustless Apps

https://whyy.org/episodes/in-science-we-trust/

In the wake of the hearings about Facebook’s new Libra blockchain, it is more important than ever that we all understand the difference between trustworthy and trustless apps. A trustworthy app is an app whose developers are known and trusted by the community. The developer’s reputations and businesses are on the line, so it motivates … Read more

Snyk Security Review

snyk logo

We recently integrated Snyk into Qvault as a way to get more visibility into known vulnerabilities in Qvault’s code base. Snyk has already patched a critical vulnerability in lodash for us. This allowed us to continue releasing new versions before the official fix for lodash was published a few days ago. We can’t speak to … Read more

Intro to Qvault

Qvault Logo

Qvault is a new opensource password manager, with an emphasis on user experience and customization options. Many who stumble upon Qvault ask the following, “How is this different from other password managers?” In this article we explain what sets Qvault apart. 1. Open Source Many password managers that exist today do not publish their code … Read more

Randomness and Entropy in Node and Electron

http://thehobbyts.com/fun-dice-games-ultimate-list/

Randomness is a hard problem for computers. For this reason most functions that generate randomness are not considered cryptographically secure. That means that it is possible that an attacker can take a good guess at what number a non-secure randomness generator generated. How can randomness be attacked? Many non-secure randomness (or entropy) generators would do … Read more