#Looking for collaborators to build an open source P2P password manager with

Hi there. I'm pretty interested in getting into development of P2P and privacy-centric software, but I'm new to this domain.

Thanks for being so accommodating. I keep my git repositories in two places: my radicle node: https://app.radicle.xyz/nodes/kobina.seednode.xyz, and my codeberg page: https://codeberg.org/kobinabrandon. Currently, my most complete project is this one: https://codeberg.org/kobinabrandon/hourly-divvy-trip-predictor (written in Python). With regards to Rust, I'm currently working on this: https://app.radicle.xyz/nodes/kobina.seednode.xyz/rad:zAQBfcF242DQhwr33A6GVn418yAa/remotes/z6MksSxJiPsEVui82ygt9cPpH8KJVLoGSMVgHpJpz3NZdYeW/tree/fix_bpe/

@fervent turtle By the way, if you're not familiar with Radicle, it's a P2P network built on top of git. So it functions as a decentralised alternative to github. The platform is largely written in Rust as well

I appreciate your kind words, and look forward to having a chat 😊

Hey can you share more thoughts about your architecture? It seems really interesting.

Cool. This kinda reminds me of blockchain trust system. Are there any existing proof of concepts for this? I am not very deep in my career and I know very basic stuff but this seems quite nice.

For password storage bycryption will be used I assume. Quic can also be used for faster secret transfer I think?

From what I learnt. Ed25519 is a side channel resistant signature cryptographic algorithm for verifying the integrity of data. Why is this being used? Shouldnt aes or another asymmetric public key cryptography be used? Sorry if question seems stupid.

Hey @fervent turtle thanks for replying. Yes, I meant Bcrypt sorry 😞. As for quic I thought it was more secure than normal openssl and its only because its not very mature that it hasn't been widely adopted everywhere yet. You can still see some websites using quic for encryption if you check their ca. Like cloudflare and all the browsers, google etc. I am pretty sure its not the next big thing but rather the current big thing. Thanks for clarification on the keys part. My next question is how do we know that the password manager you will make is not going to end up like the others? Not maintained and not updated.

Thanks for answering I have never contributed to open source so I have no idea what happens. I am a young soc analyst with only 1 month and a b tech in cse under my belt. If you start the project I would be happy to join the progress group.

Sure.

Hey @fervent turtle ,
This sounds like an awesome project and I'd love to contribute.

I've been working in full-stack Rust, mostly on the frontend/UI side, but I do want to learn about networking, cryptography, and systems-level Rust. I haven't contributed to open source before, so this would be my first time-but I'm eager to learn and collaborate.

Would there be room for someone like me on the team?

That's great to hear! I do have a bit of experience with React and the whole MERN stack as I started off there with Typescript during an internship. Currently, I'm doing work with Yew + WebAssembly professionally but have recently learned about the "iced" framework for desktop apps. I found that Yew is a lot like React but for Rust so that's how I transitioned into learning Rust.

Will do! Excited to contribute

yah sure count me in

and also ping me

I am exited to contribute this is my personal work in rust https://github.com/jaiks-in/basic-blockchain

Hey, I would love to contribute here, I'm quite new to opensource contribution and rust in general but I think I fit your criteria of actively wanting to learn while building,
https://github.com/Prajwal-k-tech Here's my github, not really any rust projects on there but I'm working on changing that, 2nd year btech student btw

any idea on solving the problem of, you bought a new device and you're away from your p2p network , you want to access your passwords but those devices you own are turned off

that sounds smart but what exactly is this relay node going to be

like in the end, thats again an external server / honeypot now right?

so you're saying we split the passwords between multiple external edge nodes?

making it less of a honeypot

thats a reasonable comprimise

well by that logic, I believe even password managers like 1password, (not so sure about this) have you make a private key and then blobs are stored on their central networks

also I believe we would be using key pairs right?

ah i got it, the idea here is you're storing only your own data , those managers become honeypots because they have the password of millions of users

btw, my college has an opensource club, I could ask people there if they want to contribute

https://github.com/Openverse-iiitk

do you have a repository set up yet that I could share to the group

i am fairly interested in the p2p approach, as it is very similar to what i plan to build for the inter-network for my os once it gets advanced enough

where the p2p network is used to share and access other system devices and resources and "tunnels" outbound trafic (any type of ip trafic) to anonymize the actual client

also going beyong simple p2p with arbitrary complex network topology with relay nodes

Would be interested in contributing to this.
Can you let me know where you are still looking for help at now? Not too familiar with the type of software you are making, but will learn what I need to. I’m just wanting to learn 🙂
feel free to dm me details and I’d love to discuss into helping out

Why exactly be P2P in the case of a password manager?

What if the network stops seeding your passwords?

Something like torrents become (sometimes temporarily) unavailable all the time because there's just no-one available to seed data

Im begginer but can i join?

problem with peer discovery like this is that

it cant work properly on the client without administrator/root priveledges on some platforms

and requires the client to be online

also

assuming you want to use kademlia

how are you going to mitigate sybil attacks to wipe data?

hey still looking for contributions? I just started getting into p2p, bought a udemy course, I'm game : P

yeah i meant bypassing the default firewall on windows