I was slightly puzzled what they meant by "zero-knowledge encryption", but after looking around a bit it looks to be more of a buzzword than really related to zero-knowledge proofs (besides them using SRP for password validation). As far as I know, all password managers like Lastpass, 1Password, etc. use client-side encryption of data. Does this do anything new?
I'm a little confused by this. The project page makes it sound like someone's weekend project, complete with a donation link, but in fact it seems to be the client for one of SpiderOak's products.<p>In any case, I'm having fun reading about some of the projects used to build this, including Crypton. Will this work with any Crypton server, or is it somehow tied to SpiderOak?<p>Edit: "I am happy to announce that SpiderOak has acquired Encryptr" (blogs.devgeeks.org).
I prefer pass, which uses GPG and regular bash scripts to store passwords. You can sync the directory of encrypted passwords via git too. No fancy stuff.<p><a href="https://www.passwordstore.org/" rel="nofollow">https://www.passwordstore.org/</a>
<p><pre><code> Latest commit 5fdc936 on Dec 18, 2015
</code></pre>
Is this still an active project? 4 months is a long time to pass without a commit published.
I am an academic who works on zero-knowledge proofs; as far as I can tell, this system has <i>nothing</i> to do with the Turing-award winning concept of "zero-knowledge."
Based on the information on the website, my opinion is that the author is gratuitously appropriating the term "zero-knowledge" here.
WebPass ( <a href="https://webpass.rkeene.org/" rel="nofollow">https://webpass.rkeene.org/</a> ) is similar -- its syncing is done by encrypting the list of sites (note that passwords are never stored or encrypted) and sending that from one client to another (no server ever stores the encrypteed list of sites).<p>It's also an iOS/Chrome webapp so it will act like a native app in some ways.<p>It's also a single JavaScript file which isn't too heavy. The sync'ing is done by a simple process that reads what another client writes implemented as a CGI talking over a FIFO.