(github.com)

95 points thunderbong | 1 comments | 22 Oct 24 04:23 UTC | HN request time: 0.204s | source

Show context

MaxGripe[dead post] ◴[22 Oct 24 07:33 UTC] No.41912044[source]▶

>>41911176 (OP) #

[flagged]

maqp ◴[22 Oct 24 07:38 UTC] No.41912065[source]▶

>>41912044 #

NO ONE should trust a website delivering JS that could do who-knows what the next time they skip reading the code. Like, send the inputs to a third party.

Please delete this project and your comment.

If you want to be helpful, write native code that user can read, compile, and install, and persistently use without risk of backdoor-out-of-the blue.

replies(4): >>41912177 #>>41912233 #>>41912718 #>>41913148 #

1. Matumio ◴[22 Oct 24 07:57 UTC] No.41912177[source]▶

>>41912065 #

Do you read your password manager's code every time it updates? Probably not, because you trust the author's reputation.

I wouldn't trust this page with my passwords either, but not because of the reasons that you mention. I haven't checked, but maybe it is simple enough to read the code in its entirety and then self-host? If so, nothing wrong with that.

↑

Firefox-Passwords-Decryptor: Extracts and decrypts passwords saved in Firefox