Dassword

• 

  Login and register in few seconds

• 

  Add item easily

• 

  Browse , search and edit items

• 

  Edit or delete item

• 

  Generate strong password

• 

  Upload to IPFS

• 

  Download from IPFS

• 

  Secure login Flow

• 

  What makes Dassword better

• 

  Centralized network problem

The first Decentralized password manager

Inspiration

Few months ago my friend was a victim of a ransomware attack that left all his important data have been leaked; all the passwords have been stolen from chrome's weak (and completely insecure) password manager, He spent hours changing passwords, he had to change his credit cards, and his telegram account was stolen.

After that he asked me to recommend a password manager, I couldn't think of one that is easy to use, doesn't have trackers 🤨, doesn't belong to some cooperation that can decide that your data is locked or it could get hacked and leaked, the user gets MITM attacked (all mentioned happened before with other password managers).

We need a password manager that stays secure even if the user got hacked or if the backend server itself got hacked.

Why centralized storage is bad for your sensitive data? 🔑📄

When you use a password manager or any other vault app, you store your data on a specific location (local or private cloud) this have some critical problems. your important data is centralized, meaning that whoever controls the location controls the content. The controller can change the content, completely replace it, or just take it away. That makes your data vulnerable to attacks, exploitation, and loss.

This makes centralized storage [local or remote] not optimal for storing important data, each has it's downsides

Storage

Remote or Cloud: Denied access to data or data deletion because of billing issues or even policy changes or what ever the service provider says, You're completely reliant on who is holding your data

Local: Vulnerable to hacks, MITM attacks or just accidental data lose

Then how can I protect myself?! Here comes 🔐Dassword

There is a gap in the market for a reliable, secure and easy to use password manager.

Dassword check the marks ✅ to be most secure digital vault... with features that doesn't exist on the typical password manager

With Dassword your data is:

• ✅ Secure: and your master password never stored or transmitted.

• ✅ Persistent: Stored on the IPFS and Filecoin Network to ensure it's availability.

• ✅ Provable Ownership: Where you own your data the same way you own your FIL or bitcoin in your wallet, (wallet integration is coming soon).

• ✅ Trustless: Does not require you to trust the password manager company to know your data is safe.

• ✅ Open source: and open for anyone to study and analyze it's codebase.

What you can do with Dassword ? 🔐

Dassword manages your passwords across websites and apps while being secure and reliable You can store your credit cards, personal files, personal notes, and sensitive files

How it works ?

WE designed a specific flow of data to make sure the master password is only used for data encryption zero knowledge login authentication (SHA-3)

The master password is never stored on your local storage or transmitted

---

** Data have two layers of encryption one locally with the master password and another with a 64 byte random key, here is an example of Secure data upload to IPFS**

Secure data download from IPFS

Challenges we ran into 💪

We have only one rule we stick to (the user must own his data & we can't have access to it in any way). There is no trusted way to make sure all my data are unavailable for any cloud provider, but IPFS is completely decentralized and the data stored securely. we also struggled to find a fast IPFS service provider, but we found one in the end

Accomplishments that we're proud of 😄

We finished the app without breaking our rule, the data is double encrypted and the master password is never transferred

FEATURES ⚙

• Automated IPFS sync.
• Save documents.
• Save personal Notes.
• Save credit cards.
• Create Password records.
• Generate password.
• Auto fetch website icon.
• Realtime item filtering.
• Create a strong and unique password for each site.
• Temporary local storage Encryption.
• Strong encryption Base on AES256 & SHA-3.
• SHA-1 based password authentication.
• Zero-knowledge architecture.
• Open Source Security and code transparency.

How it's built ? 👨‍💻

Web3: IPFS , Filecoin

Front-end : Angular 14

Mobile : Ionic 6 with Capacitor

Backend : Nodejs with PostgreSQL 14 ‍💻

How it implements IPFS & Filecoin ?

• Backend as IPFS relay to store data to IPFS and retrieve it.
• Web3.storage as a service, which uses the decentralized storage provided by the Filecoin ⨎ network, and rewards nodes based on storage.
• Automatically replicate your data across a network of storage providers. and verify the integrity of your data, enabled by Filecoin’s cryptographic proof system.

What's next for Dassword ?

There are few steps next to be market ready:

1. Adding general features.
2. Adding more security features:
   • Even more security layers, PGP E2EE encryption.
   • Salted login.
3. Cross-Platform Application:
   • iOS application.

Links

Website: https://dassword.com

App: https://dassword.com/app/

Backend repo: https://github.com/MoustafaMohsen/dassword-server

FrontEnd repo: https://github.com/RoqayaMourad/dassword-ionic

Built With

• blockchain
• filecoin
• ionic
• ipfs
• node.js