A password manager based on the Zero Knowledge Model
- Not available because of the code architecture. (MVC with nest js + next js). Free tier hosting services cannot acommodate running 2 apps (front end + backend) in one instance.
- Solution: Split frontend and backend into different services (client + API) instead of having one MVC codebase.
- Typescript
- Nest.js
- Next.js
- Chakra UI
- REST
- PostgreSQL
- Session Auth
- Prisma
- Docker
- Jest
- Client: input email and master password
- Client: Generate encrpytion key by hashing email and password with PBKDF2 (5k rounds)
- Client: Generate authentication key by hashing email and password with PBKDF2 (+1 round)
- Server: Hash authentication key with PBKD2F (100k rounds) *
- Server: Query passwords based on the authentication key
- Client: Decrpyt using the encryption key (AES - 256)
- Client: input email and master password
- Client: Generate encrpytion key by hashing email and password with PBKDF2 (5k rounds)
- Client: Generate authentication key by hashing email and password with PBKDF2 (+1 round)
- Server: Hash input with PBKD2F (100k rounds) *
- Server: Encrpyt input with AES - 256
- Server: Store in database with hashed authentication key
- Use async version of the bcrpyt hasing function so that the process can run on libuvs thread pool and not block the event loop.