[codebeaker]

1Password's format is also documented [1], though I'm not aware of any 3rd party clients to parse/work with it. That's actually a thing I was thinking about writing (I commented about trying to write something in C++14 in another front page thread, this was it)

1Password also uses standard encryption, from the link [1]:

> We use Encrypt-then-MAC authenticated encryption everywhere we use encryption. The MAC is HMAC-SHA256 and encryption is AES-CBC using 256-bit keys. Key derivation is uses PBKDF2-HMAC-SHA512. More detail about these choices will be presented in the relevant sections on key derivation and item encryption.

> In this document we will refer to “blocks of data”. Unless otherwise stated, blocks are the length of AES blocks, 128 bits (16 bytes).

Edit: apparently Github lists [2] four libraries for reading OPVault, one each in Python, Haskell, Go and Ruby

[1]: https://support.1password.com/opvault-design/

[2]: https://github.com/search?q=opvault&ref=opensearch

[homakov]

Using open standard for data isn't proof of quality password generation, it can be biased if code is proprietary.

[codebeaker]

Did you reply to the wrong parent? I wasn't making any statements about the quality of password generation.

I was replying to address two of the three points that these people invested 6 months to build YAPPM (Yet Another Proprietary Password Manager).

As is typical of developers they've solved a problem that _probably_ didn't need to be solved. With a more product orientated mindset a business plan, and some market research probably would have preceded six months of engineering effort.

The "more beautiful" is subjective, I'd argue that having only one platform targeted makes it much easier to build an app in-keeping with one platforms HCI guidelines. I happen to use a Mac, an Android phone, and a Linux desktop, thanks to WINE I can use 1Password everywhere, and knowing that the format is public, and documented, and there are 3rd party implementations I don't need to worry about AgileBits ceasing to exist.

I'm left seeing some developers making the same mistakes that I have made when building a product before finding out if the world really needs a _subtly_ different app to solve an already solved problem.

[nixgeek]

"So… apparently it took me over 5 years to launch Secrets "

https://twitter.com/pfandrade_/status/730681656496001024

I think the developer invested nearly 6 years into it, and the comment about 6 months was time elapsed since initial release and doing the Show HN. It sounds like it was a spare time project for an indie developer.

[pfandrade]

Exactly. I've been building this for years on my free time.

[codebeaker]

Don't take my harsh criticism personally. I too enjoy to build things for the joy of building, and I respect your achievement. I just doubt the world really needs what you built, perhaps because I'm not your target audience, and I understand the trade-offs I made when choosing to commit to 1Password that I don't feel like any alternative is compelling.

[pfandrade]

None taken ;). I understand your point of view and hopefully we can iterate on the foundation we've built and make a more compelling argument for you in the future.

[homakov]

No, I just made it clear for everyone, that open or not, data format doesn't matter as long as binary is proprietary. And I would never ever use proprietary things for critical things like password manager, even as pretty as 1password is.