[xerxe-sans-s]

Lots of negativity here that I don’t think is completely justified. I subscribe to a family plan for 1password. I have options to sync with iCloud and several other cloud services, and for the most part that’s great. But I don’t have an option to sync with a service that I can guarantee will remain in existence and outside of state control. I also have to maintain an account in good standing with these services, or potentially host and secure my own hardware.

Blockchains - at least those that are heavily adopted - provide a kind of good solution to this problem. State is maintained by a third party that’s likely to be around for a while, and if I forget or can’t pay a bill for a while, my credentials are still stored and accessible at a later time. I like the idea of paying a little to a third party for the store operation, vs paying a little every month for the privilege of performing a get operation.

[skybrian]

It's not a lot of data. There are other places where you could publish a small file for free, provided that you entirely trust the encryption and therefore are willing to make the file public. For example, a gist on Github.

(But personally, I wouldn't publish the encrypted file, just in case.)

[geofft]

Store it with some scheme like TripleSec https://keybase.io/triplesec/ and put it in a private gist on GitHub, so you'd need three encryption algorithms plus GitHub account security to be broken before anyone can get to it.

[geofft]

> But I don’t have an option to sync with a service that I can guarantee will remain in existence

How does blockchain ensure this? (I'm not sure that blockchain has any particular advantages or disadvantages here compared to the classic "upload it to Usenet" approach to reliable backups.)

> and outside of state control.

How does blockchain ensure this? In particular,

- State still control almost every network connection in the world, and blockchain is meaningless if you can't actually connect to the network.

- Almost all blockchain schemes distribute power in proportion to existing ("real-world") power, e.g., people with the most existing capital, people with the most computational resources, people with the most coercive ability. Wouldn't you specifically not want a blockchain if you're worried about state power executing a 51% attack?

- What, precisely, is a state going to do by "controlling" your encrypted password store? Controlling a cleartext password store, sure, but there are already well-established mechanisms to just encrypt them, no blockchain required. And I don't really understand what a 51% attack on an encrypted file is supposed to do.

Blockchains are very good at one thing: avoiding double-spend attacks in a system otherwise susceptible to Sybil attacks. That turns out to be exactly the problem that a worldwide distributed electronic currency has. But it's not the problem everyone has. If you don't have that problem, blockchains are not particularly useful to you.

[jjeaff]

Block chain seems like an overkill solution for this though. I could just use open source software like keepass and sync the encrypted password file to a few different local devices and maybe a cloud backup option. If I can't pay the cloud bill, that's fine, I have a few local backups.

Blockchain's most important feature is the shared ledger. But for a password manager, I don't have anything I need to prove to anyone else.

This seems like a use case much better suited to the BitTorrent protocol than blockchain.

In either case, it seems unwise to put your passwords in the hands of absolutely anyone and everyone even if they are encrypted.

[bastawhiz]

On the other hand, you're making a pretty big bet on the correctness of the implementation of the tool. What if, due to a sneaky bug, the tool uses far less entropy than is required to securely encrypt your passwords? If there is nobody working (professionally, for money) to check that the implementation is correct, you're just hoping that your passwords (stored on a public blockchain) were blessed with the correct incantations. As it turns out, getting a proper audit of products like this where there is no central money-having entity is incredibly hard.

[cyberpunk0]

Uh yes you do? Keepass and sync to self hosted services