[kirushik]

OK, since we're pitching our SSS implementations here in comments, I welcome everyone to check out BananaSplit, https://bs.parity.io

Not sure about year 2023, but at the time I wrote it for my previous employer there was nothing remotely usable for regular user.

Thus, BananaSplit. It doesn't allow you to specify many parameters (just the number of shards, and then requires 50%+1 to recover); aimed at printed backups (generates printable full-page QR codes, while asking to copy a decryption phrase to the pages by hand to avoid an "evil printer" attack); and takes the concept of _portable web app_ to its extreme, being a self-contained single html file which requires you to save it locally and open via file:// protocol for it to work.

Disclaimer: while being in use for years, the code had never seen a proper independent code review; there might be bugs, despite me trying to minimize their impact by design, and using only reputable (and pretty minimalistic) JS primitives. If you want to check out the sources yourself before using, of course those are available under GPL at https://github.com/paritytech/banana_split/

[franky47]

I like how it pushes you towards safety by requiring the code to run offline and off the disk. The resulting UX is not that great (though the explanation of what to do is clear), but it's a good step towards a little bit more security.

[stavros]

On the contrary, I hated it. I just want to see the UI, I don't want to go offline! Give me an "I'm just playing around, I promise!" button I can click on to test it.

[cornstalks]

Interesting idea, but the restore function doesn't work for me.

    Access to fetch at 'file://redacted/Banana%20split.html#/combine' from origin 'null' has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes: http, data, isolated-app, chrome-extension, chrome, https, chrome-untrusted.

[kirushik]

Hmmm, that's new; thanks for bringing this up.

Would it be too much to ask for you to open an issue in Github for this? Things I'd be interested in the most would be details about your environment: browser/version/platform and if this is reproducible in a "fresh" browser profile without any extensions added (or just a list of your extensions, if that's not too privacy-invasive for you).

[pxc]

This is pretty cool!

Mozilla SOPS¹ also supports this, but it's not nearly as user friendly for non-technical folks. Probably one of those solutions you reviewed before creating Banana Split!

--

1: https://github.com/getsops/sops

[unethical_ban]

I'm not sure the offline mode instructions for Firefox are accurate.

[kirushik]

Yeah, that's right, thanks for the pointer.

We probably shouldn't even bother recommending browser-specific offline modes; I've created an issue in the project's repo to reword that piece by the next release.

[pastage]

Doesn't seem to understand that the file is local when opening in Chrome on Android, interesting.

[kirushik]

Yeah, and I failed to even find an option to open a local HTML file on mobile Firefox (for Android) just now.

That's a shame — things were definitely different in 2019 when I built the initial version; and mobile browsers were definitely a target I had in mind for the tool (especially when it comes to the recovery).

Instead of wrapping the existing tool into a mobile app, I'm thinking about standardizing the QR code format from the tool a bit more — so multiple, more task-specific recovering mobile apps would be possible. (Like, the one in your password manager detecting certain internal text formatting and importing the entries automatically and such).