What I’m trying to achieve is actually the *same* level of security, no more and no less. As I was mentioning in the comparison with lesspass, I guess I’m trading some security in the construction, that can be recovered with a stronger passphrase. The reason for trading is to gain better usability, which means being able to remember everything, including the algorithm itself.

I think we should make a distinction between a service that stores passwords for its users, vs my password manager that helps me get all my passwords.

The service must assume the worse: some users will have weak passwords (in fact, a lot of them have). So the service must use a strong protection mechanisms such as bcrypt/pbkdf2/scrypt to store the passwords.

In my password manager, however, I’m controlling my own passphrase, and I can choose it to be very strong. So I don’t need a “worst case scenario” protection, but I can relax the requirements on security to gain more usability. When I say relax I don’t mean make it insecure, I simply mean to control the security with the complexity of the passphrase.

Note that there’s no way to invert sha256 — the “sophisticated algorithms” that you mention are brute force attacks, that exhaustively try all the possible passphrases. The time required by the attacks directly depends on the complexity of the passphrase.

Forging the Everdragons2 NFT. Former security at Pinterest.

Forging the Everdragons2 NFT. Former security at Pinterest.