Emanuele Cesena
1 min readOct 12, 2017

--

Yes and no.

Yes, it’s similar, it’s a deterministic password manager, in contrast to vaults like 1password or lastpass.

No, in the sense that you still need lesspass to get your passwords. The idea here is that you can also remember the whole algorithm. You can compare the one-liners in the blog post with lesspass core:
https://github.com/lesspass/core/blob/master/src/lesspass.js

In fairness, you can say that my construction looks slightly less secure, but you can achieve the same security with a slightly longer passphrase. (also, they seem to use a deterministic salt in pbkdf2, which is a very debatable choice.) It would be great to hear their opinion!

--

--

Emanuele Cesena

Forging the Everdragons2 NFT. Former security at Pinterest.