Thank you for your contributions to PortableSecret!

[mprimi]

I am catching up with the numerous contributions and suggestions that came in after PortableSecret hit the front page of HackerNews last week.

Thank you all!

While I like every single contribution that came in, I want to be upfront and tell you: I am not likely to merge them.

I simply do not have the time.
You may be thinking: "But it takes 3 seconds! Just hit the merge button!"
But things look differently from my perspective. It takes a lot more than 3 seconds. Each contribution needs to be review and discussed. Because I'm not a web developer, even simple things could take me a long time.
Sadly, I can't afford this time right now.

My goal with this project was never to create a product.
All I wanted was to share 'this one weird trick' to use any ordinary browser to store/carry/share secrets.

This worked out a lot better than I expected (1k+ forks as of today!), which was really fantastic.
I might continue developing PortableSecret for personal use, and eventually integrate some of the changes you proposed.
But as of now, no promises.

If some of you end up taking this idea further, and developing it into a full-fledged product, please let me know, I'll gladly link you!

@Faruqoloyede
@smunteanu6
@TeddyBear06
@jrc03c
@ggorlen
@Unkn0wnCreator
@Cade66
@ryan-williams
@smondet
@cameronelliott
@dumblob
@dzek69
@shadowbq
@vinhdizzo
@MarkusZoppelt

[ghost]

My goal with this project was never to create a product.
All I wanted was to share 'this one weird trick' to use any ordinary browser to store/carry/share secrets.

Well, the result is a success, whatever the expectations, whatever its future!
The project remains valid, I use PortableShortcut as it is and appreciate it.
Sometimes you just can't imagine what a project will lead to. Similar tings happen in the show-biz!
Thanks for being transparent, honest, lucid.

[jrc03c]

No worries! And thanks for making a cool tool!

I don't know much about cryptography, so it'd be really cool if you could someday do a write-up on why you chose to set things up the way you did, whether that setup represents the current state-of-the-art or best practices (at least with what's possible in browsers), whether something comparable exists already in libraries like sjcl or crypto-js, whether the browser crypto APIs are easy to use or highly complicated, what security considerations and implications exist when using this particular tool, whether you intentionally made any trade-offs between security and performance, etc. Because I know so little about cryptography, I'm always a little unsure whether or not I should trust someone else's tool unless it's used industry-wide, you know? But your tool seems to have very few moving parts, it's built on the browser crypto APIs which are probably pretty well standardized, and it's such a cool idea for how to store stuff in plain sight that I really want to believe in it! So, to that end, I'd like to hear your thoughts and the thoughts of other experts on what makes this tool well-designed and robust. But I totally understand if you don't have time or energy for writing all of that out. 😊

Thanks!

[hsingfoo]

Many thanks, but where do we stand with this now? Will this fade away or will it be adopted and maintained. For sure it deserves a life.

[mprimi]

@jrc03c I'd love to do a writeup with security considerations/tradeoffs/... and all that. Unfortunately, I don't have time.

@hsingfoo

where do we stand with this now? Will this fade away or will it be adopted and maintained

See comments above and in the README:

My goal with this project was never to create a product.
All I wanted was to share 'this one weird trick' to use any ordinary browser to store/carry/share secrets.

This repository has served its purpose as far as I'm concerned. I hope you take the idea and create your own project/product/tool.

[hsingfoo]

@mprimi thank you Marco.