
Show HN: Encrypted, synced, offline first todo list - alexh1
https://encrypted-todos.com/
======
alexh1
This is a PoC I worked on over the last week while I've had a little bit of
free time.

In general I'd love to have an ecosystem of apps (calendars, notifications,
etc) built on this type of platform, I've done a lot of the ground wrt.
encrypting/decrypting/signing/verifying general operations.

Tech wise it's deployed on Netlify (the backend is just a Netlify function)
with:

\- Frontend: React, Grommet, web.crypto.subtle

\- Backend: Node.js, Mongo, native crypto module

------
kodo_coder
I looked into your challenge handshake logic, and it looks legit. Really
impressed. Do you have a solution for pw derived keys?

(Also, you have a few UI issues: login exists across browser sessions, stuff
like that. Feel free to ping me to talk more.)

~~~
alexh1
1\. PW derived keys. Yes this is on V2 of the roadmap. It is definitely
possible today, however a bunch of research our end is required to ensuring
the security of private keys we hold (this includes an audit)

2\. Logins across browsers. Securing private keys is definitely still part of
V1, this is easy locally, just need to make it part of the UI. UI/UX is
definitely our weak point

------
Madeindjs
Is it possible to consult code on Github?

~~~
alexh1
Not currently. Which I agree makes it 10 times more difficult to verify if
this is secure.

I'm currently working on adding a kanban/trello board type page to this using
the same backend. Maybe after that and cleaning up the code I can consider
open sourcing it

