G8KEEPER

A browser extension that safe-keeps, manages and monitors breaches for your passwords in a simple-to-use interface

Comment

G8KEEPER: The Quantum-Safe Password Vault

Inspiration

As developers, we live in a state of "cryptographic paranoia." We know that today’s encrypted data is the target of "Harvest Now, Decrypt Later" attacks—where data is stolen today to be cracked by future quantum computers.

We were tired of choosing between "clunky-but-secure" tools and "easy-to-use-but-vulnerable" managers. We built G8KEEPER to bridge that gap: a zero-knowledge, military-grade vault that makes Post-Quantum protection as easy as a single click.

Installation

Installing the extension is very easy. Download the .zip on our release page.

  • Unpack the .zip file
  • go to your extensions page in your Chromium based browser
  • Select "Load unpacked" and use the folder where you unpacked the zip file
  • Use the extension freely!!!

What it does

G8KEEPER is a high-security Chrome extension that acts as your personal credential assistant:

  • Quantum-Hardened Vault: Protects your keys using a Double AES-256-GCM cascade wrapped in a ML-KEM-768 (Kyber) envelope—the new NIST standard for post-quantum resistance.
  • Smart Autofill & Auto-save: Detects login/signup fields and manages credentials without them ever leaving your device.
  • Privacy-Preserving Audit: Integrated with HaveIBeenPwned using K-anonymity to check for breaches without ever exposing your full hash or password.
  • Zero-Knowledge: No servers, no backdoors. Your Master Password is the only key, and we never see it.

How we built it

We prioritized a "Zero-Polyfill, Zero-WASM" architecture to keep the attack surface minimal:

  • Core: 100% TypeScript for type-safe cryptographic operations.
  • Crypto: Native Web Crypto API for AES-GCM and PBKDF2 (pushed to 1,000,000 iterations).
  • Frontend: Modular UI built with React and optimized with esbuild for a lightning-fast Manifest v3 Service Worker.

Challenges we ran into

  • MV3 Lifecycle: Managing complex cryptographic states in a Service Worker that "hibernates" required a custom-built session state machine.

Accomplishments that we're proud of

  • 8/8 Passing Tests: Full integration test coverage for the entire vault lifecycle.
  • Blazing Fast: Achieved an unlock/decrypt cycle in <500ms, even with heavy 1M iteration PBKDF2.
  • Statistical Purity: Our password generator uses Rejection Sampling, eliminating the bias found in standard methods.

What we learned

  • Chrome Security Internals: Mastering Content Security Policy (CSP) and origin-validated message routing in Manifest v3.

What's next for G8KEEPER

  • WebAuthn Support: Integrating Hardware keys for physical 2FA.
  • Biometric Unlock: Native OS integration for TouchID and Windows Hello.

Built With

Share this project:

Updates