warlock

Inspiration

Many of the people I know store and access their passwords for different websites using Excel spreadsheets or any equivalent app. This is quite crude and insecure. There are a lot of things that can go wrong when you use something like Excel for password management, so I wanted to build an application that focuses on secure password management without compromising on its simplicity. Even people using specific password-managing software are not safe, we hear of data leaks almost every week, and we, the customers do not really know what's going on inside. They could be storing anything and they could also be doing anything with YOUR data.

What it does

A user can create "sites" for different websites (Google, Twitter, GitHub, etc.) for which they want to store credentials.
They configure an encryption key for each site that is used to encrypt the password (using AES-256) they enter for an account. They also provide a hint for the encryption key which is used if they forget it.
The user can then retrieve the credentials for an account in a site by providing the encryption key and decrypting the password stored in the database.
What makes the site almost unhackable is that the encryption key is not stored in the database, and all the encryption is done on the client side (browser).
It can also generate secure passwords of a length provided by the user which can be stored in the app.

How we built it

I built it using new (almost bleeding-edge) and exciting technologies. Next.js 13 (w/ the Pages router) is used for the front-end and tRPC is used to define server-side procedures. For the database, I used a Postgres instance hosted on Cockroch Cloud and used Prisma as the ORM. Authentication is done using Google OAuth. Deployment is done on the edge using Vercel. The language used in all of this is primarily TypeScript.

Challenges we ran into

Figuring out how to perform password encryption purely on the client side.
Defining how users store can credentials for different sites without confusion while accessing them.

Accomplishments that I'm proud of

The entire application was built in a week, which is pretty cool.
Most of the tech used in this project is open-source.
Made the app reasonably intuitive while retaining its selling feature, security.

What I learned

I learned a lot about web security and how data can be transferred securely from a client to the server.
I learned how to market an app, highlight its selling features, and define its functionality based on user requirements.

What's next for warlock

Encryption key backups with Google Drive
A mobile app, since the site is currently not responsive.

Built With

nextjs
postgresql
prisma
tailwindcss
trpc
typescript
vercel

Updates

Dhruva Srinivas started this project — Jul 25, 2023 02:10 PM EDT

Leave feedback in the comments!

Log in or sign up for Devpost to join the conversation.