The Market Ticker
Rss Icon RSS available
You are not signed on; if you are a visitor please register for a free account!
The Market Ticker Single Post Display (Show in context)
User: Not logged on
Top Login FAQ Register Clear Cookie
User Info Don't Do It Lennar -- Talk To Me Instead; entered at 2018-05-10 13:12:31
Tickerguy
Posts: 154683
Registered: 2007-06-26
KeePass is VERY secure; I use it heavily and have for quite a while.

LastPass? Oh **** no. But will I store an ENCRYPTED KeePass file on the cloud? Sure. But no key, and I use a multipart one (password + key file), and that key file has never seen a machine not under my direct control.

Without it even the PASSWORD is useless.

The app that I've written doesn't store passwords ANYWHERE. It gets a login cookie and saves that as long as it's valid.

HomeDaemon-MCP can be set for whatever level of paranoia you wish. It never saves cookies on SD card; it generates them on the fly and keeps them in RAM, so if you restart it you have to sign back in -- and it can also be told how long a cookie is good for, at which point it automatically expires on the SERVER (forcing a new login.) You decide how paranoid you are, but even in the worst case the login and password is never exposed.

Whether you sign in via browser or app the credentials are passed over HTTPS and you get back a double-long randomly-generated cookie key that's valid for however long you wish it to be, but which can be cleared at any time. The passwords themselves are hashed on the server side of course as well.

I could EASILY have Alexa interface to HomeDaemon but doing that would mean you'd have to give Alexa credentials. **** that. You may as well leave the ****ing front door unlocked!

What I'm working on right now is getting the app power consumption down even though the network service is flagged as foreground, WITHOUT using Google's bull**** to wake up the network intent (which ALSO requires that you give away at least SOME knowledge to them.) That gets tricky on Android in order to keep the phone in "deep sleep" as much as possible, but it looks like I'm getting pretty good at it with the impact on a locked device being small yet the notification delay is only a couple of minutes if you have the phone locked and screen off.

Last modified: 2018-05-10 13:21:36 by tickerguy

2018-05-10 13:12:31