I actually happened to use AliasVault. It’s Free Software from the Netherlands for those who are unaware.
Thanks but i stick to keepass. It does the job
Per the github page “With the API stabilized, we aim to have AliasVault undergo a thorough security audit this stage. We have already initiated conversations with renowned cyber security companies who have taken interest in taking this on.”
One thing that jumps out at me reading the readme is the fact that it has a built in email server. Email is hard to get right, and I’m surprised a relatively young(?) project is working on getting all the moving pieces together rather than declaring it out of scope.
It’ll be interesting to see how it develops.
I’m no expert but as i understood, it’s the sending part that’s tricky to get right. Lots of handshake to handle, all to probably end up in a spam folder or blocked along the way. But receiving from a publicly acknowledged address ? I think it’s fairly simple
Even then, there are lots of edge cases with e-mail that are easy to get wrong and might become security risks.
I‘m not saying this applies to this project, this is more of a general concern.
I would never trust a newly written email server and there is absolutely no reason not to use an already existing as a dependency to this project.
Do You know more about the email server part? I understand +addressing but this seems to be more? Do You hand a domain over and it is actually a full MX or is it just an imap client?
Has this been audited? It’s easy to claim that something is secure, but there have been products that made such claims and were trivially exploitable.
The Github page says they are aiming to get one done soon.
They shouldn’t claim that an effing password manager is “secure” until after they’ve done an audit.
I’ll pass, thanks.
the true audit is time, unfortunately
Yes! Finally one with email aliases.
I’ll optimistically sit back and see what comes of this. I’m happy with vaultwarden.
They said VaultWarden, not BitWarden. This shouldn’t affect them.
Looks promising! And it’s refreshing to see something that doesn’t look vibecoded in a week. Couldn’t find any AGENTS.md or other AI crap so I could actually try it
They spelled “agents” backwards to throw you off! lol jk
This is most definitely AI assisted. I won’t say vibe coded, but this has the hallmarks.
This is a claim that is meaningless. You can say it about literally any software currently in development, and there is zero way to reliably refute it.
It’s like stating your comment was AI assisted.
Sort of my point, actually. Most software now I’d argue is AI assisted.
Such as?
Do you have thoughts on 1password?
I’m curious why you asked this?…
Aren’t both of them password managers? I guess I wonder if someone has a preference for one over the other.
They are, it’s just odd to bring up an unrelated software.
I do use 1Password and like it, but I couldn’t compare it to this one.
