OVERVIEW

We’ll build mobile and browser apps that will allow users to save their logins encrypted on the cardano blockchain using transaction metadata. Passwords and sensitive information are never lost, no central server required and no recurring fees.

VALUE PROPOSITION

We propose a DApp that runs as browser extensions and mobile apps, and allows users to automatically generate secure passwords for any websites they are visiting, then save any logins & passwords, bookmarks or other information that must remain secure (such as account recovery codes). Auto-completion of details such as credit card information and personal addresses, etc

How it will work:

Users will install the extension or app and be presented with two options for setting the password manager on the new device:

(1) New Secret Profile

this will present the user with a seed phrase like a regular wallet, the profile name (optional), and a master password for the secret profile. the encryption algorithm to be used to encrypt user data locally and on the blockchain. AES will be the default.

(2) Restore Secret Profile

the user will be asked for the seed phrase of an existing profile, and the master password for it.

 

If you provide a seed phrase from one of your existing cardano wallets, it will work fine. That could include wallets managed by hardware devices such as ledger/trezor

 

the profile name will be loaded automatically from the corresponding wallet metadata - if empty then the user will be asked to provide a name

 

Multiple profiles can be created, such as “my logins”, “credit cards” and “work”. Whenever some secret information is saved, it will be stored locally and associated with a given profile. Everything encrypted using

the private key that’s protected by the master password. You can optionally provide a master password for each profile.

When websites are visited and a password field is detected, the extension will offer to fill the password if it’s been registered. At that time, the user will be asked for the master password to decrypt the details and fill in the form on screen.

If it’s an unknown password, DaPassword will allow you to input the password or simply generate one for you. The password generation process can be configurable similarly to what commercial products like LastPass offer (select password length, allowed characters, etc).

Everything works locally and anonymously. Your details will be stored on the blockchain whenever you choose to do it. If you have many logins and other details to import on an initial setup, all of them can be persisted locally first, then with a single transaction saved on the blockchain, substantially reducing your costs.

User who have no idea what cardano is and what a blockchain is, won’t have to learn it. When attempting to save their credentials, they’ll be offered the option to “buy credit”, which will essentially load ADA in their app under the hood to enable transactions to take place to persist their data. ADA holders will be able to simply transfer their ADA to a receiving address exposed by the application with no additional cost.

As everything will be stored on the blockchain, users can restore their secret profiles in multiple devices and all their updates will be picked up automatically from the blockchain, including the “available credit” to

persist new logins and secret information. Also the full history of previous passwords will be accessible to the user.

EXPECTATIONS

We plan to deliver browser extensions (Chrome, Firefox, Opera, maybe Safari if budget allows), as well as Android and iPhone apps with the same functionality. Mobile apps will provide integrations with the underlying operating system.

IP/COPYRIGHT

The entire source code of this project will be available on github under the GPL V2.0 license and we hope other community developers can build on top of this to create even better solutions in the future.

PROPOSED LAUNCH

Within 6 months

PROJECT SUSTAINABILITY:

We plan to monetize on the “load credit” functionality which allows regular users (not ADA investors) to save the encrypted data as transaction metadata.

Also from rewards collected by the SHOP stake pool.

RISKS

There are a some elements of risk around the proposed solution, namely:

Even though no data will ever be stored in a central server, user’s individual devices might be compromised by a targeted hack and their credentials be stolen. The user might lose their seed phrase or forget the master password, rendering all information stored and purchased credit unavailable and irrecoverable.

These will have to be addressed by a proper end user license agreement written by our lawyers.

METRICS

Code activity can be measured from commits on github.

FUTURE PLANS

We plan to build support for file uploads of any size, which will be stored encrypted in cloud servers (Amazon S3 for example).

Investigate Single Sign On, Multisig, family sharing and alternative recovery options.

Thank you for your support!