Small simple freeware

[Guest ytrewq]

I'll try some constructive criticism:

Removing the keys is a very good step for sure. I certainly wouldn't have use it otherwise: the author just has to change his mind, and in 3 months without warning I'd be locked out of my data/passwords -- very bad idea!

However, I fail to see why anyone would really use this (not so much the indexer app, haven't really looked at that one), but yet-another-password-safe?

Just go to sourceforge and search for password (or password safe or password manager anything like that). You'll see there's already several dozens of such apps, all free, no bogus license keys, etc -- and especially it comes with the source code too. There's already some well-established ones out there, like keepass and oubliette which are both very good.

I'm not the type of rabid-open-source fanboy that pushes their "everything should be OSS" agenda (it somewhat annoys me), but for some specific scenarios, it's a very good thing to have the source code handy so you can look at it. Not so much because you can modify it (most already have pretty much all the features one could ask for)

Why is that you ask? Because unless you're some very big company with highly skilled programmers (like Google perhaps), we cannot possibly know how good the programmer is (or isn't -- nothing personnal, we just can't guess) and often with cryptography-related programs it's not implemented properly (key management is often a problem, or using weak hashes). You can peek at the source code of the open source apps and make sure they're not doing anything stupid (I have looked at least at oubliette, and it's well-coded quality stuff). I just have a hard time trusting anyone coming out with a closed-source password management app like that. Besides, your site says NOTHING about the app itself. For all we know it could be just obscuring it (like XOR'ing with 0xFF or such like I've seen too many times -- or ROT13 perhaps ) and not really encrypting. We have no way of knowing.

keepass/oubliette and others have lots more useful features, they have security measures like clipboard protection built-in (and passwords always encrypted in memory, and can't just "spy" from the form fields), and I know they store my passwords properly -- in a cryptographically secure way, using cryptographically strong, standard encryption algos like AES and twofish properly. Also, they're mature programs so most of the bugs have been squashed. Most can be used as standalone apps on a USB memory stick (very useful) or can be made to -- and without any requirements like the .NET framework 2 (not every PC I plug it into has it already installed). And no licensing restrictions (e.g. can be used enterprise-wide for free). And apps like keepass are fully localized (34 languages available ATM). Even the documentation (you have documentation, right?) is avaialble in a few languages. And likely something like keepass will be in active development for a very long time (can't say the same about yours). So if you quit developing it, they eventually have to manually re-enter all their passwords in the other app if they want a newer/more mordern app with the new features -- a real PITA that wouldn't happen if one sticked to keepass in the first place.

I just don't see why anyone would pick some closed-source alternative with much less features and without knowing if it's secure at all. Could be very buggy too... If I just wanted such an app, there's 17 pages worth @ 30 per page, so about 500 of them, of such password managers on softpedia. No point in reinventing the wheel IMO, unless it offers something new/innovative/useful others don't.

Not trying to discourage you, but I don't see why people would want to use it over the competition.