Hi guys,
I’ve made a hashing password manager, that uses scrypt.
Here is the source.
I’m looking for feedback/reviews, hopefully from someone who knows more about information security than me.
I’d like to know what security oversights I’ve made, if any.
In particular, I’m interested if there are any problems with this kind of an application living inside of a browser, and being written in JavaScript.
I make sure to not store hashes in variables any longer than I should, but does that mean that they don’t linger in memory somewhere?
Is there a risk of some kind of a browser based attack I am not aware of?