AFAIK in web TS/JS/Wasm you cannot mark memory regions as in-memory only (mlock on Linux). This means that the secrets in JavaScript can easily be leaked if the kernel decides to page V8 process memory (unencrypted) to disk.
This risk is unsuitable for an application that needs to handle sensitive credentials like an encryption key for all of a person’s passwords — or the vault itself.
Also, this is why I do not trust LastPass — they don’t run a native module, so how do I know that my vault isn’t just being stored on disk?
This risk is unsuitable for an application that needs to handle sensitive credentials like an encryption key for all of a person’s passwords — or the vault itself.
Also, this is why I do not trust LastPass — they don’t run a native module, so how do I know that my vault isn’t just being stored on disk?