What is Reddit's opinion of
Qvault?
From 3.5 billion Reddit comments
51 reviews of this app found across Reddit:
Was it ever any different though? I remember seeing the same low-quality articles there from the day it was announced.
Also, a bit suspicious that this was posted on qvault.io, which also hosts quite a few articles geared towards beginners. Hmmm
Absolutely. Just because iterative approaches work well in many cases, doesn't mean they work well in all cases. As an example, problems that have arbitrary depth are often most simply solved with recursion - think about listing all the files in a nested folder on disk or all the nested properties in a JSON object:
https://qvault.io/javascript/how-to-recursively-traverse-objects/
So from my understanding:
Scott encoding is better than church encoding which are both just the data type a functional programming language uses.
Plutus is based off Haskell, which are both functional programming languages. Now there are many reasons why cardano chose to use a functional programming language over imperative languages (many object oriented programming languages), even though there might be some disadvantages compared to imperative languages.
Some benefits to functional programming languages: - Immutable variables - Fewer bugs - Functions are easier to test etc.
Edit: These benefits are very important if you want to build the future of finance on the Blockchain. If you joined the crypto space late and didn't know about the dozens of smart contract fails and hacks on Ethereum and many Ethereum copies (Binance smart chain) then you probably should look into these hacks.
Geez answer the question people! I would say the mobile apps are typically safer. The only realm in which they aren't may be that auto update is typically enabled by default. Desktop usually gives you mean re control and features but higher chance of malware.
All the people yelling for trezors: trezors are fine, but they aren't the only solution. There is a heavily overlooked problem which is: you have to have complete trust in the manufacturer. I prefer open source software. Mobile wallets and an open source password manager for backups. https://qvault.io
Problem: No existing password management solutions have all of the following features: * Opensource * Beautiful and intuitive UI UX * Free * Offline and cloud storage options * Physical key option for dual encryption * Virtual keyboard option for bypassing keyloggers
Solution: https://qvault.io (contains link to GitHub and download) it's a desktop app built using modern JavaScript with electron + Vue
Combinations of aes-256-gcm, sha256, and scrypt are used for the cryptography.
Hey! If you fancy it, there's loads of material about IT skills and programming that might be useful (any direction your work life will take).
Examples here: https://qvault.io/computer-science/comprehensive-guide-to-learn-computer-science-online/
Hope that helps.
This talks about bitcoin using 256 bit ECC, so I'd guess Safemoon using 512 bit (15360 bit RSA equivalent) would make it pretty damned impressive 😀 https://qvault.io/cryptography/elliptic-curve-cryptography/
when the data changes you send it to the golang running inside the browser and it updates the view.
the golang runs on a webworker, so that it has access to the networking, and it and only it tells the HTML gui what to do.
​
https://qvault.io/2020/09/23/running-go-in-the-browser-with-wasm-and-web-workers/
Well, I disagree with the text, hence my conclusion. Especially when you consider the problems of AES.
>It is important to remember that 256-bit keys derived from passwords actually can have less than 256-bits of entropy.
Combining this with claims of "Quantum resistance", is a recipe for disaster, in my eyes.
Besides, isn't "Quantum resistant" just a marketing word for "it'll last a few years more"?
The spirit of the article is positive (migrate to AES256 pls, stop using AES128), but I'd much rather see a push for actual "Quantum Safe" algos. We don't want a repeat of RSA's entropy escalation again, do we?
​
I might be wrong on all of this, but that's why I come to this sub.
That's not what my comment said but I will bite.
Example: "I decided points were really about man hours." (paraphrasing) That's completely wrong. Estimation using points takes a while to get right and it's not the same for different teams. Once your team knows how many points you can do in a sprint (velocity), you get some predictability to your estimates. You can't expect this after 2 sprints, and it might take some teams 10 sprints or more.
The writer also used a description of long-term benefits of Scrum as the "definition." Scrum can't be defined in one sentence. If it could then it should rightly be ridiculed.
A quote re: Scrum Master: "Let’s just talk about what seems to me to be the most common scenario.
The scrum master is a <em>non-technical, middle-management</em> type that likes to be in charge of stuff."
This is coming from the writer's limited experience and is certainly not the correct implementation. Sounds like this person has a real problem with middle management. I'm shocked.
"In a later article, I plan to go over my thoughts on what to do in lieu of Scrum while still running an “agile” organization. "
Spoiler alert: it's been three months later and still no follow-up. Bottom line is that this person had some bad experiences and likes to be rebellious. As is all-to-common now, they have an outlet on the internet and someone decides to karmawhore it. There's a reason this type of post sits around 20 upvotes. There are plenty of great responses below so I'll bow out of this thread now.
Honestly this sub is pretty empty haha. We created it in case we ever need it in the future.
We wrote an intro article you may find helpful: https://qvault.io/2019/07/05/intro-to-qvault/
But if you are looking for a third party opinion there are probably not many yet as its still a very new tool!
You can always download the app, and ask questions on our discord as well!
Is this just for fun? If you want a free/opensource password manager just use https://qvault.io
Otherwise, if you want to build your own, use the users master password to encrypt each stored password with AES-256-GCM
Nice! The "fuck yourself" comment at the end may not work too well for professional environments though. Also, maybe check out an open source password manager like https://qvault.io . PMs are typically a better idea than paper in drawers, even if its locked.
Well, I don't know if "two-layers" is the best description, but yes basically it forces them to go A LOT slower. If the password is "1234" then it won't make it impossible, but with a sufficiently long password that isn't used somewhere else (and therefor isnt compromised) then it will be near-impossible.
I would describe to layers as this: https://qvault.io/2019/06/20/dual-encryption/
Depends. Android: samourai iOS: idk Desktop: electrum Hardware: ledger nano s
Make sure to backup the seed phrase! Either an encrypted backup or on paper. I use https://qvault.io (I also helped write it though sooo)
>In the case of Qvault, the master password is hashed using the scrypt algorithm in order to produced the private key. Scrypt is a very slow hashing algorithm, which slows down attacks.
​
Probably better to describe scrypt as a password-based key derivation function, which has properties that make it better than a plain cryptographic hash function for this purpose.
Mining is actaully more expensive than just buying... Buy on exchange -> transfer to personal wallet (samourai or the like). Make SURE you backup your seed. either on paper or an open source secret manager like https://qvault.io
It's an algorithm, not an operation. Each step is mathematical in nature (some less obviously than others), but since some steps involve logical loops I doubt it can be expressed as a single mathematical function.
The algorithm: https://qvault.io/cryptography/how-sha-2-works-step-by-step-sha-256/
I wrote a course for data structures in python, I'd love if you would check it out: https://qvault.io/big-o-data-structures-course/
Totally free as well, at least, 80% of the features are totally free.
As my fellow coders said, it really depends on what you wanna do. I like game dev so I usually use more C#. But again, JS is also widely used and practically makes the web work.
Each language has its own applications. I suggest looking at this article or maybe this one to read about it.
If you are too lazy to read the article, I can explain.
sha256 can be mined on any device, like toaster or toilet light. But for efficient mining it is better to get a modern setup.
At first, AMD 3700X, RAM 3200 cl16 B450 mobo and any 600 W psu are quite enough. If you choose between Intel and AMD, choose AMD.
It's a good point, thanks. Just to be sure though, did you see the front page: https://qvault.io
It has some more info than the login page does. If that's still not enough, I can definitely work on this.
https://qvault.io/jobs/is-there-a-case-for-programmers-to-unionize/
This is actually an interesting take on unionization for programmers specifically that offers some pros and cons to unionization for those that want a more nuanced take on the issues rather than unions=good
Hashing is taking a string of characters, like a sentence, turning the characters into a number, and then doing some usually long and repetitive math to the sentence so you end up with another number at the end.
Each function, like SHA, has their own unique rules for what math to do, but one consistent thing about them is that the math is much easier to do when creating the hash than it would be start with the hash and reverse it.
The hash will always be exactly the same if you start with the same original string.
Here is instructions on how to do SHA2 by hand if you want to see the steps.
https://qvault.io/cryptography/how-sha-2-works-step-by-step-sha-256/
The equation isn’t that simple, it modifies the information and makes it very hard to reverse. I think it’s easier with an example. Here’s the algorithm step by step.
https://qvault.io/cryptography/how-sha-2-works-step-by-step-sha-256/
I would like to suggest Rust! Currently doing an assignment on it and writing in it for another assignment as a web application (CRUD) with Rocket. Very interesting indeed!
AES 256 or stronger gives an unbreakable level of protection. It's even believed to be quantum-resistant:
>Symmetric encryption, or more specifically AES-256, is believed to be quantum-resistant. That means that quantum computers are not expected to be able to reduce the attack time enough to be effective if the key sizes are large enough.
So it would be even safe to email it everyone you know and post it to your Facebook.
Yeah, I know exactly what you mean. This would be a possible next step for my project, but not really needed for more that’s why I simply precompile and ship the wasm file every time.
Perhaps, you can go check out these guys here: https://qvault.io/2020/09/23/running-go-in-the-browser-with-wasm-and-web-workers/ I think they are working on something that involves automatic wasm compilation based on user interaction.
The easiest way I can think of is as follows: 1. Create a simple API endpoint that when called, compiles the wasm file on the server side 2. restart the web worker that communicates with the wasm runtime. It will reload the new wasm file.
>HMAC
Thanks!
Learning more by the second.
We trust the central registry, so using a Public Private Key would work technology wise. In that instance though we still give the Central Registry Publically Identifiable Information, so we and all agencies would need data sharing agreements. As we're all different types of agencies, with HQs under different laws etc this becomes difficult.
If we could only share non-identifiable information our legal issues would be lessened.
Reading up on KDFs now....
https://qvault.io/2019/12/30/very-basic-intro-to-key-derivation-functions-argon2-scrypt-etc/
Thanks. I've just tried that and removed the async/await in previously problematic mounted method, but I see no extra warning? Or do I misunderstand your point?
I used this to set up my linting in vscode, not sure if this is a good base?
Thanks!
You’ll want to look up terms like HLS, Dash, or SmoothStreaming which are all different implementations of encoded video streaming. Check this out. You don’t really even need node to simply stream the video, you can use nginx or whatever http server to host the files. Personally I just use an Azure service for encoding and steaming video because it’s much less manual work and extremely fast, but it can definitely be done with Node. As for the front end, I’d recommend looking into VideoJS because each browser/platform has support for different streaming protocols and videojs will make dealing with that issue easier without a lot of custom work.
It has obvious drawbacks, but as the author points out in another blog post, you can get effectively constant structs by referring to them via a function which returns the desired value.
It might help to rewrite your code a bit:
let value = 50; let value2 = 50; let value3 = 100; let sum = value + value2 + value3 externalFunction(sum);
Now do you see what is happening? You are creating a new single variable that is being passed to the external function. I'm writing a course that might be useful RIGHT NOW, but it's gonna be a few weeks. I do cover this stuff in the Go programming language in another course though: https://qvault.io/go-mastery-course/
I created this free course that I've been trying to target to absolute beginners, similar to what the OP talks about. If anyone cares to try it out I would love feedback :) https://qvault.io/basic-intro-to-coding-course/
This is really cool, I just signed up. I'd love to stay in touch with you about it. I think there is a huge problem waiting to be solved in online education.
I just released a new platform for online course that you should check out: https://qvault.io
You might find this article interesting about optimizing struct layout https://qvault.io/2020/08/07/saving-a-third-of-our-memory-by-re-ordering-go-struct-fields/
If you have an interest in tech we would love to have you. We are friendly towards authors looking to build a personal portfolio. Feel free to include links and canonicals in your content.
https://qvault.io on the "write" tab if you are interested
Are you using electron builder? If so, you just need to follow their guide and set the cert as an environment variable. If you want to see an example on Travis check out https://qvault.io (go to the GitHub link)
I keep my keys in offline encrypted files created using the desktop app found at https://qvault.io . My appropriate family members have access to the recovery code and the QR code in order to unlock the vault.
(disclaimer, I'm a maintainer of Qvault)
Mouse jiggles are pseudo-random. Keyboard typing rates and mouse activity are very insecure in a cryptographic sense. They are useful as inputs to entropy, but only in combination with other activity which is more random
> See this post: https://qvault.io/2019/07/03/randomness-and-entropy-in-node-and-electron/
> return hashedTime % maxNumber
This is nonsense. Most wallets use the entropy generators available in each operating system. Hashing the current time has been obsolete since before Netscape invented SSL 25 years ago
Do you understand how your operating system generates entropy? Do you know the difference between blocking and unblocking entropy sources? Do tiny computers such as the Ledger and Trezor devices have adequate entropy generators? How do they work? Would it be better to plug a hardware entropy source into your PC? How do these work? Even if you have one, do you know if your operating system has the ability to use the hardware device instead of it's usual entropy sources?
This is a deep and complicated issue. If you search bitcointalk.org (for example) for discussions about randomness and entropy, most concerns are dismissed with "It is cryptographically secure because it
> uses /dev/urandom on Linux or CryptGenRandom() on Win
https://www.reddit.com/r/Bitcoin/comments/1rm7vu/where_does_electrum_get_its_randomness/cdomztv/
If you want to go deeper than this, you should ask your operating system developer to disclose their method of creating entropy. It is a lot more than mouse wiggles and keyboard keystroke timing measurement, at least on Linux
Then there's a separate debate, hotly contested, which questions whether an app running in a Javascript framework has sufficient access to your operating system's entropy generator
The Qvault developers appear to be blindly trusting some functions written by someone else, and included in the notorious Node.js repository
The most important thing is making sure that no one has access to your seed, but that you have no way of losing it. This is a hard problem because the easier it is for you to recover it the easier it is to be hacked.
I'm working on a project to solve this problem rn. Take a look if you think it can help: https://qvault.io
No it couldn't be proven, but it also can't be proven that the BTC in two addresses that belong to the same seed are related. In other words, you gain basically nothing by doing what you are proposing.
I would recommend just using a privacy wallet for your spending (samourai for android) and keep your "savings" separate and more secure. Either paper wallet or give https://qvault.io a peek. Its an opensource app where you can encrypt and backup passwords/pins/seeds conveniently.
Seriously. Adding a new feature to https://qvault.io in the coming weeks to generate a "simple wallet" from within the vault for storage purposes. Basically a paper wallet locked in a digital vault, should be awesome for HODLers
As long as you are able to transfer the coins from the exchange to a personal wallet, you should be fine. I personally recommend coinbase pro -> samourai wallet. Make sure to backup the samourai wallet seed somewhere safe and private like https://qvault.io
Ty https://qvault.io soon they will have Qvault cards for sale. The card acts as a second encryption key required to unlock the vault. The user would scan the key (using a webcam) and enter their pasword.
Thats the exception, if someone leaves passwords that they had access to should change. Ideally however, every user has their own passwords and when that user leaves all f his/her passwords are revoked, affecting no one else.
Passwords dont need to change if they are long enough and stored in a good password manager. Check out https://qvault.io
You could encrypt your files using a program like 7zip befor uploading. If you are storing any secrets (passwords, private keys, identity info) then try https://qvault.io instead.
https://qvault.io Im one of the devs. Its a totally free and open source solution with a focus on usability. Its in beta right now but give it a shot and let us know what you think!
Interesting. It also depends on what you are storing. If you are storing passwords/keys/bitcoin then device-level encryption isnt enough. You should store those sensitive secrets in an opensource secret manager that has anti-keylogging features and dual encryption. check out https://qvault.io
Depends on what the password is being used for. If its a website it probably wont be brute-forced because the server (should) have a retry limit. It its to decipher some data, it needs to be longer because brute-force attempts can be made locally as much as you want.
With https://qvault.io (an open source secret manager) we implemented a proof-of-work style hash to make brute-force expensive, but even so, we require 12 char length passwords, or even better, passphrases.
Depends on what you want. I personally dont use hardware wallets because I dont like trusting the manufacturer and its too expensive for my tastes. I use a software wallet (electrum samourai etc) and backup the seed in https://qvault.io