This is going to sound sketchy because any software project involving cryptography is automatically sketchy unless it has hit some nebulous and ill-defined 'accepted' status, but I've been working on a CLI tool to manage my passwords for a while that I'm honestly not ready to share, but the architecture so far is very simple:
Each 'service block' is an encrypted file consisting of service name, service password (autogenerated), kv-store, some metadata for regenerating new passwords.
The key to each service block is the hash of a primary password.
The name of the 'service block' file is the hash of the service name.
All of the service blocks are stored together in a folder that can be rsynced wherever.
My worry is obviously in the crypto. While I'm not doing anything too fancy I worry about timing attacks because an attacker will have the full encrypted block so the system is vulnerable to that sort of thing.
Each 'service block' is an encrypted file consisting of service name, service password (autogenerated), kv-store, some metadata for regenerating new passwords. The key to each service block is the hash of a primary password. The name of the 'service block' file is the hash of the service name. All of the service blocks are stored together in a folder that can be rsynced wherever.
My worry is obviously in the crypto. While I'm not doing anything too fancy I worry about timing attacks because an attacker will have the full encrypted block so the system is vulnerable to that sort of thing.