use encrypted account database

[atomizer]

[Nightfirecat]

@atomizer Could you expand on this?

[atomizer]

It feels wrong to have all passwords saved in plaintext. We could encrypt the accounts object with a passphrase and add interface to manage accounts from within the app, so that raw credentials don't touch the file system. On the downside, this would force us to ask the user to save the file manually when it is changed. Its not clear whether it would be good or bad to have. I don't remember why exactly I thought it would be a good idea to create this issue, honestly.

[Nightfirecat]

I don't disagree, but we should normally assume that a user's machine is secure. To try and work with the assumption that it isn't would start going into developing crypto to go along with muledump, and I don't feel that I have the knowledge or expertise necessary to help with that. (you know what they say, don't roll your own crypto) When it comes down to it, this sounds like it might be overcomplicating the issue. It would be much simpler, on the other hand, to make some kind of notice (or multiple notices) that one's accounts.js file is a key to all of their accounts, and should not be shared or given to anyone.

[dekaji]

Assuming the computer is secure is unfortunately not something that can always be guaranteed these days. Regarding the crypto, Libsodium would be perfect for this - https://www.npmjs.com/package/libsodium. Thoughts?

JS can't write to the local disk, so this feature would require either having the user manually save the encrypted file or converting to using HTML5 local storage API.