frontpage.

Show HN: What I learned building a local-only password manager (PassForgePro)

Hi HN,

I built PassForgePro as a learning project to better understand password manager design, local-first security, and common cryptographic pitfalls.

The goal was not to replace mature tools like Bitwarden or KeePass, but to explore:

* how a local-only, zero-knowledge style design can work * key derivation with PBKDF2 and encrypted SQLite vaults (AES-256-GCM) * handling sensitive data in memory and clipboard cleanup * defining a realistic threat model and its limitations

This project is experimental and unaudited. I’m sharing it mainly to get feedback on the architecture, crypto choices, and overall approach, and to discuss what I got wrong or could improve (audits, reproducible builds, testing, etc.).

I’d really appreciate feedback, especially from people with security or cryptography experience.

Repo: https://github.com/can-deliktas/PassForgePro Docs / demo: https://can-deliktas.github.io/PassForgePro

Show HN: ChartGPU – WebGPU-powered charting library (1M points at 60fps)

Show HN: Company hiring trends and insights from job postings

Show HN: Rails UI

Show HN: See the carbon impact of your cloud as you code

Show HN: yolo-cage – AI coding agents that can't exfiltrate secrets

Show HN: Sornic – Turn any article into a podcast in 10 seconds

Show HN: Retain – A unified knowledge base for all your AI coding conversations

Show HN: Mastra 1.0, open-source JavaScript agent framework from the Gatsby devs

Show HN: What I learned building a local-only password manager (PassForgePro)

Show HN: I built a chess explorer that explains strategy instead of just stats

Show HN: Rowboat – Open-Source Claude Cowork with an Obsidian Vault

Show HN: Agent Skills Leaderboard

Show HN: Mirage – Experimental Java obf using reflection to break direct calls

Show HN: Abuse URL shorteners to host throwaway webpages

Show HN: iOS app I made to track my anxiety

Show HN: TopicRadar – Track trending topics across HN, GitHub, ArXiv, and more

Show HN: Should I kill my side project?

Show HN: I made a roguelike game playable over SSH

Show HN: I built a narrative game about running a thrift shop

Show HN: Generate animated solar system timelapse videos for any date range

Show HN: Ocrbase – pdf → .md/.json document OCR and structured extraction API

Show HN: Oauth2-forwarder – web oauth2 for dev containers

Show HN: I figured out how to get consistent UI from Claude Code

Show HN: Fence – Sandbox CLI commands with network/filesystem restrictions

Show HN: On-device browser agent (Qwen) running locally in Chrome

Show HN: An interactive physics simulator with 1000’s of balls, in your terminal

Show HN: Subth.ink – write something and see how many others wrote the same

Show HN: Artificial Ivy in the Browser

Show HN: Citizen Water Signal – A tool to make tap water issues visible (India)

Show HN: Pipenet – A Modern Alternative to Localtunnel

Show HN: What I learned building a local-only password manager (PassForgePro)

Show HN: ChartGPU – WebGPU-powered charting library (1M points at 60fps)

Show HN: Company hiring trends and insights from job postings

Show HN: Rails UI

Show HN: See the carbon impact of your cloud as you code

Show HN: yolo-cage – AI coding agents that can't exfiltrate secrets

Show HN: Sornic – Turn any article into a podcast in 10 seconds

Show HN: Retain – A unified knowledge base for all your AI coding conversations

Show HN: Mastra 1.0, open-source JavaScript agent framework from the Gatsby devs

Show HN: What I learned building a local-only password manager (PassForgePro)

Show HN: I built a chess explorer that explains strategy instead of just stats

Show HN: Rowboat – Open-Source Claude Cowork with an Obsidian Vault

Show HN: Agent Skills Leaderboard

Show HN: Mirage – Experimental Java obf using reflection to break direct calls

Show HN: Abuse URL shorteners to host throwaway webpages

Show HN: iOS app I made to track my anxiety

Show HN: TopicRadar – Track trending topics across HN, GitHub, ArXiv, and more

Show HN: Should I kill my side project?

Show HN: I made a roguelike game playable over SSH

Show HN: I built a narrative game about running a thrift shop

Show HN: Generate animated solar system timelapse videos for any date range

Show HN: Ocrbase – pdf → .md/.json document OCR and structured extraction API

Show HN: Oauth2-forwarder – web oauth2 for dev containers

Show HN: I figured out how to get consistent UI from Claude Code

Show HN: Fence – Sandbox CLI commands with network/filesystem restrictions

Show HN: On-device browser agent (Qwen) running locally in Chrome

Show HN: An interactive physics simulator with 1000’s of balls, in your terminal

Show HN: Subth.ink – write something and see how many others wrote the same

Show HN: Artificial Ivy in the Browser

Show HN: Citizen Water Signal – A tool to make tap water issues visible (India)

Show HN: Pipenet – A Modern Alternative to Localtunnel