Comment by coldstartops
5 days ago
You built it because you wanted to share passwords:
And your flow is: I encrypt my password; I upload the encrypted password to your server.
And I share the password to the encrypted password as plain text.
Why do I have to upload the encrypted password to your server, and not just use signal disapearing messages, or telegram secure channel disappearing messages to share the encrypted password there.
And I can use any other side channel to share the second password, like whatsapp, or regular plain mail.
It feels to me that you made a two step process into a one step process but increased the risk by adding you in the middle.
Why would I offload my trust to you instead of doing the second step?
Your skepticism is valid and if your flow already includes: A secure messaging tool (e.g. Signal), a GPG workflow or local encryption or a team that uses shared password vaults. Then to be fair Stasher might not be better.
I built Stasher for me. I wanted an easy, CLI-first way to share one-time secrets without worrying about accounts, apps, or trust. If Signal or GPG works better for you that’s totally cool.
Stasher exists to make casual, secure sharing simpler not to replace tools you already trust.
Yes, valid, congratulations on shipping!
It's just that the entry level for adopting a new tool (for other people) is:
Convince my recipient to use this system instead of "Why not just send the password as we usually do on our secret chat."
And then we spend 20 minutes talking about it and me advocating for their unknown and unaccountable creator.