Show HN: What I learned building a local-only password manager (PassForgePro)

Show HN: What I learned building a local-only password manager (PassForgePro)

Hi HN,

I built PassForgePro as a learning project to better understand password manager design, local-first security, and common cryptographic pitfalls.

The goal was not to replace mature tools like Bitwarden or KeePass, but to explore:

* how a local-only, zero-knowledge style design can work * key derivation with PBKDF2 and encrypted SQLite vaults (AES-256-GCM) * handling sensitive data in memory and clipboard cleanup * defining a realistic threat model and its limitations

This project is experimental and unaudited. I’m sharing it mainly to get feedback on the architecture, crypto choices, and overall approach, and to discuss what I got wrong or could improve (audits, reproducible builds, testing, etc.).

I’d really appreciate feedback, especially from people with security or cryptography experience.

Repo: https://github.com/can-deliktas/PassForgePro Docs / demo: https://can-deliktas.github.io/PassForgePro