Passwords/Account Storage on IPFS

[ghost]

Is it secure to store a password crypt on IPFS? What would happen is that when the user logs into a local client, an IPFS connection starts up. Then they can either set up a private key, creating a local account object, or log in. If they log in their private key is checked against an array of keys on IPFS to unlock the account and download the content. How could this be done and is it even secure?

[pbronez]

The easiest way to store passwords in IPFS would probably be to use something like Password Safe that stores all your passwords in a single encrypted file. Just move this file into IPFS and there you go.

The hash of the file will change on every update, so the address will jump around. You'd probably want to use IPNS to point to the latest version of the file. Updating IPNS requires access to a private key; you could store this key in your Password Safe, thus assuring you could always update the IPNS record when you have access to the Password Safe and your master password.

IPFS seems to mostly be about making data available widely and permanently. Data in IPFS is protected by the obscurity of the link and any encryption you provide. For inherently private data, you might be better served by a privacy-first project like Storj.