Gila

The Problem

Existing password managers either require cloud trust (LastPass, 1Password) or have clunky UIs (KeePass). I wanted a desktop-first password manager with true zero-knowledge security — where the encryption happens entirely on the client, no server ever sees plaintext credentials — while still being convenient enough to use daily.

The Solution

I built Gila as a Tauri application with a Rust backend for cryptographic operations and a React/TypeScript frontend for the UI. The architecture enforces zero-knowledge at every layer.

Key technical decisions:

• AES-GCM-256 encryption — Every vault entry is encrypted individually with a unique nonce. The master key never leaves the Rust process.
• Argon2id key derivation — The master password is stretched using Argon2id with tuned parameters (memory cost, parallelism, iterations) to resist brute-force attacks even if the encrypted vault file is stolen.
• Secure memory wiping — All sensitive data in Rust uses the zeroize crate to guarantee memory is zeroed on drop. No plaintext passwords linger in memory after use.
• Chrome extension with WebSocket bridge — A companion browser extension communicates with the Tauri app over a local WebSocket. It captures credentials on login forms and supports auto-fill with strict domain and email matching to prevent phishing.

What Went Wrong

The WebSocket bridge between the Chrome extension and the Tauri app initially used an unencrypted local connection. While the traffic never leaves localhost, a malicious process on the same machine could intercept credentials in transit between the browser and the vault.

The fix: I added a shared-secret handshake during the WebSocket connection establishment. The Tauri app generates a per-session token on startup, and the Chrome extension must present this token to authenticate. The token is exchanged through a one-time native messaging channel during extension installation. This prevents rogue processes from connecting to the WebSocket endpoint even on localhost.

I also implemented an auth-gated grace period system — after biometric unlock (Linux PAM or Windows Hello), the vault stays unlocked for a configurable window before requiring re-authentication. This balances security with usability for rapid consecutive auto-fills.

Results

• Zero-knowledge architecture — No server, no cloud, no trust required
• Biometric auth on Linux (PAM) and Windows (Hello)
• System tray background mode with auto-clearing clipboard after 30 seconds
• Strict domain matching prevents credential phishing via lookalike domains