Back to browse
GitHub Repository

Hardware-enclave PIN security without the hardware: the key is split between the user's PIN and a rate-throttled key server, eliminating offline brute-force — wrong guesses hit a lifetime cap, like a TPM. Vanilla JS client + tiny PHP server.

11 starsJavaScript

VESlocker – stop offline brute-force of PIN-protected local data

by VESvault·Jul 7, 2026·2 points·2 comments

AI Analysis

●●SolidBig BrainCozy

TPM-like lifetime attempt caps in ~360 lines of vanilla JS and PHP.

Strengths
  • Exponential throttling with lifetime cap mimics hardware enclave behavior elegantly.
  • Server never sees PIN, seed, or ciphertext — only challenge hashes for verification.
Weaknesses
  • Requires trusting a key server, which reintroduces centralization concerns.
  • WebAuthn and hardware security keys already solve this for many use cases.
Category
Target Audience

Security engineers, app developers handling sensitive data

Similar To

WebAuthn · YubiKey · 1Password

Similar Projects

AI/ML●●Solid

Brute-force startup ideation with the Ralph Loop

The core trick is simple and effective: let an agent iterate questions against a defined domain overnight and surface hundreds of candidly-annotated ideas you can scan through later. It nails the “fire-and-forget” idea dump and domain steering (tell it to focus on agencies or cybersecurity and it pivots), but it’s still essentially a convenience wrapper around an existing agent pattern — useful for volume and pattern recognition, less convincing on long-term validation or downstream filtering.

Rabbit HoleNiche Gem
bothlabs
204mo ago
Security●●Solid

FortiGate SSL-VPN Honeypot

FortiGate honeypot with counter-intel credential tracking and VT/OTX reporting.

Niche GemShip It
pgj11
101mo ago