✓ Uses Rust 2018 edition
|0.1.3||Jan 13, 2020|
|0.1.2||Jan 13, 2020|
|0.1.1||Jan 13, 2020|
|0.1.0||Jan 12, 2020|
#216 in Cryptography
You should be able to install this program on any computer and access any of your passwords completely offline and without sync.
- Passphrase "Endnote kindness clover"
- Name of website password is for "github.com"
If you enter the above text into pword, it will always show you the same password of
raW5kbmVzcyBjbG92ZXI which I suggest you do not actually use - this is for demonstration purposes only.
cargo install pword
Clone and build install
git clone https://github.com/drbh/pword.git cd pword cargo install
Based on the diceware algorithm we generate a master passphrase for the user to remember. This passphrase is seeded by a secure random number generator more info from developers. Next, we use this passphrase as a salt in the aragon2 password generating function.
Based on the users' input for the website - we suggest the hostname including the domain but not the protocol or trailing path. eg -
github.com not including https - and the master passphrase we have a sufficiently random, but easy to remember input to our hash function. We pass the input and salt to Aragon2 a memory-hard password function. The output is a long well-hashed string, which we subset 20 characters from the middle.
The output is a unique 20 digit password that can be regenerated by using the phrase and password host. While this aims to be extremely easy for a human to remember the process of generating a password is computationally expensive (requires passphrase generation, and memory-hard hash function).
While you could create a more secure password (one that's 100+ digits long) it would be extremely hard to remember, but this provides you an easy way to create and access many very secure (probably more secure than your current password) from a cross-platform tool.
pword new # Endnote kindness clover
pword generate # Type a password: # # 👍 thanks. # # Type a label for your password # github.com # # Your password: # raW5kbmVzcyBjbG92ZXI