Skip to content

Privacy Friendly App that deterministically generates passwords from parameters and a master password.

License

Notifications You must be signed in to change notification settings

SecUSo/privacy-friendly-passwordgenerator

Repository files navigation

PFA Twitter Mastodon Translation status

Privacy Friendly Backup Icon

Privacy Friendly Password Generator

Get it on F-Droid

Privacy Friendly Password Generator is an Android application that generates passwords based on previously saved accounts and a master password. The generated passwords can than be copied into the password or PIN field by the user. This app belongs to the Privacy Friendly Apps group developed by the SECUSO research group. Further information can be found on secuso.org/pfa

Users can save the following properties of a password:

  • Account name: e.g. a website or account name
  • Username: the username in case a user has multiple accounts for one service or website
  • Character set: at least one of uppercase, lowercase, special, numbers
  • Password length
  • Password version: used to create different passwords if an update without changing of the master password and account data is intended.

Password Generation

The password generation is based on the combination of two algorithms: the key deviation function PBKDF2 and the hash algorithm BCrypt.

  • The master password serves as a secret for the PBKDF2 algorithm.
  • Password counter, account name, username and installation salt (optional) are concatenated to a string and form the salt of PBKDF2.
  • The result of the PBKDF2 hashing is encoded into a special version of Base64 which is compatible with BCrypt and not longer than 22 characters.
  • The master password serves as a secret for the BCrypt algorithm.
  • Result of the PBKDF2 hashing combined with the string "$2a${bcrypt_cost}$" the beginning forms the salt for BCrypt ({bcrypt_cost} can be configured in the settings and has a default value of 10).
  • The prefix and the salt is cut from the resulting byte-array.
  • The byte-array is used to choose characters out of the character set the user has chosen.

The passwords as well as the master password are never stored in the device. The master password has to be entered by the user and password is always created on the fly.

Motivation

Nowadays users need many different passwords for all kinds of services and also websites. Remembering and generating strong passwords can be a tough task.
Privacy Friendly Password Generator should support users in creating strong passwords without having to trust a program to store them securely and safely for them. The complexity of remembering the passwords is reduced to a single master password.

Building

Further development requires Android Studio, we recommend to use at least version 2.3
If you wish to contribute to this project, have a look at the contribution policy.

API Reference

Mininum SDK: 17
Target SDK: 33

Data Backup

You can use the Privacy Friendly Backup app to backup and restore this application's data. This can also be used to migrate your data to a new phone.

Translation

If you want to help translate this app, you can use Weblate.

License

Privacy Friendly Password Generator is licensed under the GPLv3.
Copyright (C) 2016-2018 Karola Marky
Copyright (C) 2019-2022 Christopher Beckmann

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.

The app uses icons from Google Design Material Icons licensed under Apache License Version 2.0. All other images (the logo of Privacy Friendly Apps, the SECUSO logo) copyright SECUSO (2022).

Contributors

App-Icon:
Markus Hau