Password Pocket

An extremely safe password keeper website .

⚠️ This document is not a description of the website itself and how to use it, instead it only walks you throw the underlying techonology and idea used behind building its security.

why is it extremely safe ?

All sensitive user data is either hashed or encrypted in client side, hence all the data in the database becomes junk data if you happen to have access to it. This means developers / system admins can't ever know the passwords you store in the website. Even if someone somehow stole your authentication token they won't be able to decrypt the encrypted passwords because the encryption key is never sent to the server side. the cool thing is that the whole method is 100% testable directly from your browser.

How it works

The diagram below shows how the sensitive user passwords are processed in both client/server sides before they are stored in the database ( click on the diagram to see it in full size ) :

Difference between UserPassword & NewPassword :

UserPassword : is the password used to for authentication .
NewPassword : is the password that the user want to save to retrieve later .

Hashing Algorithms :

privateHash & publicHash are totally different algorithms you can find them in /resources/assets/helpers/index.js

Encrytion Algorithms :

Encryption/Decryption done by the use of CryptoJS encryptoin library .

Images

Home :

Dashboard :

Adding NewPassword :

Test The Security :

Since the whole website is a one page web app , you can easily check outgoing/ingoing data from the dev tools , to ensure the data you send is being hashed/encrypted :

inspecting createPassword request :

also note that the app shows in the console every request data and how this data is encrypted and by which key .

Dig deeper :

If you have some experince in React/Redux feel free to check the redux action creator in /resources/assets/actions/index.js . Here is all the requests to the server has been established and all passwords are being hashed and encrypted , it is fairly simple and easy to follow the code .

Technologies Used :

PHP 7.2
MySQL
Laravel 5.6
JWT Authentication : laravel-jwt-auth 1.0
React.js 16.4
Redux 4.0
React Router 4.3
SimpleCryptoJS 2.0
Material-UI 1.5

Installation

Clone Repository :

git clone https://github.com/WadhahEssam/password-pocket.git

Install composer dependencies

composer install

Install node dependencies

npm install

Create database and put your database configration in the .env file

DB_DATABASE=password-pocket
DB_USERNAME=root
DB_PASSWORD=

Migrate your database tables .

php artisan migrate

Generate JWT secrete key .

php artisan jwt:secret

Run php server .

php artisan serve

Compile javascript files .

npm run watch

Name		Name	Last commit message	Last commit date
Latest commit History 79 Commits
app		app
bootstrap		bootstrap
config		config
database		database
exampleImages		exampleImages
img		img
public		public
resources		resources
routes		routes
storage		storage
tests		tests
.editorconfig		.editorconfig
.env.example		.env.example
.gitattributes		.gitattributes
.gitignore		.gitignore
README.md		README.md
artisan		artisan
composer.json		composer.json
composer.lock		composer.lock
npm		npm
package-lock.json		package-lock.json
package.json		package.json
phpunit.xml		phpunit.xml
server.php		server.php
webpack.mix.js		webpack.mix.js

WadhahEssam/password-pocket

Folders and files

Latest commit

History

Repository files navigation