yampa
Yet another master password app (CLI) backed by a JSON file.
Install
Download binaries from: https://github.com/dashed/yampa/releases
From source
- Install nightly rust. (e.g. set via https://www.rustup.rs/)
git clone git@github.com:dashed/yampa.git
cargo build --release
cp target/release/yampa /usr/local/bin
(or similar)
Usage
yampa v0.2.1 (semver.org 2.0)
Alberto Leal <mailforalberto@gmail.com> (github.com/dashed/yampa)
Yet another master password app
USAGE:
yampa [FLAGS] [OPTIONS] [needle]
FLAGS:
-c, --classic Classic master password app mode.
-h, --help Prints help information
-V, --version Prints version information
OPTIONS:
-f, --file <file> Input JSON file
ARGS:
<needle>
Filter password generation to given search `needle`. Will match against `location` and `login`.
JSON File
Create JSON
file. (e.g. logins.json
).
NOTE: If no file is specified via -f
flag, then yampa
will search for yampa.json
in the current directory.
Example:
{
"name": "Ashley Madison",
"master_password_signature": 837343,
"list": [
{
"location": "NORAD",
"login": "root",
"counter": 1,
"template": ["anoxxxxxxxxxxxxxxxxx", "anoooooxxxxxxxxxxxxxxxxxaa"],
"notes": "some random notes"
},
{
"location": "twitter.com",
"login": "@me",
"counter": 1,
"template": "LONG"
},
{
"location": "dropbox.com",
"login": "Bob",
"counter": 1,
"template": "nnnnnnnnxxxx"
}
]
}
Generate all passwords
NOTE: Password used in this example is: hunter2
$ ymapa -f logins.json
Name: Ashley Madison
Master
password
signature: 837343
Is valid: VALID
Location: NORAD
Login: root
Counter: 1
Template: anoooooxxxxxxxxxxxxxxxxxaa
Password: X0:%+&%Oedon1)R!MRlf@)H&Iq
Location: twitter.com
Login: @me
Counter: 1
Template: CvcvCvccCvccno
Password: XubeYejrKizj4/
Location: dropbox.com
Login: Bob
Counter: 1
Template: nnnnnnnnxxxx
Password: 23197473gR0j
Search by location or login
NOTE: Password used in this example is: hunter2
$ ymapa -f logins.json twitter
Name: Ashley Madison
Master
password
signature: 837343
Is valid: VALID
Location: twitter.com
Login: @me
Counter: 1
Template: CvcvCvccCvccno
Password: XubeYejrKizj4/
Classic mode
NOTE: Password used in this example is: hunter2
By default yampa
uses a slightly different underlying algorithm for generating passwords (tl;dr argon2i is used instead of scrypt), and thus the generated passwords will not be same as those generated by other password managers utilizing the master password algorithm.
To use the classic 'master password algorithm' behaviour, invoke yampa
with -c
flag:
$ yampa -c -f logins.json
Name: Ashley Madison
Master
password
signature: 837343
Is valid: VALID
Location: NORAD
Login: root
Counter: 1
Template: anoxxxxxxxxxxxxxxxxx
Password: A2%5gKZX8uK%Gtto%eNF
Location: twitter.com
Login: @me
Counter: 1
Template: CvcvCvcvnoCvcc
Password: DacuPeja9:Bavz
Location: dropbox.com
Login: Bob
Counter: 1
Template: nnnnnnnnxxxx
Password: 69811797OrdG
Custom password templates
NOTE: The template scheme is exactly as described in http://masterpasswordapp.com/algorithm.html
Templates may be either:
- a template string or,
- an array of template strings.
A template string consist of template character groups which are substituted withany of the characters in their respective character group:
-
V (uppercase) := AEIOU
-
C (uppercase) := BCDFGHJKLMNPQRSTVWXYZ
-
v (lowercase) := aeiou
-
c (lowercase) := bcdfghjklmnpqrstvwxyz
-
A (uppercase) := AEIOUBCDFGHJKLMNPQRSTVWXYZ
-
a (lowercase) := AEIOUaeiouBCDFGHJKLMNPQRSTVWXYZbcdfghjklmnpqrstvwxyz
-
n := 0123456789
-
o := @&%?,=[]_:-+*$#!'^~;()/.
-
x | X := AEIOUaeiouBCDFGHJKLMNPQRSTVWXYZbcdfghjklmnpqrstvwxyz0123456789!@#$%^&*()
A template string may one of the preset strings which are aliased as:
"MAXIMUM" or "MAX":
anoxxxxxxxxxxxxxxxxx
axxxxxxxxxxxxxxxxxno
"LONG":
CvcvnoCvcvCvcv
CvcvCvcvnoCvcv
CvcvCvcvCvcvno
CvccnoCvcvCvcv
CvccCvcvnoCvcv
CvccCvcvCvcvno
CvcvnoCvccCvcv
CvcvCvccnoCvcv
CvcvCvccCvcvno
CvcvnoCvcvCvcc
CvcvCvcvnoCvcc
CvcvCvcvCvccno
CvccnoCvccCvcv
CvccCvccnoCvcv
CvccCvccCvcvno
CvcvnoCvccCvcc
CvcvCvccnoCvcc
CvcvCvccCvccno
CvccnoCvcvCvcc
CvccCvcvnoCvcc
CvccCvcvCvccno
"MED" or "MEDIUM":
CvcnoCvc
CvcCvcno
"SHORT":
Cvcn
"BASIC":
aaanaaan
aannaaan
aaannaaa
"PIN":
nnnn
Master password signature
$ ymapa -f logins.json
Name: Ashley Madison
Master
password
signature: 837343
Is valid: VALID
// ... redacted output
Master password signature is a way to ensure the master password is entered correctly when generating passwords.
The signature is simply a 6-digit number derived from the master password.
When entering the master password the first time, you may copy the generated signature and add it as a value for the key "master_password_signature"
within your JSON file as follows:
{
"name": "Ashley Madison",
"master_password_signature": 837343,
"list": [
// ...
]
}
NOTE: As a precaution, do not use this "signature" as a password for any login.
Tests
Run tests using:
cargo test --release
Resources
FAQ
Why not encrypt the JSON file?
The JSON file shall only contain information that need not be encrypted. If this is not the case, please look for another password manager program instead of yampa
.
Credits
Based on https://github.com/myfreeweb/freepass/tree/master/cli
License
UNLICENSE. (i.e. public domain)