yampa

Yet another master password app (CLI) backed by a JSON file.

Install

Download binaries from: https://github.com/dashed/yampa/releases

From source

• Install nightly rust. (e.g. set via https://www.rustup.rs/)
• git clone git@github.com:dashed/yampa.git
• cargo build --release
• cp target/release/yampa /usr/local/bin (or similar)

Usage

yampa v0.2.1 (semver.org 2.0)
Alberto Leal <mailforalberto@gmail.com> (github.com/dashed/yampa)
Yet another master password app

USAGE:
    yampa [FLAGS] [OPTIONS] [needle]

FLAGS:
    -c, --classic    Classic master password app mode.
    -h, --help       Prints help information
    -V, --version    Prints version information

OPTIONS:
    -f, --file <file>    Input JSON file

ARGS:
    <needle>
            Filter password generation to given search `needle`. Will match against `location` and `login`.

JSON File

Create JSON file. (e.g. logins.json).

NOTE: If no file is specified via -f flag, then yampa will search for yampa.json in the current directory.

Example:

{
    "name": "Ashley Madison",
    "master_password_signature": 837343,
    "list": [
        {
            "location": "NORAD",
            "login": "root",
            "counter": 1,
            "template": ["anoxxxxxxxxxxxxxxxxx", "anoooooxxxxxxxxxxxxxxxxxaa"],
            "notes": "some random notes"
        },
        {
            "location": "twitter.com",
            "login": "@me",
            "counter": 1,
            "template": "LONG"
        },
        {
            "location": "dropbox.com",
            "login": "Bob",
            "counter": 1,
            "template": "nnnnnnnnxxxx"
        }
    ]
}

Generate all passwords

NOTE: Password used in this example is: hunter2

$ ymapa -f logins.json

      Name: Ashley Madison

    Master
  password
 signature: 837343

  Is valid: VALID

  Location: NORAD
     Login: root
   Counter: 1
  Template: anoooooxxxxxxxxxxxxxxxxxaa
  Password: X0:%+&%Oedon1)R!MRlf@)H&Iq

  Location: twitter.com
     Login: @me
   Counter: 1
  Template: CvcvCvccCvccno
  Password: XubeYejrKizj4/

  Location: dropbox.com
     Login: Bob
   Counter: 1
  Template: nnnnnnnnxxxx
  Password: 23197473gR0j

Search by location or login

NOTE: Password used in this example is: hunter2

$ ymapa -f logins.json twitter

      Name: Ashley Madison

    Master
  password
 signature: 837343

  Is valid: VALID

  Location: twitter.com
     Login: @me
   Counter: 1
  Template: CvcvCvccCvccno
  Password: XubeYejrKizj4/

Classic mode

NOTE: Password used in this example is: hunter2

By default yampa uses a slightly different underlying algorithm for generating passwords (tl;dr argon2i is used instead of scrypt), and thus the generated passwords will not be same as those generated by other password managers utilizing the master password algorithm.

To use the classic 'master password algorithm' behaviour, invoke yampa with -c flag:

$ yampa -c -f logins.json

      Name: Ashley Madison

    Master
  password
 signature: 837343

  Is valid: VALID

  Location: NORAD
     Login: root
   Counter: 1
  Template: anoxxxxxxxxxxxxxxxxx
  Password: A2%5gKZX8uK%Gtto%eNF

  Location: twitter.com
     Login: @me
   Counter: 1
  Template: CvcvCvcvnoCvcc
  Password: DacuPeja9:Bavz

  Location: dropbox.com
     Login: Bob
   Counter: 1
  Template: nnnnnnnnxxxx
  Password: 69811797OrdG

Custom password templates

NOTE: The template scheme is exactly as described in http://masterpasswordapp.com/algorithm.html

Templates may be either:

• a template string or,
• an array of template strings.

A template string consist of template character groups which are substituted withany of the characters in their respective character group:

• V (uppercase) := AEIOU

• C (uppercase) := BCDFGHJKLMNPQRSTVWXYZ

• v (lowercase) := aeiou

• c (lowercase) := bcdfghjklmnpqrstvwxyz

• A (uppercase) := AEIOUBCDFGHJKLMNPQRSTVWXYZ

• a (lowercase) := AEIOUaeiouBCDFGHJKLMNPQRSTVWXYZbcdfghjklmnpqrstvwxyz

• n := 0123456789

• o := @&%?,=[]_:-+*$#!'^~;()/.

• x | X := AEIOUaeiouBCDFGHJKLMNPQRSTVWXYZbcdfghjklmnpqrstvwxyz0123456789!@#$%^&*()

A template string may one of the preset strings which are aliased as:

"MAXIMUM" or "MAX":

• anoxxxxxxxxxxxxxxxxx
• axxxxxxxxxxxxxxxxxno

"LONG":

• CvcvnoCvcvCvcv
• CvcvCvcvnoCvcv
• CvcvCvcvCvcvno
• CvccnoCvcvCvcv
• CvccCvcvnoCvcv
• CvccCvcvCvcvno
• CvcvnoCvccCvcv
• CvcvCvccnoCvcv
• CvcvCvccCvcvno
• CvcvnoCvcvCvcc
• CvcvCvcvnoCvcc
• CvcvCvcvCvccno
• CvccnoCvccCvcv
• CvccCvccnoCvcv
• CvccCvccCvcvno
• CvcvnoCvccCvcc
• CvcvCvccnoCvcc
• CvcvCvccCvccno
• CvccnoCvcvCvcc
• CvccCvcvnoCvcc
• CvccCvcvCvccno

"MED" or "MEDIUM":

• CvcnoCvc
• CvcCvcno

"SHORT":

• Cvcn

"BASIC":

• aaanaaan
• aannaaan
• aaannaaa

"PIN":

• nnnn

Master password signature

$ ymapa -f logins.json

      Name: Ashley Madison

    Master
  password
 signature: 837343

  Is valid: VALID

// ... redacted output

Master password signature is a way to ensure the master password is entered correctly when generating passwords.

The signature is simply a 6-digit number derived from the master password.

When entering the master password the first time, you may copy the generated signature and add it as a value for the key "master_password_signature" within your JSON file as follows:

{
    "name": "Ashley Madison",
    "master_password_signature": 837343,
    "list": [
        // ...
    ]
}

NOTE: As a precaution, do not use this "signature" as a password for any login.

Tests

Run tests using:

cargo test --release

Resources

• http://masterpasswordapp.com/
• http://masterpasswordapp.com/algorithm.html

FAQ

Why not encrypt the JSON file?

The JSON file shall only contain information that need not be encrypted. If this is not the case, please look for another password manager program instead of yampa.

Credits

Based on https://github.com/myfreeweb/freepass/tree/master/cli

License

UNLICENSE. (i.e. public domain)