A secure repeatable password generator-manager
Ruby
Switch branches/tags
Nothing to show
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
lib
spec
.document
.gitignore
LICENSE
README.rdoc
Rakefile

README.rdoc

Passfish

This is an experimental attempt to create a password manager that's not a manager, but a generator.

  • Removes the single point of failure (e.g. “Master” password) vulnerability

  • Removes the need to store passwords (even in encrypted files)

  • Generates strong passwords that are really strong, not “grandma remembers it”-strong

  • Provides a way for grandma to remember it

  • Provides an easy, yet secure, way to recreate the password

Yeah, I know. It's crazy.

Quick Synopsis

You have a private key on your computer/device, and you remember a single passphrase– such as the name of your least favorite movie:

$ passfish -i "work email" -p "Dirty Dancing" <enter>
7|>:Zr}iB5

Your password is not stored ANYWHERE– not even in an encrypted file. But you can always get it, you can write “name@email.com” on your forehead to remind you what your password is, and no-one else can get it from you unless they they do ALL of the following:

  • Become savvy enough to know what the hell Passfish is (not bloody likely)

  • Know that you call your email account “work email” (you might write this one down, right?)

  • Steal your computer and/or your private key file (this one's possible but unlikely)

  • Remember that you really freakin' hate the movie “Dirty Dancing” (okay, maybe don't use something everyone KNOWS you hate)

Voilá! Easy for you to get rockin' good passwords, easy to re-create, hard as hell for the monkeys to break them.

Passwords your mom can remember

My mother's online banking password was the name of her cat, and it was written down on a piece of paper and taped to the wall above the computer. With a system like Passfish, she could write the identifier down, remember a single passphrase for everything in her head, and yet generate highly secure passwords.

Cryptographic Quality Guarantee

Are you freakin' kidding me? I don't guarantee anything! There's probably some pasty-faced 14-year old savant in Illinois who can figure out some arcane mathematical reason why this strategy is easy to break, and can prove it by re-creating Passfish passwords in his head while playing Warcraft.

Seriously, I'm not a cryptographer, I don't play one on TV. I came up with this whole stinking scheme while drinking beers at the pub!

Use it at your own risk, bitches!

Status

I got nothin'!!

Right now, it's just a smashing good idea, but has not been built. I'm still playing with the Blowfish algorithm.

Current Algorithm (subject to change on a whim at this point)

Here's a quick synopsis of what it does:

Passfish can take the following parameters:

  • identifier: (Mandatory) your “easy to remember, plain-texty password”

  • key: (Mandatory) Your private key, can be encrypted file, paragraph from a book, or a single word.

  • name: Optional identifier associated with the password

  • passphrase: Optional passphrase associated with the password

  • length: Length of the returned password, defaulting at 8 characters

Given these, the program goes through the following byzantine steps:

  • Make sure there's a keyfile, or key given as parameter, and read it into a string

  • If there's a passphrase:

    • Make a SHA hash of the passphrase

    • Take the 4th and the 2nd characters and multipy them

    • “Spin” (i.e. left shift) the key n characters where is the multiple above

  • Combine the identifier and key into a single string

  • Create an SHA2 key of the combined string.

    • It's possible to have an identifier like “test” and a key like “mykey.” This would be a really short string with not a lot of variability. Making a SHA hash of this gives us a string with enough length to work well.

  • Encode the hash as a Base64 string (to increase the variety of characters present (i.e. upper and lower case))

  • Replacement:

    • There is a list of letters and a list of punctuation characters, each 26 characters long.

    • The 0th number present in the base64 string is stored as a “spin index”

    • The 4th number present in the base64 string is stored as another spin index

    • The 2nd number present in the base64 string is stored as another spin index

    • The list of characters are shifted n + m + o times, where n, m, and o are the spin indices (Since there are 26 characters, I wanted to be able to spin through the end of the sequence)

    • Then a dictionary is built with pairs for all letters/punctuation where key = letters and value = punctuation

    • Every other repeated-capitalized letter is now replaced with its corresponding punctuation character (e.g. A..A..A would become A..&..A or something similar depending on the spin of the characters)

  • This “noisy hash,” an 87 character string of upper, lower, numbers and punctuation, is our identifier hash based on the spun key (i.e. key and passphrase) and the identifier

  • If a name is given:

    • Make a SHA hash of the name

    • Take the 4th and 2nd characters and multiply them

    • Spin the noisy hash n characters, where n is the multiple above

  • An index is generated by adding the 4th and 2nd integers found in the key hash

  • The resulting password is a substring of the noisy hash, starting from that index, and continuing for the number characters specified in the length parameter (defaulting to 8)

Wow! Doesn't that sound convoluted? The best thing about it is that it's probably supremely crackable. But as an initial run through, it seems like a decent way to combine multiple, possibly compromised, parameters in such a way that a repeatable, but still sufficiently complex and secure, password can be generated.

Issues and Future

  • Test coverage is seriously lacking. Plus, I've not really thought of a good testing strategy. The problem is that we have to, say, test that a given password is not repeatable with different parameters, but you can't really test for that easily because absences of evidence is not evidence of absence.

  • Apps: The plan is to include the following

    • Shell script that will take parameters, as well as details on how to make your shell's history ignore this command (so someone can't just see what you typed)

    • LaunchBar script that will take parameters and copy the resulting password to the clipboard without showing it

    • Android app (I don't have an iPhone, so will not undertake that)

    • Setup script that will make sure your keyfile is generated (and, if desired, reproduceable so that you can use it on other computers/devices)

  • Review: When the algorithm stabilizes, I'll ask some of my smarter friends to look at it and make sure there's not some glaringly obvious flaw

LICENSE

MIT Style. See LICENSE.txt