Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

Keys of Peace

Never lose your passwords. Keys of Peace will give you free access to your passwords even from public computers and portable devices. Keep your secrets at


Principles of Keys of Peace operation were introduced at the first time here (russian). Here is their overall results.

Basic Concepts

  • Account — a combination of URL, login and password for some site.
  • Password — account's password.
  • Master-password — password which user uses to login to Keys of Peace.
  • Salt — random string for master-password hashing.
  • Master-salt — salt used every time user logins to generate master-hash.


Assume that Alice wants to register at Bob's Keys of Peace server.

  1. Alice invents her master-password, generates master-salt and sends to Bob email, master-salt and master-hash where master_hash = hash(master_password, master_salt)
  2. Bob just saves at DB email, master-salt and master-hash.

Alice should use trusted connection for registration, cause if Mallory knows master-hash, he can login any time he want, but he can't read Alice's accounts.

Getting Accounts

Alice have arrived to Bahamas for vacation and she wants to login at her photosharing service to publish some photos. She uses Keys of Peace to keep passwords. What will she do to get her accounts?

  1. Alice sends her email to Bob.
  2. Bob generates one-time salt and saves it at Alice's session, gets Alice's master-salt from DB and sends to Alice master-salt and one-time salt.
  3. Alice sends to Bob master-salt and one-time salt (to prove completion of steps 1 and 2), email and hash(master_hash, one_time_salt) where master-hash was gotten this way (because Alice doesn't remembers it): master_hash = hash(master_password, master_salt).
  4. Bob checks master-salt and one-time salt given by Alice and generates hash(master_hash, one_time_salt) to check does Alice have master-password. If login was failed, Bob responds with 401 (Unauthorized) status code, otherwise he marks Alice's session ID as authenticated and sends her ciphered accounts and accounts' salt.
  5. Alice decodes accounts' JSON: accounts = decipher(ciphered_accounts, hash(master_password, accounts_salt)).

If Mallory has sniffed Alice's master-hash while registration, he can login and get ciphered accounts, but he can't decipher the accounts, because he still doesn't know master-password.

If Mallory listens Alice during authentication, he can't login by themselves, because Bob'll use another one-time salt next time.

Saving Accounts

Assume that after login at Keys of Peace Alice has registered at some rental service and wants to save her automatically generated 20-letters password at Keys of Peace.

  1. Alice generates new accounts' salt and sends to Bob accounts' salt and cipher(accounts, hash(master_password, accounts_salt)).



We are using PBKDF2 (1000 times SHA-256) for hashing and AES-256 for ciphering.


Keys of Peace was written on Python 2.7 and Django 1.6, uses Tastypie to provide API and Compass for stylesheets compilation.

All requirements except Compass and Django will be installed automatically.

To install Compass follow instructions here.


If Django and Compass are installed, this will download, compile CSS and install the rest of requirements in your environment:

$ pip install -e git+git://

This installs Keys of Peace in “editable mode” — at current directory.

Building CSS

Execute this to compile SASS files:

$ python build_css

Running The Site

To run Keys of Peace after described installation, execute:

$ cd src/keys_of_peace
$ python runserver

After that you may go to and observe the site running on your machine.


To launch Keys of Peace tests, execute:

$ cd src/keys_of_peace
$ python test keys_of_peace.tests


Open website to keep your passwords safely






No releases published


No packages published