Skip to content

sireto/offlinepass

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

318 Commits

.github/workflows

.github/workflows

 
 

.vscode

.vscode

 
 

app

app

 
 

chrome_extension

chrome_extension

 
 

web

web

 
 

.gitignore

.gitignore

 
 

CNAME

CNAME

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

Repository files navigation

OfflinePass

Self Service Password Manager

Generate all your passwords deterministically using your Master Key.

Your Master Key is your one and only backup of all passwords.

Philosophy

  • No central server. No server at all. Fully client side. Works Offline.
  • No data to store or share.
  • No data or passwords to backup. Backup your Master Key only.
  • No hidden agenda or false promise of security. We’re open source. Check the code for yourself.

Source Code

https://github.com/sireto/offlinepass

Master Security Key (MSK)

All you need to store is Master Security Key (MSK). This key is used to generate all the passwords deterministically. So as long as you have your MSK, all of your passwords (past, present and future) can be recovered. It is your responsibility to keep it safe. If you loose it, you'll loose all your passwords.

How Offline Pass works?

Passwords are generated using secure hash functions using the following algorithm

PasswordHash = hmac(MSK,Message,sha256_algorithm)
Password     = No_of_password_changed$PasswordHash
  • The generated passwords are based on MSK ,Message.
  • Message = Host | Identity | Year | No of password changed
  • MSK: Master Security Key
  • Host: Host indicates the URL of the app or website. For eg. facebook.com, twitter.com, gmail.com, github.com, ...
  • Identity: Identity can be your username, email address or phone number you use to login to the app or website.
  • No of password changed : It indicates number of password changes on selected year. By default it is set to 0.
  • Year : Year you changed your password. By default it is set to current year.

Example To generated Twitter password for mail@example.com on 2023: First, convert all details into lowercase and concatinate it to Message.

Message = `twitter.com | mail@example.com | 2023 | 0`

Then, the generated password is:

PasswordHash = hmac(MSK,Message,sha256_algorithm)
             = hmac("H@rdPassw0rd",`twitter.com | mail@example.com | 2023 | 0`,"SHA-256")
             = 87booSaeaKYnhgEq

Password     = No_of_password_changed$PasswordHash 
             = 0$87booSaeaKYnhgEq

base58 encoding is used after using hmac to get shorter length eg. 16 characters.

License

Apache v2 License.

Contributing

If you're interested in contributing, you can do so by creating an issue (bug report, feature requests, questions, ...) or submitting a Pull Request.

About

Self Service Password Manager

offlinepass.com

Topics

security password-generator password-manager password

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

11 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 5

Languages