WARNING!!! DO NOT USE! NOT COMPLETE OR TESTED!
Please check back soon for the first usable version (i.e. v0.0.1).
Application specific passwords derived from your secret master password using PBKDF2 from OpenSSL already installed on your computer.
Installation
Dpass currently requires Ruby 1.9.x but should soon work on Ruby 1.8.x.
Install the gem:
$ gem install dpass --pre
You need a personal dpass salt file in your home directory (~/.dpass). The SAME salt file must be installed in the home directory on each machine you want to run dpass or else you will get different derived passwords. So if you already have one you use, copy any perviously created salt file to your home directory.
If this is the first time you are using dpass, go ahead and create a new personal salt file:
$ dpass -new_salt
Usage
$ dpass <application_1>[...<application_N>]
For example to generate a password for Gmail and Yahoo
$ dpass gmail yahoo
You will be asked for your master password then a password will be generated for each application specified.
Background
The theft of passwords from internet sites seems to be an increasingly common occurance. Combined with the common practice of using either the same or related passwords across this is a serious security risk.
Clearly you should have a independent and strong password for every site you visit. I recently took Dan Boneh's excellent Cryptography class on Coursera and learned that this well known problem, known as "password based key derivation", has standard solutions.
Inspired by a broken idea on Hacker News and ignoring warnings to never even think about building your own crypto I made dpass.
Other Password Managers
References
- Dan Boneh - Key Derivation Lecture - http://www.youtube.com/watch?v=ZorKf6IaP0Q
- PKCS #5 RFC - http://tools.ietf.org/html/rfc2898
- PBKDF2 Test Vectors RFC - http://tools.ietf.org/html/rfc6070
- OpenSSL Gem PKCS5 - http://www.ruby-doc.org/stdlib-2.0/libdoc/openssl/rdoc/OpenSSL/PKCS5.html
Contributing
- Fork it
- Create your feature branch (
git checkout -b my-new-feature
) - Commit your changes (
git commit -am 'Added some feature'
) - Push to the branch (
git push origin my-new-feature
) - Create new Pull Request