"The unhackable1 password manager2"
This is a toy. This is not a good way to manage your passwords. Hic sunt dracones.
Securely storing passwords is a challenging endeavor, so instead of that we will just generate them. Using a user provide secret we generate a secure hash that is suitable for use as a password. This process is secure-ish, and deterministic. Under the hood we are building salted and hashed composite keys using your provided configuration and secret to generate a strong unreversible password. With minimal configuration data and a strong master key, the potential for password collisions is astronomical.
$ trashword auth master key: <super secret goes here> e3Cpz2pWeyX8aLjSgEBTGjFSQ0M5xDcQFkHdUMjfWyQOptionally, send it right to your clipboard with the -c or --clipboard flag.
$ trashword auth -c master key: <super secret goes here> copied!It is generally recommended to use a unique password for each website or application you might use. You can generate site-specific passwords using the optional flags.
$ trashword auth --domain example.com master key: <super secret goes here> YbkTSHPrMzRF9tq5XCc1D4Yws+PjWk0WVEXqrb0SNDc$ trashword auth -d some.other.domain.example.com master key: <super secret goes here> RqhiMUZOGOwle6Udd148tmz6xvZX+7sh2xNMUuADdtoSee the output of trashword auth --help for more configuration options.
- Literally none. Please do not use this.
- Trivial password generation.
- Ephemeral environments where passwords will be generated systematically and then discarded.
Can I use this in production?
Yes, but you should not.
Stable?
Literally any minor version, configuration, or argument change will irrevocably modify all of the generated output.
What hashing algorithm are you using?
Argon2id, because I think I saw it on the NIST website and it has first class rust support.
Why did you write this?
To learn rust.
Where should I submit security issues?
This is highly unlikely. As previously noted1 in our documentation, this is unhackable.
Help I am being beaten with a rubber hose!
This is not really a question and left as an exercise for the reader.
- Look into config-rs for toml support
- Configuration format similar to sshd_config that can store default flags by host
- Look into thiserror et all
- Better test coverage over the public api
- Support for a wider range of password inputs, e.g. ENV variables, STDIN
- Output encodings to allow for password generation with specific characteristics like mixed case, special characters, and other common password format requirements
- Develop more idiomatic rust
- Better todo structure
*1 [citation needed]
*2 it's more of a generator
Copyright 2023 Kyle Luzny