Stateless Password Manager
slpm is a dead simple password manager that will never store anything on disk
nor use any random source as it derives every password from:
- your full name (as salt),
- your passphrase,
- a site name, and
- a site counter.
Therefore your passphrase should be strong enough!
slpm currently uses the original MasterPasswordApp algorithm with
scrypt and HMAC-SHA256 but it will default to Argon2 KDF and
blake2b secure hash in the future.
Usage:
We run slpm using Edgar Allan Poe as full name and footman liquid vacate
rounding compare parsnip traffic uproar freemason duckbill as passphrase:
$ ssh-agent bash --norc
bash-4.3$ ssh-add -l
The agent has no identities.
bash-4.3$ SLPM_FULLNAME='Edgar Allan Poe' ./slpm.comp
slpm v0.4.0-0-g13ae78f
SLPM_FULLNAME='Edgar Allan Poe'
Passphrase:
Key derivation complete.
Site: twitter.com
Counter: 1
Maximum Security Password: t3_T9CriCZ^Y@eclVBFK
Long Password: Rosa1+DiztGaxi
Medium Password: Ros5$Luk
Short Password: Ros5
Basic Password: tWU5uzr7
PIN: 2365
Site: facebook.com
Counter: 1
Maximum Security Password: Ulg#3Cdae!20p4edPV8&
Long Password: Fopn9+MateQixe
Medium Password: FopNuz7=
Short Password: Fop6
Basic Password: UWR6qbP5
PIN: 8396
Site: ssh mysite.com
Counter: 1
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPC5/uQ+oWoHbHS2NM/y5LXJUp9vMKK6+TJt9x2h3SWW eapoe@slpm+mysite.com
Site: ^Z
[1]+ Stopped SLPM_FULLNAME='Edgar Allan Poe' ./slpm.comp
bash-4.3$ ssh-add -l
256 0f:4c:2d:a0:b0:8e:b0:e0:2c:64:0e:63:ce:72:14:1f slpm+mysite.com (ED25519)
bash-4.3$ fg
SLPM_FULLNAME='Edgar Allan Poe' ./slpm.comp
^D
Bye!
bash-4.3$ ssh-add -l
The agent has no identities.
bash-4.3$ exit
exit
$