( Maintenance is over. Big brother Forgiva is the new guy in town. Check it out at http://www.forgiva.com or https://github.com/sceptive/Forgiva )
A password manager for paranoids.
Kyle differs from other password managers, since:
- It doesn't store any passwords so there is nothing to steal/crack for attackers.
- However, you can't store any given password, but must set one generated by Kyle.
Kyle differs from other password generators, since:
-
Generated passwords are not random, but a brute-force method can take thousands of years to crack one:
e.g. on the test vectors Bill Gates' password tooks 12.11 seconds on a MacBook Pro Early 2013 with 2,4 GHZ Intel Core i7. So even for a lazy master-key with 8 chars includes small-case-letters and numbers, there are
36^8+36^7+36^5+36^4+36^3+36^2+36 = 2901713047668
combinations; with 12.11s per combination, it would take 1,114,274 years to try all combinations. -
It doesn't use any specific hash or encryption algorithm, using a mixture of several, chosen using the input info and key.
$ gem install kyle
Just type kyle
on the command line to run, and pick any password depending
on your favourite animal.
$ kyle
Hostname:
abc.com
Account:
superuser
Port:
80
Key:
Ape _,o_iMmO5L!ZRlQH
Bat EZPBcTf6oo-jzWpM
Bear .ZmYlZ4PQpdOfish
Whale wb%EOphi7uqySwRZ
Crow eTXvLc.4FgTdIEJ%
Dog .Q,PBaMeFRO8nG-a
Cat ,lHFEMVXo%SjTlsm
Wasp e0CyUAHvs9-ljGFr
Fox 2%yxWtBZz-cOVW@b
Gull avuR86nGjG6DNkkX
Jackal +zhRwHPWCHknxlZp
Lion xMxPwb0E+5vQ_q4x
Panda qj7GQqJP7EKjU*gG
Rat kvniGIszq758@Sie
Shark 1aF3.iiV,e*OTGpT
Spider *nrvUtila0wnmb22
Turtle wYQerXRYffJJGvxZ
Wolf MD!VTDkikYxZvzM!
Zebra asVw!Q/5!QvqxiRf
You can also specify the hostname, account, port, and animal when typing the command:
$ kyle abc.com superuser 80 jackal
Key:
+zhRwHPWCHknxlZp
Arguments must in this order, but any missing ones will be prompted for.
Adding the -c
flag will prompt for the key twice, so you can be sure you
didn't make a typo.
Adding the -r
flag saves the hostname/account/port combination in ~/.kyle
.
Adding -a
flag lets you choose from one of savedhost/account/port records saved with -r;
$ kyle -b path/to/file.kyle animal
Key:
hostname:account:port (animal) = password
hostname:account:port (animal) = password
Where file.kyle
contains triples of hostname, account, port separated by
semi-colons (;
), one per line. E.g.:
facebook.com;zuckerberg;80
amazon.com;bezos;443
-
Merge version with Isaac Seymour's efforts to unify multiple development lines that includes;
-
Refactored code to have proper Rspec tests, and respect Rubocop conventions
-
Added ability to specify hostname, account, port, and animal as args to the executable
-
- Added -a (Auto) flag
-
Added -b (BATCH) mode which help you generate bulk passwords;
-
Added -r option to add entered values to <USER_HOME>/.kyle file
+--------+ +-------+ +----+ +----------+
|HOSTNAME| |ACCOUNT| |PORT| |MASTER-KEY|
+---+----+ +---+---+ +--+-+ +-----+----+
| | | |
v v v v
+------+ +------+ +------+ +------+
|I.HASH| |I.HASH| |I.HASH| |I.HASH|
+------+ +------+ +------+ +------+
| | | |
v v v v
+------+ +------+ +------+ +------+
|I.HASH| |I.HASH| |I.HASH| |I.HASH|
+------+ +------+ +------+ +------+
+ + + +
| | | |
+-----+++----+ +-----+++----+
| |
v v
+------+ +------+
|I.ENC.| |I.ENC.|
+------+ +------+
+ +
| |
+------------+++-------+
|
v
+------+
|I.ENC.|
+------+ +------------+
+ |ANIMAL NAMES|
| +------------+
ENC | A1..AN |
| +------------+
v
+--(A1..AN)------------------------------+
|RES = PBKDF2_HMAC_SHA1(ENC,RES,10000,32)|
+----------------------------------------+
+
v
+-----------------------------+
|HASH_TO_PASSWORD(SHA512(RES))|
+-----------------------------+
+ + +
| | |
(A1..AN)
| | |
v v v
MULTIPLE PASSES
+-------------+
Iterative Hash |ALGORITHMS |
+-------------+
+-------------+ +--> |SHA512 |
|Text=(t1..tn)| | +-------------+
+------+------+ +--> |SHA384 |
| | +-------------+
| +--> |SHA256 |
v | +-------------+
+--(i=1..n)-----------------------------------------+ +--> |SHA224 |
|HASH=ALGORITHM[(ti % ALGORITHMS.SIZE)](Text | HASH)|+-+ +-------------+
+---------------------------------------------------+ +--> |SHA1 |
+ | +-------------+
| +--> |SHA2 |
| | +-------------+
v +--> |MD5 |
| +-------------+
HASH +--> |MD4 |
| +-------------+
+--> |RIPEMD160 |
+-------------+
+-------------+
Iterative Encryption |ALGORITHMS |
+-------------+
+-------------+ +--> |DES3 |
|TEXT=(t1..tn)| | +-------------+
|KEY=(k1..kn) | +--> |DESX |
+-------------+ | +-------------+
| +--> |DES |
v | +-------------+
+--(i=1..n)----------------------------------------------+ +--> |CAST |
|ENC.=ALGORITHM[(ti % ALGORITHMS.SIZE)]((Text | ENC.),KEY|--------->| +-------------+
+-------------------------------------------+------------+ +--> |BLOWFISH |
+ | ^ | +-------------+
| | | +--> |AES128 |
| | | | +-------------+
| v | +--> |AES192 |
| +--------------+------------+ | +-------------+
| |KEY=PBKDF2("kyle",10000,32)| +--> |AES256 |
| | IV=SHA512(KEY) | | +-------------+
| +---------------------------+ +--> |RC4 |
| +-------------+
v
ENCRYPTED