Basic local password manager

greenjeans · Yesterday 12:01:39

Hey guys, so i've been working on a new project, a dirt-simple no-frills
local password manager, had the idea a while back after making a note-taking
app as it seemed like I could re-use about 90% of the code, just needed to
add encryption. As it turned out I only used about 40-50% of it, lol, but
that's okay because it still saved me a lot of time and the skeleton for it
was very simple and robust. Been pounding on it hard for the last 3 days and
I think i'm at an alpha-testing stage now.

Nothing fancy, so basic it hurts, no autofill or anything like that, basically
just a sort of text-editor with encryption. You have to manually enter all your
info, to use it you'll need to copy/paste info into whatever browser you're using.
Only depends are GTK and libsodium, and it's tiny, one binary that's just
under 45 kb. It stores everything in an encrypted text file so no need for
sqlite and such.

If anyone is interested in giving it a try, let me know and i'll post the
source code and compile instructions, or if you don't feel like compiling
i'll probably post it up on my Sourceforge, maybe if i'm not too lazy today
i'll actually package it even.

Please be sure to always backup first, everybody should really have a hard
copy pen+paper backup of sensitive files like passwords. When testing just
start with dummy entries, there could be bugs but I can't find any more
right now, it's such a tiny script there's not much to go wrong.

Sector11 · Yesterday 12:31:50

OH I do like the looks of that.

IF I forget the "master password" would uninstall, re-install start it fresh or does a file hide someplace on the system?

Can passwords be changed/edited?

greenjeans · Yesterday 12:55:15

Hi! So if you forget the master password to unlock the vault, you're hosed, there's no retrieving that data. This is by design, it's a simple app but hardcore. That's why you should definitely have it written down somewhere. The master password once set, cannot be changed unless you delete the vault and start over with a new first run, but the old vault cannot be retrieved so you would need to start fresh and enter all your data. Your master password is not stored anywhere on your machine. There is also no multiple attempts while the app is open to submit a password, if you enter the wrong one you get an error message that you have to click to close, and then the app closes, and you'll need to re-open it to try again, VERY good reason for this. Like I said, it's pretty hardcore.

All the entries you make are 100% editable, site name, passwords, and content.

Sector11 · Yesterday 23:21:52

That I think answers my question.
I forgot the master password ....
Delete the program and start over.

but the old vault cannot be retrieved so you would need to start fresh and enter all your data

is the "old vault" deleted when the program is deleted OR over written when the program is re-installed and I start recreating my data from my $1.99 paper notepad.

EDIT: I like everything I'm reading about this.

greenjeans · Today 19:17:48

Cool! So let me go into a little detail to answer your questions:

When the app first starts it first checks for the existence of the vault and it's directory, and if not present it creates the directory and a generic vault with no entries in the users home and throws up the first-run dialog shown in the pic where you create your master password. Path for the new vault: ~/.local/share/VuuPass/vuupass.vault

But if the app finds that file on first check, it throws up the login dialog, and if the password you entered is correct (based upon it trying the password you provided, using the apps specified encrypt/decrypt method) then it opens the app's gui for you to use.

So if you delete the vault file (~/.local/share/VuuPass/vuupass.vault), then open the app, your data will be gone and VuuPass runs the first-run dialog for you to create a new vault.

If you remove VuuPass the app (which will be just the one script and a .desktop), but don't delete the vault file, the info will still be in there, but it can only be un-encrypted using the specific password for it AND the specific logic it was created with, which is unique to this app as it is all such apps. So if you then subsequently re-installed the same VuuPass you used to previously create the file and have left the .vault file intact, then the app will see it and give you the login-dialog instead, and if correct open it right up.

Libsodium is amazing, it's crazy complex yet very dev-friendly, they tell you right on their quickstart/FAQ page exactly how to set up a single-file local encryption, you just have to figure out the exact methods for your application as there are a lot to choose from.

Even groovier: If you compile yourself I can tell you how to change one little thing before you compile that will make your version of VuuPass's encryption unique to you for even more hardcore security. I can also tell you how to make it even more painful for crack-apps but it does affect useability on low-spec machines, if you have a new machine with a lot of ram though you can create a real beast.
That being said it's overkill for a local user, this app as written is overkill, lol, but what can I say, I wanted to make a pit-bull.

Last edited by greenjeans (Today 19:29:09)

greenjeans · Today 22:34:06

Oh man, the things you find buried in docs that they should have led with. Just figured one tiny thing that was wrong (but it all worked anyway), and in fixing it discovered a way to really increase the hardness. Dang it was actually pretty self-evident, should have been on that one from the get-go.

#1 Yesterday 12:01:39

Basic local password manager

#2 Yesterday 12:31:50

Re: Basic local password manager

#3 Yesterday 12:55:15

Re: Basic local password manager

#4 Yesterday 23:21:52

Re: Basic local password manager

#5 Today 19:17:48

Re: Basic local password manager

#6 Today 22:34:06

Re: Basic local password manager

Board footer