PwdManage password management tool

The loss of trust is the beginning of the last day

As more and more network service providers (mainly websites) were exposed to data leaks, I began to worry a little. Because the account password of each website is almost the same, once a website is leaked, then gg. So, taking advantage of the weekend, I developed a small tool for managing passwords.
There are so many tools (plugins) on the Internet that I don’t want to compare. Because others write well, I can’t trust them completely, so I can only write them by myself. (Do you trust between people?)

*This tool is only for you to play. If you use this tool, the information will be leaked.

Design ideas

First of all, as a password management tool, there are three basic functions, password generation, password storage, and password query.

Password Generation

Originally wanted to rely on the AES algorithm, but in the actual writing process a bit of a situation, so use base64 (in special processing).
Of course, it is not possible to use a simple base64 to encrypt plaintext passwords. After many complicated conversions, the generated passwords have certain randomness and are difficult to find.

Password Storage

Originally I wanted to create a database to store passwords, but later found that it was not easy enough, so I used the simplest file storage and used the git library to synchronize files to the remote git repository.

Password Enquiry

This is a good implementation, reading the ciphertext content from the file, decrypting it by algorithm, and then outputting it.

Project Introduction

  • config_init stores the configuration file, enters the program password, git repository address
  • pwdmanagedb/pwd.db stores cipher text passwords
  • project code

Note: The contents stored in the file have been specially encrypted. Generally, there is no way to decrypt the contents without Pwd.db is stored in the git project. Every time you run the program, it will pull the latest content to the remote repository. Each time a new user is added locally, it will be immediately pushed to the remote repository.


Update startup password

python --upwd 123456

Change the current password to 123456 and you need to enter the old password.

Update git library address

python --gitaddress "./pwdmanagedb"

Modify the local git project file path to ./pwdmanagedb and enter the password.

Turn on git remote sync

python --gitswitch True

The default is off, ie the password file is stored locally and will not be synced to the remote git repository.

Generating a new password

Enter the website url of the registered account and the username to generate a password. The password is divided into plaintext and ciphertext, and the ciphertext will be stored in the pwd.db file and synchronized to the specified git repository.

Query password

Enter the url (support fuzzy query), you can query the username and password registered under the url.

List all passwords under the account

python --l

List the account passwords for all websites.

Delete password

[-pwdmanage-]>> nmask --delete

Delete the nmask account of Baidu URL.

Manually setting a password

[-pwdmanage-]>> nmask 123456 --set

Set the password of the user name of the Baidu URL to nmask to 123456.

File storage content

Both are specially processed base64 ciphertext.


In fact, the key point of this project is whether the ciphertext generated by the password may be decrypted. I want to say that the possibility is still there. For example, if I get the project program, it happens to crack the program open password written in config.init and use the program. The built-in function to decrypt. In actual use, the py program will be packaged into an executable program to avoid the source code leaking and causing the encryption algorithm to flow out. Of course, the source code can still be obtained by decompilation. So in order to avoid this event as much as possible, my approach is to separate the pwd.db file from After exiting the program, delete the pwd.db file. Since this file exists in the remote repository, don’t worry. Will be lost. When someone with ulterior motives gets the program, they must also know the remote project address password before downloading pwd.db and cracking the password.
Finally, add a sentence, even if the above steps have been broken, it does not matter, anyway, the bank card password is in the brain, right, there is caoliu password.

Supplementary explanation

The tool is currently only for self-playing. The main reason is that the function is not perfect, it is easy to leak the password, and it is not easy to release it. I will study it.

本文标题:PwdManage password management tool


发布时间:2017年04月24日 - 16:04

最后更新:2019年07月11日 - 16:07


许可协议: 署名-非商业性使用-禁止演绎 4.0 国际 转载请保留原文链接及作者。

nmask wechat