The loss of trust is the beginning of the last day
As more and more network service providers (mainly websites) were exposed to data leaks, I began to worry a little. Because the account password of each website is almost the same, once a website is leaked, then gg. So, taking advantage of the weekend, I developed a small tool for managing passwords.
There are so many tools (plugins) on the Internet that I don’t want to compare. Because others write well, I can’t trust them completely, so I can only write them by myself. (Do you trust between people?)
*This tool is only for you to play. If you use this tool, the information will be leaked.
First of all, as a password management tool, there are three basic functions, password generation, password storage, and password query.
Originally wanted to rely on the AES algorithm, but in the actual writing process a bit of a situation, so use base64 (in special processing).
Of course, it is not possible to use a simple base64 to encrypt plaintext passwords. After many complicated conversions, the generated passwords have certain randomness and are difficult to find.
Originally I wanted to create a database to store passwords, but later found that it was not easy enough, so I used the simplest file storage and used the git library to synchronize files to the remote git repository.
This is a good implementation, reading the ciphertext content from the file, decrypting it by algorithm, and then outputting it.
- config_init stores the configuration file, enters the program password, git repository address
- pwdmanagedb/pwd.db stores cipher text passwords
- pwdmanage.py project code
Note: The contents stored in the file have been specially encrypted. Generally, there is no way to decrypt the contents without pwdmanage.py. Pwd.db is stored in the git project. Every time you run the program, it will pull the latest content to the remote repository. Each time a new user is added locally, it will be immediately pushed to the remote repository.
Change the current password to 123456 and you need to enter the old password.
Modify the local git project file path to ./pwdmanagedb and enter the password.
The default is off, ie the password file is stored locally and will not be synced to the remote git repository.
Enter the website url of the registered account and the username to generate a password. The password is divided into plaintext and ciphertext, and the ciphertext will be stored in the pwd.db file and synchronized to the specified git repository.
Enter the url (support fuzzy query), you can query the username and password registered under the url.
List the account passwords for all websites.
Delete the nmask account of Baidu URL.
Set the password of the user name of the Baidu URL to nmask to 123456.
Both are specially processed base64 ciphertext.
In fact, the key point of this project is whether the ciphertext generated by the password may be decrypted. I want to say that the possibility is still there. For example, if I get the project program, it happens to crack the program open password written in config.init and use the program. The built-in function to decrypt. In actual use, the py program will be packaged into an executable program to avoid the source code leaking and causing the encryption algorithm to flow out. Of course, the source code can still be obtained by decompilation. So in order to avoid this event as much as possible, my approach is to separate the pwd.db file from pwdmanage.py. After exiting the program, delete the pwd.db file. Since this file exists in the remote repository, don’t worry. Will be lost. When someone with ulterior motives gets the pwdmanage.py program, they must also know the remote project address password before downloading pwd.db and cracking the password.
Finally, add a sentence, even if the above steps have been broken, it does not matter, anyway, the bank card password is in the brain, right, there is caoliu password.
The tool is currently only for self-playing. The main reason is that the function is not perfect, it is easy to leak the password, and it is not easy to release it. I will study it.