PwdManage password management tool

The loss of trust is the beginning of the last day

As more and more network service providers (mainly websites) were exposed to data leaks, I began to worry a little. Because the account password of each website is almost the same, once a website is leaked, then gg. So, taking advantage of the weekend, I developed a small tool for managing passwords.
There are so many tools (plugins) on the Internet that I don’t want to compare. Because others write well, I can’t trust them completely, so I can only write them by myself. (Do you trust between people?)

*This tool is only for you to play. If you use this tool, the information will be leaked.

Design ideas

First of all, as a password management tool, there are three basic functions, password generation, password storage, and password query.

Password Generation

Originally wanted to rely on the AES algorithm, but in the actual writing process a bit of a situation, so use base64 (in special processing).
Of course, it is not possible to use a simple base64 to encrypt plaintext passwords. After many complicated conversions, the generated passwords have certain randomness and are difficult to find.

Password Storage

Originally I wanted to create a database to store passwords, but later found that it was not easy enough, so I used the simplest file storage and used the git library to synchronize files to the remote git repository.

Password Enquiry

This is a good implementation, reading the ciphertext content from the file, decrypting it by algorithm, and then outputting it.

Project Introduction

  • config_init stores the configuration file, enters the program password, git repository address
  • pwdmanagedb/pwd.db stores cipher text passwords
  • pwdmanage.py project code

Note: The contents stored in the file have been specially encrypted. Generally, there is no way to decrypt the contents without pwdmanage.py. Pwd.db is stored in the git project. Every time you run the program, it will pull the latest content to the remote repository. Each time a new user is added locally, it will be immediately pushed to the remote repository.

Usage

Update startup password

1
python pwdmanage.py --upwd 123456


Change the current password to 123456 and you need to enter the old password.

Update git library address

1
python pwdmanage.py --gitaddress "./pwdmanagedb"


Modify the local git project file path to ./pwdmanagedb and enter the password.

Turn on git remote sync

1
python pwdmanage.py --gitswitch True

The default is off, ie the password file is stored locally and will not be synced to the remote git repository.

Generating a new password


Enter the website url of the registered account and the username to generate a password. The password is divided into plaintext and ciphertext, and the ciphertext will be stored in the pwd.db file and synchronized to the specified git repository.

Query password


Enter the url (support fuzzy query), you can query the username and password registered under the url.

List all passwords under the account

1
python pwdmanage.py --l

List the account passwords for all websites.

Delete password

1
[-pwdmanage-]>> www.baidu.com nmask --delete

Delete the nmask account of Baidu URL.

Manually setting a password

1
[-pwdmanage-]>> www.baidu.com nmask 123456 --set

Set the password of the user name of the Baidu URL to nmask to 123456.

File storage content


Both are specially processed base64 ciphertext.

Postscript

In fact, the key point of this project is whether the ciphertext generated by the password may be decrypted. I want to say that the possibility is still there. For example, if I get the project program, it happens to crack the program open password written in config.init and use the program. The built-in function to decrypt. In actual use, the py program will be packaged into an executable program to avoid the source code leaking and causing the encryption algorithm to flow out. Of course, the source code can still be obtained by decompilation. So in order to avoid this event as much as possible, my approach is to separate the pwd.db file from pwdmanage.py. After exiting the program, delete the pwd.db file. Since this file exists in the remote repository, don’t worry. Will be lost. When someone with ulterior motives gets the pwdmanage.py program, they must also know the remote project address password before downloading pwd.db and cracking the password.
Finally, add a sentence, even if the above steps have been broken, it does not matter, anyway, the bank card password is in the brain, right, there is caoliu password.

Supplementary explanation

The tool is currently only for self-playing. The main reason is that the function is not perfect, it is easy to leak the password, and it is not easy to release it. I will study it.

本文标题:PwdManage password management tool

文章作者:nmask

发布时间:2017年04月24日 - 16:04

最后更新:2019年08月16日 - 15:08

原始链接:https://thief.one/2017/04/24/01/en/

许可协议: 署名-非商业性使用-禁止演绎 4.0 国际 转载请保留原文链接及作者。

nmask wechat
欢迎您扫一扫上面的微信公众号,订阅我的博客!
坚持原创技术分享,您的支持将鼓励我继续创作!

热门文章推荐: