Skip to content

A password manager written in Python (2.7) with htmlPy using Password-Based Key Derivation Function 2 (PBKDF2), Advanced Encryption Standard (AES) and Secure Hash Algorithm (SHA-256).

License

Notifications You must be signed in to change notification settings

davikawasaki/password-manager-security-class

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

47 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Password Manager Software for Systems Security College Class

This work covers a password manager project developed with symmetric AES keys and PBE (Password-Based Encryption).

The goal is to enable an user to store her/his services' passwords in a encrypted PBE system, with a manageable and strong secret password. The first intention is to develop with Python language and then with Javascript.

Password Manager Software Developed in htmlPy

TECHNOLOGIES & LIBRARIES USED

  1. Python 2.7

  2. PyCrypto API 2.6

  3. Jinja2

  4. Hashlib

  5. re

  6. htmlPy

  7. jQuery

  8. Materialize

IMPLEMENTATION

Since the project needs to ensure data confidenciality and integrity, there aren't any secret (key or password) storage, because they encrypt/decrypt the data. Another thing necessary is the user's availability to reset her/his password in case of oblivion.

In order to meet with those requirements, the project uses the PBE methodology. The process, as used by John Peñafiel, follows these steps:

1. When the user registers, the system provides a randomly generated recovery code, providing the user the ability to randomly generate a new set (password and a new recovery code) on demand, if she/he forgets her/his password;

2. First is randomly generated an intermediary encryption key, which'll be used to encrypt a data;

3. Then this encryption key is encrypted with a derivation of their password (using a Key Derivation Functions - KDF), which can be now stored in a AES encrypted file;

4. Whenever there's a need to encrypt or decrypt some data, the user enter her/his password and run it through the same KDF;

5. The password then is used to decrypt the encrypted intermediary encryption key, which will be used after decrypted to encrypt or decrypt user data.

6. If the user forgets his password, she/he enters the recovery code passed on registration, which will do the same KDF process, which are represented below the password KDF fluxogram showed in the Figure below:

Using Recovery Codes to Create Recoverable Copies of the Intermediate Key

INSTALLATION

This project works only with Python 2.7. For Python 3.6, a compatibility between htmlPy and PySide2 needs deep investigation. Feel free to raise a PR for that, but I'm not going to support or try to investigate on my own.

Please, try running this project with virtualenv. It'll make your life easier.

Make sure you have qt@5 installed on your machine – Qt GUI will be used for the application user interface.

On MacOS:

brew install qt@5

On Ubuntu, follow this tutorial – for other distros, follow this tutorial.

On Windows, follow this tutorial.

Run the following command on your terminal to install all necessary dependencies from requirements.txt file:

pip install -r requirements.txt

These will install htmlPy, PySide, Jinja2 and pycrypto.

4. After the packages installation, you need to set permissions to python/app/main.py to run:

$ chmod +x main.py

5. Run the PW Manager with python 2.7:

$ ./main.py

REFERENCES

  1. The Hitchhiker's Guide to Python - Cryptography

  2. Password-based Database Encryption

  3. Using Padding in Encryption

FAQ

I'm trying to import PySide / Qt into Python like so and get the follow error:

from PySide import QtCore

ImportError: dlopen(/usr/local/lib/python2.7/site-packages/PySide/QtCore.so, 2): Library not loaded: libpyside-python2.7.1.2.dylib
  Referenced from: /usr/local/lib/python2.7/site-packages/PySide/QtCore.so
  Reason: image not found

Solution: export the following variable to your terminal prior to the application startup (change your python path and version accordingly):

export DYLD_LIBRARY_PATH=/usr/local/lib/python[version]/site-packages/PySide

This will force the executable loader to scan for libraries into the path you supply too, even it's not configured by the linker. More info on this here.

AUTHORS

This work was developed to a System Security undergrad-subject project. The people involved in the project are:

Student: POLETTO, André // polettoandre [at] gmail.com

Student: KAWASAKI, Davi // davishinjik [at] gmail.com

Student: BERTONCINI, João Vitor // joaobertoncini [at] alunos.utfpr.edu.br

Professor: YOKOYAMA, Roberto Sadao // yokoyama [at] utfpr.edu.br

CONTACT & FEEDBACKS

Feel free to contact or pull request me to any relevant updates you may enquire:

KAWASAKI, Davi // davishinjik [at] gmail.com

About

A password manager written in Python (2.7) with htmlPy using Password-Based Key Derivation Function 2 (PBKDF2), Advanced Encryption Standard (AES) and Secure Hash Algorithm (SHA-256).

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published