Open nithinmanoj10 opened 1 year ago
After the user downloads the password manager, they should run the following command before using it for the first time to setup the file and folder systems to store the passwords
python3 setup.py
The following steps are done in the setup process
vaults
directory (empty)master_info.txt
(empty)This will create a directory named vaults
that contains each and every vault and a file names master_info.txt
that contains information about the user like name, e-mail, master password, etc.
The name of each vault file in vaults
will be its respective authentication key (A). It is calculated as follows
import argon2, binascii
def getVaultKey(master_password, salt):
A = H(master_password | V)
H is any secure key-derivation function. In our implementation, we will be using Argon2. V is the vault-key and is calculated as follows
V = H(master_password | salt)
The salt is unique and randomly generated at the time of creation of a vault for a user.
Each user will be assigned a unique vault to them at the time of their account creation. This vault will securely store passwords and personal information that can be later accessed and modified by the user using a Vault Key. Each users vault will also be authenticated using a Vault Authentication Key.
At the time of creating a new vault, the following details need to be inputted by the user
At the time of creation, the software checks if the master password is strong or not.
This information is stored in a User-Vault SQL table. The master password is hashed and stored along with a salt
After the user downloads the password manager, they should run the following command before using it for the first time to setup the file and folder systems to store the passwords
python3 setup.py
The following steps are done in the setup process
vaults
directorymaster_info.txt
fileHere is a top overview of the file system. There is a directory named vaults
, that contain each users vault. A vault is an encrypted text file containing the users passwords. The name of each encrypted vault file is the vaults authentication key A, whose calculation will be shown in the upcoming sections. Each vault file contains encrypted key-value pairs. The site name or email ID or any other unique name which is used to identify the password is used as a key, while the hashed password is stored as the value.
The master_info.txt
is an encrypted file that contains the following information about each user
This is again stored as encrypted key-value pairs.
Each user will be assigned a unique vault to them at the time of their account creation. This vault will securely store passwords and personal information that can be later accessed and modified by the user using a Vault Key. Each users vault will also be authenticated using a Vault Authentication Key. Both the Vault Key (V) and Authentication Key (K) are derived from the master password that is chosen by the user. They are calculated as follows
V = H(master_password | salt)
The salt is unique and randomly generated at the time of creation of a vault for a user. H is any secure key-derivation function. In our implementation, we will be using Argon2.
The vault key is then used to calculate the authentication key.
A = H(master_password | V)
At the time of creating a new vault, the following details need to be inputted by the user
A unique salt is then randomly generated and used to hash the master password using a key-derivation function. The username, hashed master password and salt are then stored together inside the master_info.txt
file. So the next time the user tries to login, we check if the master password he inputted was correct by comparing the hash of the inputted password and the hash stored in the master_info.txt
file.
Right after the user account is created, the vault key and authentication key is created from the master password. A new file with the name same as the authentication key is created inside the vaults
directory. This will be the users vault and their passwords will be stored here. This is vault file is then encrypted and decrypted using a Symmetric Key Cipher with the calculated vault key being the symmetric key.
Module to create a new and empty vault for a user to securely store their passwords and personal information