Skip to content

Latest commit

 

History

History
166 lines (132 loc) · 7.35 KB

README

File metadata and controls

166 lines (132 loc) · 7.35 KB

passle: hassle-free password management

passle is a stateless password manager. All you need is the Python interpreter and (optionally) some configuration files (which you don’t even need to keep private, but should if not for security but for privacy). There are no private keys or password databases to be secured and synchronized across devices. Passwords are derived from a master password you should memorize and a name for whichever service you are generating the password for. Passwords are derived deterministically using a key derivation function, but they are still hard¹ to guess.

You should consider using passle if you like the idea of having to memorize only one password to access a multitude of services with decent security, but dislike the fact that most password managers require you to secure and synchronize across devices secret keys and/or password databases.

./passle --help

¹: no guarantees though. See the *Security considerations.

Installation

None needed. Just clone the respository or download the passle script. You probably want to symlink the script to somewhere on your PATH for ease of invocation, though.

passle depends on Python (3.6+, I think) and (optionally but ideally) openSSL 1.1+. Another optional dependency is the one that provides access to the clipboard; currently only a dependency on xclip is implemented (which covers Linux systems), but contributors are welcome to provide patches for Windows and MacOS.

Design goals

portability and availability
being able to run the program anywhere, with minimal setup — unlike other password managers, you don’t need to carry and secure any private files
minimal dependency footprint
dependencies undermine the portability & availability goal and have a security tradeoff (better algorithm implementations versus more source code to inspect)
security
a goal of any password manager
brevity and simplicity
makes it easy for the user to inspect the software and trust that it does what it should do.

These goals explain the choice of Python as implementation language, since I believe in picking the right tool for the job instead of always picking my favorite tool (and Python’s definitely not my favourite tool!) Python is available in virtually all systems, and has a large standard library that allows us to have no other direct dependencies (although openSSL is recommended or a Python fallback for the key derivation function will be used).

Site files

Each service you generate passwords for may have a configuration file (called the site file), specifying things like which length the password should be (for those damn websites that demand your password not exceed X characters). Site files should be placed inside a sites directory in the PASSLE_HOME directory. PASSLE_HOME can be specified either as an argument to the script or as an environment variable, else it will default to a .passle directory in your home directory.

You can create a site file with

passle add

Site files are simply a series of key-value pairs, and should have the .pass extension. They are read and written using Python’s configparser module, so follow its syntax. All key-value pairs pertaining to passle must be stored under a PASSLE section (see the example file at .passle/sites/example.com.pass), but you may of course store any other information you want to under other sections if you want to.

Security considerations

I’m not a security expert, so take all of this with a grain of salt. The security of the passwords generated by passle relies in your master password, which should be strong. From it we derive all other passwords using an appropriate key derivation function, which for our purposes is hash function that’s meant to demand high computational resources to be calculated, which makes it harder to brute-force passwords.

If you pick a good master password it should be practically impossible to brute force a password, but there are other ways an attacker could obtain it, like by using a keylogger or compromising your machine in some other way. passle should have a smaller attack surface than most other password managers since it doesn’t store your master password, doesn’t send it or anything else over the wire, nor relies in a private key or something else you must secure (except, well, the master password being in your brain).

A way an attacker could obtain a derived password is by getting it from the clipboard (if you asked it to be copied there). As far as I know there is no way to prevent this by patching passle, and it is too convenient a feature to not provide, so we add a timeout until the clipboard is cleared and we live with it 🤷 I’d love to hear if you know of a better way of handling this! I don’t know how standard password managers handle this, but this vulnerability is shared by pass (see *Similar software), but not by in-browser password managers (these are subject to other types of vulnerabilites like fake password forms when autofill is enabled).

See this question (archive) at the security stack exchange for contrary opinions (not so much about security being bad but more about regular password managers being better).

Similar software

pass
passle has the same goal of pass, but pass requires the user to:
  • use GPG (which is a decent cost in terms of learning curve and having to secure and synchronize secret keys and revoking certificates)
  • secure and synchronize across devices a password databases

    if you already use GPG for other purposes and don’t mind synchronizing and keeping safe a password database, by all means use pass which (at the time of writing) is much more mature software.

hashpass
essentially same idea, but:
  • we use a password/key derivation function instead of a normal cryptographic hash function, which is better defense against brute force attempts;
  • passle is not bound to your browser, being a standalone Python script (there are hashpass implementations that do not depend on a browser either, but the main one does)

    you should use hashpass (or something similar) if you’d like the convenience of having the password manager in your browser.

If you think these comparisons are unfair, please do open an issue and propose a fix! (I intend no malicious unfairness, but the human mind is biased)

Contributing

Please do! Keep in mind the design goals and keep in touch through issues and pull requests, or just fork it and go on your merry way.