yuxin's blog

English

简体中文

English

简体中文

主题

Crypto Pass

>

Description

Nowadays, there are too many platforms on the Internet, and each platform requires an account and password.

It can't be recorded

Therefore, it is necessary to make a software to record the account number and password

Function:

  1. The software requires a password to log in, (it can be unlocked twice with 2FA)
  2. The information stored in the software is mainly the platform name, platform address, account name, and password. Email, mobile phone,

Passwords need to be stored encrypted

  1. There is a search function, which can be quickly matched to the platform or account through search
  2. Password generation function (help generate passwords)
  3. Data can be stored locally or synchronized to the network disk (Baidu, Alibaba, GitHub)
  4. It will lock if it is not operated for 5 minutes
  5. Clear the contents of the pasteboard regularly, and adjust the clearing interval
  6. Encrypt local files.

This type of software,

  1. It's better to store things locally (no need to interact with the server)

  2. It is best to open source (supervised by everyone)

  3. Charge by synchronizing user information

Existing software

Bitwarden

https://bitwarden.com/

Open Source Website:

https://github.com/bitwardenAwesome from front-end to back-end, completely open source.

proton pass

Official website: https://proton.me/pass

Partially open source:

https://github.com/protonpass

KeePass

1password

https://1password.com/zh-cn

Charge, find a description: https://yishi.io/1password-complete-tutorial/

Description of the web page process

Step 1: Generate a private key

Let you save

A PDF will be generated for you

Next

Main page

Create a new vault

That's it here

Vault page

Create a new login account

Project:

Passwords can also be imported

I choose chrome

Select Chrome

After you export the password file

Upload the file

Reset the label

It will lock if it is not operated for 10 minutes

### Security mechanisms

1Password isn't open source, but it follows a public specification ([white paper on the security model] (https://1password.com/files/1Password-White-Paper.pdf)) that any developer can black-box test.

David Schuetz explores how 1Password works in great detail in his blog post (https://darthnull.org/security/2018/11/09/1pass-misc/), and here's the core of his summary:

The so-called 2SKD (two-secret key derivation) mechanism means that 1Password uses both your own master password and secret key to encrypt your information, as well as verify your identity during communication with the server.**The Master password is not stored by 1Password, it only exists briefly in the machine's memory while it is being run. **

**The Secret key (i.e., the Account key in the diagram) is generated locally and only locally and is not uploaded to the server. **

Client-side flows

landing

flowerpassword

https://flowerpassword.com/: Just help generate passwords

MIT

© 2019-2024 zhang.yuxin