calcpass

package

v0.0.0-...-df1f2e6 Latest Latest Go to latest Published: Feb 15, 2018 License: GPL-3.0 Imports: 9 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/cruxic/calcpass

Links

Open Source Insights

Documentation ¶

Index ¶

func AlgorithmTypeToString(alg AlgorithmType) string
func ExecKDF(kdftype KDFType, plainPass, salt []byte) ([]byte, error)
func KDFTypeToString(kdftype KDFType) string
func MakeFriendlyPassword(hash32 []byte, outputLength int) (string, error)
func MakePassword(hash32 []byte, passFormat PassFmt) (string, error)
type AlgorithmType
type Format0Exported
- func Format0_Export(seed *Seed, encryptionPassword []byte, encryptionKDFType KDFType) (*Format0Exported, error)
- func (self *Format0Exported) String() string
type KDFType
type PassFmt
type Seed
- func (seed *Seed) CalculatePassword(sitename string, revision int) (string, error)
- func (seed *Seed) MakeKey32() []byte

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func AlgorithmTypeToString ¶

func AlgorithmTypeToString(alg AlgorithmType) string

func ExecKDF ¶

func ExecKDF(kdftype KDFType, plainPass, salt []byte) ([]byte, error)

func KDFTypeToString ¶

func KDFTypeToString(kdftype KDFType) string

func MakeFriendlyPassword ¶

func MakeFriendlyPassword(hash32 []byte, outputLength int) (string, error)

*Create a human readable password from a 32 byte seed. The password should minimize the hassle of typing it. Even if you normally use the calcpass browser plugin, sooner or later you'll find yourself entering a password manually on your smartphone or TV.

We should also minimize chances that an archaic website with stupid password limitations will reject the password.

Passwords from this function will be:

12 characters long.
Start with a capital A-Z.
Followed by ten lowercase a-z.
End with 0-9.

For example: Szbhgdixtgw9

If your are being targeted and your adversary knows that you use calcpass then he must make 36 quadrillion guesses (10^16). This is not viable for an online (over a network) attack.

For comparison, an 8 character password using an alphabet of 72 characters (mixed case and ten specials), has a strength of only 10^14 and is much harder to type.

Because the characters are random, these passwords will likely resist the most common types of offline cracking attempts: dictionary and "hybrid".

These passwords are NOT long enough to withstand a targeted offline cracking attempt. Therefore they should not be used for encryption keys unless a slow KDF function is also used.

Finally, keep in mind that passwords from this function are only as strong as the seed used. For example, if the seed was created as the hash of a 4 digit number that means there are only 10,000 possible seeds. If the attacker knows this then your password is easily guessable!

For some interesting research regarding online vs offline password strength please read:

"An Administrator’s Guide to Internet Password Research" Dinei Florêncio and Cormac Herley, Microsoft Research; Paul C. van Oorschot, Carleton University https://www.usenix.org/conference/lisa14/conference-program/presentation/florencio

func MakePassword ¶

func MakePassword(hash32 []byte, passFormat PassFmt) (string, error)

Types ¶

type AlgorithmType ¶

type AlgorithmType byte

const (
	AlgType_2018a AlgorithmType = 1
)

type Format0Exported ¶

type Format0Exported struct {
	SeedName      string
	ByteWordLines string

	/*The same data as base64 to be used to output a QR code.*/
	Base64ForQRCode string
}

Format 0:

0    : FormatVer 0x00
1    : encryptionKDFType
2-9  : KDF-Salt
--- Encrypted
10-25: seed.Bytes (16 bytes)
26   : seed.DefaultPasswordFormat
27   : seed.Algorithm
--- End Encrypted
28-N : Seed Name (Not included in printed bytewords)
N+1-N+4: Inner MAC (HmacSha256 of all the above before encryption truncated to 4 bytes)
N+5-N+6: Outer Checksum (sha256 truncated to 2 bytes)

func Format0_Export ¶

func Format0_Export(seed *Seed, encryptionPassword []byte, encryptionKDFType KDFType) (*Format0Exported, error)

func (*Format0Exported) String ¶

func (self *Format0Exported) String() string

type KDFType ¶

type KDFType byte

const (
	KDFType_QuadBcrypt12 KDFType = 12
	KDFType_QuadBcrypt13 KDFType = 13
	KDFType_QuadBcrypt14 KDFType = 14
)

type PassFmt ¶

type PassFmt byte

const (
	PassFmt_Friendly9  PassFmt = 9
	PassFmt_Friendly12 PassFmt = 12
)

Password output formats

type Seed ¶

type Seed struct {
	Name string

	//The 128bit random seed
	Bytes [16]byte

	//The algorithm which is used to calculate the password from the seed
	Algorithm AlgorithmType

	//The default password output format
	DefaultPasswordFormat PassFmt
}

* The seed and it's associated parameters. These values should be considered fixed for the life of the seed.

func Format0_ImportPrinted ¶

func Format0_ImportPrinted(seedName string, words string, encryptionPassword []byte) (*Seed, error)

func Format0_ImportRaw ¶

func Format0_ImportRaw(dat []byte, encryptionPassword []byte) (*Seed, error)

func ImportFromQRCode ¶

func ImportFromQRCode(qrText string, encryptionPassword []byte) (*Seed, error)

func (*Seed) CalculatePassword ¶

func (seed *Seed) CalculatePassword(sitename string, revision int) (string, error)

func (*Seed) MakeKey32 ¶

func (seed *Seed) MakeKey32() []byte

Expand the key to 32 bytes for compatibility with hardware backed keystores

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
bytewords
card * Code for generating a printable wallet-sized card containing random password characters.	* Code for generating a printable wallet-sized card containing random password characters.
cmd
calcpass
parallel_bcrypt *Run bcrypt password hash in parallel threads and combine the results.	*Run bcrypt password hash in parallel threads and combine the results.
type2017a The type 2017a password is calculated like so (pseudo-code): stretchedmaster = StretchMasterPassword(yourMasterPassword, yourEmailAddress) sitekey = MakeSiteKey(stretchedmaster, 'example.com', 0) //revision 0 cardCoordinate1, cardCoordinate2 = MakeSiteCoordinates(sitekey, 2) eightCharsFromCard = youGoLookup(cardCoordinate1, cardCoordinate2) finalSeed = StretchSiteCardMix(MixSiteAndCard(sitekey, eightCharsFromCard)) finalPassword = MakeFriendlyPassword12a(finalSeed) This construction achieves these goals: 1.	The type 2017a password is calculated like so (pseudo-code): stretchedmaster = StretchMasterPassword(yourMasterPassword, yourEmailAddress) sitekey = MakeSiteKey(stretchedmaster, 'example.com', 0) //revision 0 cardCoordinate1, cardCoordinate2 = MakeSiteCoordinates(sitekey, 2) eightCharsFromCard = youGoLookup(cardCoordinate1, cardCoordinate2) finalSeed = StretchSiteCardMix(MixSiteAndCard(sitekey, eightCharsFromCard)) finalPassword = MakeFriendlyPassword12a(finalSeed) This construction achieves these goals: 1.
util *Utility functions needed by calcpass.	*Utility functions needed by calcpass.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL