passcrux

passcrux

PassCrux - Immortalize your master password!

If you are like me, you loathe single points of failure, especially when it comes to passwords, and extra-especially when it comes to "master" passwords which guard things like password managers. Some password managers have mechanisms to reset your password, however every password reset-function is an increased attack surface. Plus, there is always the spectre of a password manager provider going under, or getting hacked, or whatever. I wanted a way to back up my "master" passwords under my own terms.

PassCrux gets to the crux of this matter, and has only a transient resemblance to crux-sounding recovery schemes found in some magical literature ;). It works by separating your password - or any data - into shards, that you can do anything you want with. Just provide M of the N shards and you can recover the original data. If you haven't been living in a cursed cave for the past two decades, you'll recognize this as Shamir's Secret Sharing algorithm, which is indeed at the heart of this tool. It's basically a lightweight wrapper around SSS, with built-in helpers and formatters for storing the shards in human-readable format.

Testimonials

Heck, that sounds so fun! I can't wait to lose my master password! -- aeksco

That's a good way to setup a quest for someone 1000 years in the future. Put a few of those in temples guarded by bosses, and you've got yourself a solid adventure. -- erotemic

Usage

To split a password from a prompt, into 5 shards with 3 needed to reconstruct, enter

passcrux split --ratio 3/5 --prompt 

Out:

a38f786f19680cb3
c4f5a36d797e336d
38519b5d42021620
f3ab8d463e182893
e4ea839978cc8eae

Now, distribute your shards. In this case, we are just going to dump them into a file for this demo. Copy (at least) 3 of the 5 output shards and paste into a file, shards.txt, one shard string per line.

shards.txt

a38f786f19680cb3
38519b5d42021620
e4ea839978cc8eae

Then run this command to print the secret:

cat shards.txt | passcrux combine

What to do with shards?

That's entirely up to you! Get creative with it! Here are some ideas to get your ideas churning:

• Stamp them into metal. Hide them in various places. Make a good ol' fashioned pirate map 🏴‍☠️
• Use --enc abc and mark the letters in your favorite books 📚
• Convert hexadecimal values into notes and make some sweet guitar riffs 🎸
• Give a copy to M trusted friends with instructions to delete your browser history 🗑️

Building/Installation

Turbo-instant docker usage:

docker run --rm -it xkortex/passcrux [OPTIONS]

Note: -it is required for -p/--prompt (interactive password prompt) and -v for any file-I/O.

Conventional:

Requires a typical golang environment. Simply run make to compile passcrux to $GOPATH/bin/passcrux

todo

• main IO commands
• primary encode formats: hex, base32, base64
• "abc" encoding
• Stabilize pipe-in interface and flags
• validate/ensure correct behavior with DOS-style carriage returns \r and \r\n
• test on windows
• Travis / CI hooks
• Dockerfile
• standardize output formatter interface
• goexpect for testing interactive password prompt
• config parsing
• handling for raw bytes I/O

Stretch goals:

• QR generator
• QR parser

License

PassCrux is licensed under Mozilla Public License v2.0 [FAQ]. Use it to your heart's content. ¯\_(ツ)_/¯

The current implementation relies on SSS from Hashicorp Vault, also MPL2. PassCrux uses SSS wholesale without any modification.

Cobra is licensed Apache, Copyright (c) 2015 Steve Francia spf@spf13.com

Viper is licensed MIT, Copyright (c) 2014 Steve Francia

IANAL and I think I am doing this correctly, but if something is in error, please open an Issue or PR to help rectify. Go makes it astoundingly easy to go get code and use it in your project, and if you ask me, if you are advertising your code as go-gettable on Github, your intent is to share, but it's not my call, so please clarify if I am in the wrong.

Thanks!