Skip to content

BenjaminHae/Password-Manager

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

464 Commits

src

src

 
 

.travis.yml

.travis.yml

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

initial.sql

initial.sql

 
 

mechanism.xmind

mechanism.xmind

 
 

travis-ci.sh

travis-ci.sh

 
 

Repository files navigation

Password Manager

Build Status Codacy Badge License Environment Environment
'master' branch is a dev-branch, please download stable version from Release to use it.

Version

v10.00
Supports are available here for versions greater than v9.13
Please note, Password-Manager only supports HTTPS

DEMO

phppasswordmanager.sourceforge.io
This demo is for test ONLY! Do NOT put your real password there.
You can access the database for this demo here, with login username p2663268ro and password 12345678

Features

  1. Client side encryption. Server only keeps the encrypted strings.
  2. Customized fields support. You can add and delete fields for the password manager. You might want a URL field to keep login URL for all your accounts.
  3. PIN login. You don't need to input your long login password everytime. Instead, you can use a short PIN, in your trusted devices.
  4. Files support. You can attach files to accounts. Of course, files are encrypted in your browser before they are uploaded.
  5. Tags support and searching support. This makes it easier to manage lots of accounts.
  6. Import/Export as CSV file.
  7. Easy to backup and recovery.
  8. Authentication control. Account/IP will be blocked for too many failed attempts. After a short time of no action, you'll sign out automatically.
  9. Friendly UI.

Installation

See wiki

How to use

See wiki

Web Browser Plugin

Chrome: Chrome Web Store

Firefox: Add-on

GitHub Project: PwChromeExtension by Benjamin.

Mechanism

This password manager can generate and store random strong passwords for users. Passwords are generated on users' browsers and then encrypted using AES256 (CBC mode). Key for encryption is generated by PBKDF2 based on login password (Password_1)
PBKDF2 with SHA512 is used for user identification check. Raw password will be mapped to a pseudo password with a key related to Password_1 before applying AES256. The mapping algorithm is alphabet and position based.
Some part of information in Password_1 won't involve in calculations for identity check, So password_1 can't be obtained by enumerating password_0 (used for authentication).

mechanism

You can read more information about implementation in wiki.

Extentions

You can easily add E-mail verification, Google authentication... in your version of password manager. Put your implementation inside src/rest/check.php, which is used for login authentication.

Contribution

Please read the guide first.

All contributors to this project must agree their work to be published under MIT license ONLY (see LICENSE file) before submitting a pull request.

About

An online keepass-like tool to manage password. client-side AES encryption!

Resources

Readme

License

View license
Activity

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

6 tags

Packages

No packages published

Languages

  • JavaScript 67.3%
  • PHP 30.7%
  • CSS 1.1%
  • Other 0.9%