Skip to content

Latest commit

 

History

History
41 lines (27 loc) · 1.67 KB

README.md

File metadata and controls

41 lines (27 loc) · 1.67 KB

DBLess

A hash-based, database-less password manager

Overview

This repository contains a few implementations of the DBLess algorithm, from which may be built a password manager that does not require encryption or password storage.

The DBLess algorithm is an embellished hash function, consisting of updating a SHA-256 hash object with a master password then repeatedly with an argument sequence before encoding the resulting digest in Ascii85:

def dbless(master, *args): return a85encode(sha256(b'\n'.join([master, *args, b''])).digest()).replace(b'z', b'!' * 5)

The argument sequence args is a list of strings that uniquely identifies the account to be logged into; examples of such sequences include ['github.com', 'email@provider'] and [token, 'cloudflare', 'us-east-1', 'root'] where token would be a secret token stored in a local file or environment variable.

Usage

# C implementation
make && bin/dbless [args] # replace `[args]` with an argument sequence

# Python implementation
python3 src/dbless.py [args] # replace `[args]` with an argument sequence

The implementations within this repository are meant to be wrapped by a shell alias:

# do not load token, then output password to stdout
function dbless; bin/dbless $argv; end

# load token from environment variable, then output password to stdout
function dbless; bin/dbless $TOKEN $argv; end

# load token from environment variable, then output password to clipboard
function dbless; bin/dbless $TOKEN $argv | xclip -selection clipboard; end

# load token from local file, then output password to clipboard
function dbless; bin/dbless (cat token) $argv | xclip -selection clipboard; end