Hierarchical deterministic password manager
This is a proof-of-concept deterministic mnemonic-based password manager. It utilizes the seed generated from mnemonic[2] to provision secrets[1] (as of now - passwords). This allows for synchronization of passwords across devices without the need to store any secrets on third-party servers. After synchronization of the metadata (password groups, names and details) via third-party servers, the passwords are generated from mnemonic inputted by the user on each new device.
The possibility of using a password manager that stores secrets on a third-party server is not acceptable, but so is using one that does not synchronize the secrets across devices. Using the mnemonic to generate a seed enables just that - the metadata can be safely stored on a third-party server, as it only holds the dedrivation path, and the secrets themselves are generated from a mnemonic sentence. The mnemonic can be written on a piece of paper or engraved on a metal plate.
Brain wallets (using hashes of words as secrets) are susceptible to dictionary attacks.
The mnemonic at the heart of this password manager is not.
Contributions are welcome! Please remember to run clang-format and clang-tidy before submitting PRs.
Build requirements: cmake, gcc(>=8) or clang(>=6), ncursesw.
Develompent: all of the above + clang-tidy and clang-format(=6).
$ mkdir build$ cd build$ cmake ..$ make [-j6]
This project requires an ncurses implementation, you can use homebrew to get one:
$ brew install ncurses
All code outside “external“ is licensed under GPLv3.
Bitcoin’s [hardened] key derivation BIP-32
Bitcoin’s mnemonic deterministic key generation BIP-39