6 releases (3 breaking)
0.4.0 | Oct 30, 2021 |
---|---|
0.3.0 | Oct 3, 2020 |
0.2.2 | Oct 1, 2020 |
0.2.0 | Sep 30, 2020 |
0.1.0 | Sep 30, 2020 |
#717 in Authentication
23 downloads per month
29KB
647 lines
nv
Secure password store highly resistant to brute-force attacks.
Implements ideas from both blockchain and proof of work for creating a password repository and hashing repository password.
install
cargo install nv
commands
cat
- print contents of file to terminalcd
- change current working directorychangepwd
- change repository passwordclear
- clear the current screencp
- copy contents of file to clipboardgen
- generate random password and save to pathinfo
- print password repository informationls
- list all files in directorymkdir
- create a directorypwd
- print current working directoryrm
- remove file or directoryset
- write file contents from secret promptsetcp
- write file contents from clipboard and clear clipboardvi
- insecure file access that leaks files to your /tmp
mnemonic
In contrary to a combination of password and mnemonic, if you remember your password it is possible to brute-force the mnemonic by design.
If you don't want to be able to brute-force the mnemonic just use more seed bytes with -b
flag.
Seed possibilites are 256^b
where b
is amount of seed bytes.
Using one additional byte brings security up significantly.
It is safe enough to use four seed bytes with three seed words but nearly impossible to cheaply brute-force in case of loss.
Two seed words create higher level of security against brute-force attacks and are still possible to brute-force in case of loss.
security
Security is a combination of parameters: difficulty
, round
and seed-bytes
.
It is possible to cleverly manage those in order to make it harder to brute-force and faster to use at the same time.
The most important parameter is -r, --round
which increases amount of work required both for attackers and access.
encryption
Uses zbox file system with Cipher::Xchacha
.
guarantees
- Zero-knowledge
- Zero-guarantees (backup your password repository)
Dependencies
~15–27MB
~393K SLoC