# PWORD A one way, sync free, deterministic password generator. 100% in Rust [diceware](https://en.wikipedia.org/wiki/Diceware) and [aragon2](https://en.wikipedia.org/wiki/Argon2) (Winner of the 2015 Password Hashing Competition) to create a cryptographically secure password. You should be able to install this program on any computer and access any of your passwords completely offline and without sync. ## What the 🧠 human has to remember 1. Passphrase "Endnote kindness clover" 2. Name of website password is for "github.com" If you enter the above text into pword, it will always show you the same password of `raW5kbmVzcyBjbG92ZXI` which I suggest you do not actually use - this is for demonstration purposes only. ## Installation Quick install ```bash cargo install pword ``` Clone and build install ```bash git clone https://github.com/drbh/pword.git cd pword cargo install ``` ## How it works Based on the diceware algorithm we generate a master passphrase for the user to remember. This passphrase is seeded by a secure random number generator [more info from developers](https://gitlab.com/timvisee/chbs). Next, we use this passphrase as a salt in the aragon2 password generating function. Based on the users' input for the website - we suggest the hostname including the domain but not the protocol or trailing path. eg - `github.com` not including https - and the master passphrase we have a sufficiently random, but easy to remember input to our hash function. We pass the input and salt to Aragon2 a memory-hard password function. The output is a long well-hashed string, which we subset 20 characters from the middle. The output is a unique 20 digit password that can be regenerated by using the phrase and password host. While this aims to be extremely easy for a human to remember the process of generating a password is computationally expensive (requires passphrase generation, and memory-hard hash function). While you could create a more secure password (one that's 100+ digits long) it would be extremely hard to remember, but this provides you an easy way to create and access many very secure (probably more secure than your current password) from a cross-platform tool. ## Use #### Master Passphrase ```bash pword new # Endnote kindness clover ``` #### Generate New Password ```bash pword generate # Type a password: # # 👍 thanks. # # Type a label for your password # github.com # # Your password: # raW5kbmVzcyBjbG92ZXI ```