Skip to content

Latest commit

 

History

History
68 lines (38 loc) · 3.84 KB

README.md

File metadata and controls

68 lines (38 loc) · 3.84 KB

entropis

npm version NPM Downloads Known Vulnerabilities GitHub license

The web interface can be found here (also listed in this repo under "entropis.html").

Motivation

Reliable password storage has become a problematic issue in recent years. Password managers have proven to be as prone as ever to security vulnerabilities, while at the same time only growing in complexity day by day. The goal of this project is to remedy that very situation: to develop an open-source password manager based a few simple yet powerful building blocks and implemented in a variety of programming languages. Entropis combines finite-field mappings with a sponge construction to generate a secure hash from a passphrase and salt. It also provides an interface to encode and decode data as a base-64 string. Finally, a simple "offline" web interface is provided to actually manage passwords.

Algorithm

Overview of the hash algorithm.

API

The current Javascript implementation supports the following operations:

entropis.hash(passphrase, salt, digits)

Generates a hexadecimal hash of any length (the default is 128 digits, or 512 bits) from a passphrase and (optional) "salt". (Note: Does NOT modify the internal state of the entropis object.)

entropis.encode(passphrase, text)

Converts a block of text to a base-64 encoded datastore with passphrase. (Note: Does NOT modify the internal state of the entropis object.)

entropis.decode(passphrase, base64)

Converts a base-64 encoded datastore to text with passphrase. (Note: Does NOT modify the internal state of the entropis object.)

entropis.set(passphrase, domain, password, user)

Securely stores the password and username for a given domain within the internal datastore using a master passphrase. Returns the updated base-64 representation of the datastore.

entropis.get(passphrase, domain)

Securely retrieves the password for a given domain from the internal datastore using a master passphrase. If domain is null, an object containing all passwords in the datastore is returned.

entropis.remove(passphrase, domain)

Securely deletes the entry for a given domain within the internal datastore using a master passphrase. Returns the updated base-64 representation of the datastore.

entropis.clear(passphrase)

Deletes the internal datastore protected by a master passphrase. If passphrase is null, the internal state is unconditionally reset.

entropis.change(oldphrase, newphrase)

Re-encodes the internal datastore protected by master passphrase oldphrase with the new passphrase newphrase. Returns the updated base-64 representation of the datastore.

entropis.merge(passphrase, base64, oldphrase, force)

Merges the datastore base64 the internal datastore protected by a master passphrase. If oldphrase is null or empty, passphrase is used to decode base64. If force is falsy, the function will fail in the event of a merge conflict. Returns the updated base-64 representation of the datastore.

License

This library is released under the MIT License.