passle is a stateless password manager. All you need is the Python
interpreter and (optionally) some configuration files (which you don’t
even need to keep private, but should if not for security but for
privacy). There are no private keys or password databases to be
secured and synchronized across devices. Passwords are derived from a
master password you should memorize and a name for whichever service
you are generating the password for. Passwords are derived
deterministically using a key derivation function, but they are still
hard¹ to guess.
You should consider using passle if you like the idea of having to
memorize only one password to access a multitude of services with
decent security, but dislike the fact that most password managers
require you to secure and synchronize across devices secret keys
and/or password databases.
./passle --help
¹: no guarantees though. See the *Security considerations.
None needed. Just clone the respository or download the passle
script. You probably want to symlink the script to somewhere on your
PATH for ease of invocation, though.
passle depends on Python (3.6+, I think) and (optionally but
ideally) openSSL 1.1+. Another optional dependency is the one that
provides access to the clipboard; currently only a dependency on
xclip is implemented (which covers Linux systems), but contributors
are welcome to provide patches for Windows and MacOS.
- portability and availability
- being able to run the program anywhere, with minimal setup — unlike other password managers, you don’t need to carry and secure any private files
- minimal dependency footprint
- dependencies undermine the portability & availability goal and have a security tradeoff (better algorithm implementations versus more source code to inspect)
- security
- a goal of any password manager
- brevity and simplicity
- makes it easy for the user to inspect the software and trust that it does what it should do.
These goals explain the choice of Python as implementation language, since I believe in picking the right tool for the job instead of always picking my favorite tool (and Python’s definitely not my favourite tool!) Python is available in virtually all systems, and has a large standard library that allows us to have no other direct dependencies (although openSSL is recommended or a Python fallback for the key derivation function will be used).
Each service you generate passwords for may have a configuration file
(called the site file), specifying things like which length the
password should be (for those damn websites that demand your password
not exceed X characters). Site files should be placed inside a sites
directory in the PASSLE_HOME directory. PASSLE_HOME can be
specified either as an argument to the script or as an environment
variable, else it will default to a .passle directory in your home
directory.
You can create a site file with
passle add
Site files are simply a series of key-value pairs, and should have the
.pass extension. They are read and written using Python’s
configparser module, so follow its syntax. All key-value pairs
pertaining to passle must be stored under a PASSLE section (see
the example file at .passle/sites/example.com.pass), but you may of
course store any other information you want to under other sections if
you want to.
I’m not a security expert, so take all of this with a grain of
salt. The security of the passwords generated by passle relies in
your master password, which should be strong. From it we derive all
other passwords using an appropriate key derivation function, which
for our purposes is hash function that’s meant to demand high
computational resources to be calculated, which makes it harder to
brute-force passwords.
If you pick a good master password it should be practically impossible
to brute force a password, but there are other ways an attacker could
obtain it, like by using a keylogger or compromising your machine in
some other way. passle should have a smaller attack surface than
most other password managers since it doesn’t store your master
password, doesn’t send it or anything else over the wire, nor relies
in a private key or something else you must secure (except, well, the
master password being in your brain).
A way an attacker could obtain a derived password is by getting it
from the clipboard (if you asked it to be copied there). As far as I
know there is no way to prevent this by patching passle, and it is
too convenient a feature to not provide, so we add a timeout until the
clipboard is cleared and we live with it 🤷 I’d love to hear if you
know of a better way of handling this! I don’t know how standard
password managers handle this, but this vulnerability is shared by
pass (see *Similar software), but not by in-browser password
managers (these are subject to other types of vulnerabilites like fake
password forms when autofill is enabled).
See this question (archive) at the security stack exchange for contrary opinions (not so much about security being bad but more about regular password managers being better).
- pass
passlehas the same goal ofpass, butpassrequires the user to:- use GPG (which is a decent cost in terms of learning curve and having to secure and synchronize secret keys and revoking certificates)
- secure and synchronize across devices a password databases
if you already use GPG for other purposes and don’t mind synchronizing and keeping safe a password database, by all means use
passwhich (at the time of writing) is much more mature software.
- hashpass
- essentially same idea, but:
- we use a password/key derivation function instead of a normal cryptographic hash function, which is better defense against brute force attempts;
passleis not bound to your browser, being a standalone Python script (there are hashpass implementations that do not depend on a browser either, but the main one does)you should use
hashpass(or something similar) if you’d like the convenience of having the password manager in your browser.
If you think these comparisons are unfair, please do open an issue and propose a fix! (I intend no malicious unfairness, but the human mind is biased)
Please do! Keep in mind the design goals and keep in touch through issues and pull requests, or just fork it and go on your merry way.