Skip to content

ziofat/Amaranth

Repository files navigation

Amaranth

npm CircleCI codecov FOSSA Status

A password management tool without storing them. It is Safe and Rememberable.

Introduction

We all know that using same password everywhere is extremly unsafe because websites cannot be trusted to protect them from hackers. So once one of your passwords is leaked, the other accounts are still safe.

However, it is impossible to remember all passwords for different websites. So there are several solutions for password management, like LastPass, 1Password or KeePass.

But are they really safe? LastPass had been hacked. Keep them local? You must synchronize manually. How can we balance the safety and convenience?

Amaranth provides a simple password management solution. You just need to remember only one password (we call it main password), and set different site id for accounts on different sites (you can directly use the brand name like google or apple). Amaranth will calculate the password for you.

Only you have main password, and site id, Amaranth can calculate correct password for you. If any of this 2 is wrong, Amaranth will provide different password. The benefits of this are that you only need to remember this specific main password IN YOUR BRAIN, and Amaranth can give you any password you need at any devices without synchronization and storage.

Algorithm

So Amaranth is unhackable because it dose not store any of your password. It only provides an algorithm to generate them.

It also comes with different type of password in case there is requirement in websites or services. For example, some website require longer password length (more than 10) but some service (like bank) require PIN as password. Amaranth provides 4 kinds of passwords which is PIN, Short, Classic and Long.

Long Password

According to HOW SECURE IS MY PASSWORD?, the Long type password needs 3 TRILLION YEARS to crack (2016).

PIN Password

The benifits of using Amaranth:

  • Safe, unhackable. Even your computer is stolen, the passwords will never leak.
  • Easy to remember. User just need to remember a main password and a rule of site id.
  • Main password is only used to generate password, never used in actual websites.
  • No need to think a new password for new account.

There is also a shortcoming, if you choose this solution, you need to change your current passwords.

Usage

There is a Chrome extension for this. (repo)

This repository is for algorithm. To check it, just

npm install amaranth

and in your nodejs file:

const amaranth = require('amaranth');
const password = amaranth('main password', 'site id', 'Long');
// amaranth(mainPassword, siteId, passwordType);

The Amaranth was tested on node v4.6.0 and v6.7.0, should works on all version of nodejs above v4.6.0.

Currently Amaranth support 4 types of password:

  • PIN: 4 digit
  • Short: 1 uppercase characters, 2 lowercase characters, 1 digit
  • Classic: 2 uppercase characters, 3 lowercase characters, 2 digit, 1 punctuation
  • Long: 4 uppercase characters, 6 lowercase characters, 4 digit, 2 punctuation

Author

Daniel Li

Yao Peng

License

See LICENSE file.

FOSSA Status

About

A password management tool without storage

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published