Stupid way to manage passwords

In fact, the original question is "manage your password the hard way" -- Note

Background

Congratulations to the Hollywood actress we saw your boobs ). Well... although it seems that there is no final conclusion on how it is made, it seems that it has attracted some attention to password security.

Password security often emphasizes two points: robustness and password reuse. Strong passwords can improve the security of passwords, but increase the memory burden, because strong passwords are often irregular. On the other hand, even strong passwords will be lost in various situations. For example, brute-force cracking and website attacks can obtain passwords from the background. If different passwords are used for each account and site (that is, password reuse is avoided), the loss can be reduced, but this will also increase the memory burden.

It is really troublesome and insecure to take a note of the password, and it is not a big deal. Is there a high-end Method for implementation?

Ideas

A certain encryption algorithm can be used to convert a simple string into another random string, so that the generated random string is a strong password.

You can use two inputs (User-entered master password (mainkey) and site-based input) to determine an output to avoid password reuse.

The length of the master password is too short. You can use random characters to fill the length too long. You can use some ing to shorten the length.

If the encryption algorithm results are not completely within the valid character range of the password, you can create a character set to convert the ciphertext to the actual password through some ing.

In fact, this thing has been under consideration before. Yesterday, a friend @ Shen wuzhuan asked this question: if you want to use a simple password and then use it as the password, what is the security of the password? So I spoke about my thoughts.

It was boring to say that I didn't practice it, so I spent half a day using python to manage the password.

Requirement

Portable: users cannot log on to only one terminal. Therefore, as long as users remember their primary password, whether on any terminal, as long as they have this application, enter the master password and website name to obtain the website password.

Save: You can save frequently-used website settings on your usual terminal.

Stable: the same input (master password and site name) must be the same output (otherwise, how can I log in)

Variable: You can use a few changes to generate a completely different set of passwords.

Encryption Algorithm Selection

I don't want to understand Cryptography at all because of my mathematical skills. I just wanted to figure out how to call various encryption algorithms when they were black boxes.

It is obviously inappropriate to simply perform MD5, Sha, and so on, because there are many collisions between weak passwords (many people use the same weak password). In this way, these information summaries may also collide a lot, reduced security.

After trying out the python RSA library, we found that two identical inputs may have different outputs. After carefully checking the source code, we found that there were random values in the encryption functions in the library. (Kneel down)

I have no idea about other asymmetric encryption algorithms, and my idea of using asymmetric encryption is shattered. So I chose a symmetric encryption DES.

(Why Des? I chose it)

Implementation

The basic idea is as mentioned in

First, install the des library. The pydes library is implemented in Python only. You only need Pip to install it.

pip install pyDeseasy_install pyDes

This is my keymanager. py file

from pyDes import *import random as rimport string, pickle# Any Initial Value you want, must be 8 bytesinitialvalue = "babybear"# Any salt you wantsalt = "CuGBabyBeaR"# Any char set you want, it should be intersection of usable char sets of all sitescharset = string.ascii_letters + string.digits + "/[email protected]#$%^&*()_+-={}|:\"<>?,./;'[]\\"sites = []# Generate 24 byte key by mainkey and implement triple DES objectdef init(mainkey):    global d    r.seed(salt)    l = len(mainkey)    if l < 24:        mainkey += ''.join([chr(r.randint(0,255))for x in xrange(24-l)])    elif l > 24:        mainkey = fence(mainkey, 24)        mainkey = map(lambda a:chr(a%256), mainkey)    d = triple_des(mainkey, CBC, initialvalue, pad=None, padmode=PAD_PKCS5)# A mapping method, transform data to integer listdef fence(data,n):    res = [0 for x in xrange(n)]    nd, rd = divmod(len(data), n)    for i in xrange(nd):        for j in xrange(n):            res[j] += ord(data[i*n + j])    for i in xrange(rd):        res[i] += ord(data[i-rd])    return res# Calculate key by site namedef getKey(name, n = 16, _charset = None):    if not _charset:        _charset = charset    encrypted = d.encrypt(salt + "@" + name)    encrypted = fence(encrypted, n)    key = map(lambda a : _charset[a % len(_charset)], encrypted)    return ''.join(key)# Calculate key in saved settingsdef getSiteKey(i):    site = sites[i]    return getKey(site['name'],site['n'],site['charset'])    pass# Load sites settingsdef load():    global sites    f = open('settings','r')    sites = pickle.load(f)    pass# Save sites settingsdef save():    f = open('settings','w+')    pickle.dump(sites, f)    pass# Add a site settingdef addSite(name, n, _charset = None):    if not isinstance(name,basestring):        raise TypeError("Sitename must be sting")    if not isinstance(n, int):        raise TypeError("Keylength must be integer")    if _charset and not isinstance(name,basestring):        raise TypeError("Charset must be sting")    sites.append({'name':name,'n':n,'charset':charset})    passif __name__ == '__main__':    mainkey = raw_input("Input your mainkey: ")    init(mainkey)    while True:        name = raw_input("Input site name (or \"exit\"): ")        if name == 'exit':            break        else:            print getKey(name, 16)        pass

This is only a basic application. The function of saving site information is not demonstrated here.

You only need to modify the global variable salt to completely change the generated password.

Stupid way to manage passwords