Veiled is a secure file-less password manager which computes unique passwords securely by processing your masterpassword with other information like the website name, your username for the website and the password length (default: 32) without internet or without saving your password anywhere which protects your password database from breach or theft.
$ git clone https://github.com/spignelon/veiled
$ python veiled.py
It first append your username and password length (if any) to your website name and then creates SHA512 hash of it, then it uses the SHA512 hash as a salt and derive a key using scrypt as a KDF. Scrypt was designed to be computationally intensive, to make it costly to perform large-scale custom hardware attacks and make it resistant to attacks like brute-force. The Scrypt derived key is then passed to BLAKE2b just to make things more sophisticated and make any attacks against Veiled infeasible. The BLAKE2b hash is then encoded to Ascii85/Base85 and then trimmed to a desired length, maximum password length is 128 and default is 32.
Tips:
- It is recommended to use passphrase as master password
- Leaving website name empty will generate you a random 32 digit password