+- Sinisterly (https://sinister.ly)
+-- Forum: Coding (https://sinister.ly/Forum-Coding)
+--- Forum: Python (https://sinister.ly/Forum-Python)
+--- Thread: Password Manager V.1 (/Thread-Password-Manager-V-1)
Password Manager V.1 - Ex094 - 05-22-2013
![[Image: 63XHaMF.png]](http://i.imgur.com/63XHaMF.png)
May I present you my new database program, the Password Manager Version. It's an improved version from my previous VRD project. For me the VRD has very buggy code, Here are some of it's aditional features:
Features:
- Base64 encoded credentials
- Unix Based Authentication (Login to be precise)
- Less If statements
- Intro to Classes
- Better Error Handling
- Better Code (From VRD Point of View)
- Command Input (No menu)
- Linux Compatible Only (Sorry Windows Users, Read below for Why Windows is not supported)
- Python Version 3.3 Used
Glitch:
- The delete function with display "Credentials Deleted!" even if the username doesn't even exist. I'll be releasing a fix soon as it's not a big problem
- Clear function will not work for MAC Users
Commands Usage:
insert -- Insert credentials into the database
view -- View the credential database
delete -- Delete a credential based on username
search -- Search for a credential detail using Username
exit -- Quit program
Logging In:
In my password manager I've used PAM to simulate Unix Authentication which means that Linux users can log in using their account username and password. Because Windows doesn't use Unix auth, logging will give error and hence program will easily malfunction. I will include support If I find any windows related auth
module for Python.
Here's a screenshot of the Unix Auth:
![[Image: RUiWPbW.png]](http://i.imgur.com/RUiWPbW.png)
The password that user will input will not be visible as I've used getpass() module as a part of security
Security:
Without using a encoding to enccode the credentials that a user enters, whats the point of making a password manager? It's always supposed to make the credentials for your eyes only. Well the most basic encoding there I could find was base64 so everything you enter gets encoded in base64 and then It gets stored in the database. When you fetch the results from the database, it gets decoded on it's way to the output. Well if you have a better encryption then you are welcome to suggest
I believe that I got confused between Encryption and Encoding, hence speaking of base64 it's not secure at all as deque said hence I'll be implementing another one in the upcoming version!
Please be sure to install Simple PAM module in your python module repo before using my program, you can get Simple PAM from:
Code:
https://github.com/leonnnn/python3-simplepamSource Code:
Code:
import os, platform, base64, sqlite3, random, getpass
from simplepam import authenticate
class passmanager:
def auth(username, password): #Unix Authentication using PAM
if authenticate(username, password) == True:
return 'pass'
else:
return 'fail'
def encode(text): #Function to encrypt credentials details
try:
encoded = base64.b64encode(text.encode('utf8'))
return encoded
except TypeError:
return "Wrong User Input"
def decode(text): #Decodes the encrypted text after fetching credentials from database
try:
decoded = base64.b64decode(text)
return decoded
except TypeError:
passmanager.clear()
return "Wrong User Input"
def checkdatabase(): #Function to check whether the database exists or not
try:
with open('db.sql'): pass
except IOError:
passmanager.createdatabase()
def createdatabase(): #Create the Database
con = sqlite3.connect("db.sql")
cur = con.cursor()
cur.execute(""" CREATE TABLE passdb (username, password, description, dork BOOL) """)
cur.close()
cur.close()
def insert(username, password, description): #Insert Credentials into the database
try:
rand_id = random.randint(0, 1000)
if username == '': username = 'Unknown-%d' % rand_id
if password == '': password = 'Unknown-%d' % rand_id
if description == '': description = 'Unknown-%d' % rand_id
con = sqlite3.connect('db.sql')
cur = con.cursor()
cur.execute(""" INSERT INTO passdb (username, password, description) VALUES (?,?,?) """, (passmanager.encode(username), passmanager.encode(password), passmanager.encode(description)))
con.commit()
cur.close()
cur.close()
except sqlite3.OperationalError:
print('Database error, Make sure your database exists!')
input('Press any key to Continue...')
passmanager.clear()
def viewdb(): #View the whole credential Database
try:
string = ['Username:', 'Password:', 'Description:']
con = sqlite3.connect('db.sql')
cur = con.cursor()
cur.execute(""" SELECT * FROM passdb """)
getdb = cur.fetchall()
if len(getdb) == 0:
print(' ')
print('No Record Found!')
print(' ')
for items in getdb:
print(' ')
print("####################################")
for i in range(len(string)):
dec = passmanager.decode(items[i]).decode('utf8')
print(string[i], dec)
print("####################################")
input('Press any key to continue')
except sqlite3.OperationalError:
print('Database error, Make sure your database exists!')
input('Press any key to Continue...')
def search(user): #Function to search for the credentials using the username
try:
string = ['Username:', 'Password:', 'Description:']
con = sqlite3.connect('db.sql')
cur = con.cursor()
da = passmanager.encode(user)
cur.execute("""SELECT * FROM passdb WHERE username LIKE ?""", (da,))
find = cur.fetchall()
if len(find) == 0:
print(' ')
print('No data Found')
print(' ')
con.commit()
cur.close()
cur.close()
for terms in find:
print(' ')
print("####################################")
for i in range(len(string)):
dec = passmanager.decode(terms[i]).decode('utf8')
print(string[i], dec)
print("####################################")
input('Press any key to continue...')
except sqlite3.OperationalError:
print('Database error, Make sure your database exists!')
input('Press any key to Continue...')
passmanager.clear()
def delete(user): #Function to delete user from database
da = passmanager.encode(user)
con = sqlite3.connect('db.sql')
cur = con.cursor()
cur.execute("""DELETE FROM passdb WHERE username LIKE ?""", (da,))
con.commit()
cur.close()
cur.close()
input('Credential deleted!, Press any key to continue!')
def clear(): #Clear Screen
os.system('clear')
def menu(): #The main menu
passmanager.checkdatabase()
username = input('Enter your UNIX Username: ')
password = getpass.getpass()
if passmanager.auth(username, password) == 'pass':
passmanager.clear()
while True:
print("""
#############################################################
# #
# Password Manager V.1 #
# A small python database program to organize your #
# passwords #
# #
#############################################################
# By Ex094 Of Hackcommunity #
# http://ex094.blogspot.com # Type Help to view commands
#############################""")
cmd = input('>>> ')
if cmd == 'insert':
passmanager.clear()
username = input('Your username: ').strip()
password = input('Your password: ').strip()
description = input('Credential Description: ').strip()
passmanager.insert(username, password, description)
if cmd == 'search':
passmanager.clear()
user = input('Type the username to search in the database:')
passmanager.search(user)
if cmd == 'delete':
passmanager.clear()
user = input('Input your Credential Username: ').strip()
passmanager.delete(user)
if cmd == 'view':
passmanager.clear()
passmanager.viewdb()
if cmd == 'help':
passmanager.clear()
print("""
Password Manager
Version 1
Available Commands:
-------------------
Command - Function
insert Insert credentials into the database
view View the credential database
delete Delete a credential based on username
search Search for a credential detail using Username
exit Quit program
Coded By Ex094
http://ex094.bogspot.com
http://www.hackcommunity.com
""")
input('Press any key to continue...')
if cmd == 'exit':
break
else:
passmanager.clear()
else:
print('Sorry, Wrong Credentials')
os.system('exit')
passmanager.menu()Compiled Download:
You can download the compiled source from here:
Code:
http://ex094.uhosti.com/py/Encountered a bug? Report it in you comment!
Have Fun
Regards,
Ex094
RE: Password Manager V.1 - RogueCoder - 05-22-2013
Nice one work man
I would suggest something like AES encryption if possible, instead of base64..Personally I store my most complex credentials in TrueCrypt with a 20 pass and a key file on a hidden usb stick
not that i am paranoid or anything
RE: Password Manager V.1 - Deque - 05-22-2013
Hey Ex094.
That's a nice project, I like the user interface, but Base64? That is not an encryption, it is an encoding, meaning you can just get the passwords and decode them without a hassle. The passwords are not secured at all. If you want others to use it, you should take care to manage the passwords in a secure way. Ask for a masterpassword, use that to encrypt and decrypt the credentials in the database. Don't save the masterpassword (ever).
Deque
RE: Password Manager V.1 - Anima Templi - 05-22-2013
Nice tool! It's good to see something new from ya. As @Deque stated you should review your "encryption" and take what Deque wrote serious.
RE: Password Manager V.1 - Linuxephus™ - 05-22-2013
(05-22-2013, 08:29 PM)Anima Templi Wrote: Nice tool! It's good to see something new from ya. As @Deque stated you should review your "encryption" and take what Deque wrote serious.
Followed by what surely @"ArkPhaze" himself must just be dying to state himself as well!:lol::lub:
RE: Password Manager V.1 - Linuxephus™ - 05-22-2013
(05-22-2013, 08:29 PM)Anima Templi Wrote: Nice tool! It's good to see something new from ya. As @Deque stated you should review your "encryption" and take what Deque wrote serious.
Followed by what surely @"ArkPhaze" himself must just be dying to state himself as well!:lol::lub:
RE: Password Manager V.1 - ArkPhaze - 05-22-2013
Nope, not this time lol. Deque mentioned pretty much all that needed to be said. I haven't looked at the code directly though, I'm off in 10 mins.
@"Ex094" if interested I have some good hash utils written in python that you could incorporate. I would suggest cutting down on the line spacing though, 2 new lines per line of code makes the code harder to read lol. I usually only use new blank lines to separate my defs and other significant parts of the code.
RE: Password Manager V.1 - MrGeek - 05-23-2013
Thanks a lot my bro
nice work!
I am gonna test.
RE: Password Manager V.1 - Ex094 - 05-23-2013
@Deque Yes you are pretty much correct, I got myself confused between and Encryption and Encoding. Well that makes sense as the passwords are not secure at all. Can you explain what you suggested a little bit more (The master password part)
@ArkPhaze Sorry about that, I've the same words for ya too ^^. For the spaces, yes I'll reduce em.
Thanks for the suggestions guys.
RE: Password Manager V.1 - RogueCoder - 05-23-2013
@"Ex094" a master password is a pass(word|phrase) used to decrypt encrypted content. It serves as a key when encrypting the data. To decrypt the content you need to provide this key which is why it must never be stored anywhere.
At least this is my understanding of it, so feel free to correct me if I'm wrong