Creating Your Own Best Password Manager
Their are many Password Manager available but in this post we will create our own offline password manager in python.
And I personally use this application for storing my passwords.
We all uses different applications and websites everyday and it requires us to login ,some of them give us option to login using OAuth and we can signup and login using it.
But in many cases we have to register using our Email Id and set a password for our account.
We have to make sure the Password is not common so that it cannot be guessed using dictionary attack.
Also the Length of the password should not be small and must include various letters, digits and punctuation marks to make it difficult to crack.
Much like this Yije4"*{|\/zm+Rgye`.QL>:M^`=&)8_O
We can create few difficult passwords like them, that are hard to crack but we cannot use them on all sites ,because if password of one website is compromised than the websites using the same passwords may also be in danger.
So we need to create almost different passwords for every website with more or less difficulty.
We have a Random Password Generator Post where we have created a random password generator using python which includes letters , digits and punctuation marks and they are almost hard to crack, but how do we remember them?.
So for That we are going to Create A Secure Offline Password Manager of our own to store those passwords and we can use them when they are needed.And indeed it will be our best password manager so far.
So lets Start:
You might have heard that passwords should be hashed and then stored. Because getting the original password is impossible from the hashed passwords.
The Question is:
How to implement password storage with hashing and salting in our application?
For this we will use python hashlib library and we will use sha512 to hash our password.
So What should be the functionality of our app,basically it should perform CRUD operations. Right?
So the main functionality of our app will be :
- Store the passwords
- Display the passwords to the user
- Update the existing record of a website
- Delete a particular record
We will not use a simple file or something but we will be using Sqlite3 database for storing our passwords .
This is how it will look like
Step 1:
As we have decided to use sqlite3 database so we need to create a database and tables into it,but wait a minute!
Before Starting it we have some questions like
How many tables do we need?
What will be number of columns in the tables?
In technical terms What will be the fields of the tables? And so on..
So How many Tables do we need?
The answer is we will require only one table to store our passwords
as per our use case.
You can further increase the number of tables to make the app more functional.
if you require but to keep it simple and to make an app that we can use instantly we will make only one table.
Now What will be number of columns in the tables?
So we need Website Name, Username, Password, and also Email Id used for that website.Their are 4 columns in total, again you can increase as per requirements.
So our Sqlite3 database will be as:
Code:
-
import sqlite3
import hashlib
import base64
class PassManager:
def __init__(self):
self.conn = sqlite3.connect("PasswordManager.db")
query = '''Create Table if not exists PassStorage(
site varchar(255)not null,
username varchar(255) not null,
password varchar(255) not null,
email varchar(255))'''
self.conn.execute(query)
self.conn.commit()-
we are building PassManager class and we will build our CRUD operation as functions of this class as we move forward.
Step 2:
Now we have decided how our database will look like, now we have to think of the flow our app .
So we need a master username and master password ,so that only the user can access the database and no one else,and user needs to remember only the master credentials to get all the information.
You may have a question , that is password manager safe and is it really the best password manager app?
The answer is simple , yes it is safe because it is standalone offline application that only you will use on your local machine with local database,so no one have access to the details except you☺
This is the normal flow of our app.
Step 3:
Now lets start to build our app as per the flow.
so we start with getting master user credentials and storing them into the database by hashing the password.
Code:
We have Class PassManager in which we initialized the __init__ function and made the connection to the sqlite3 database as soon as the app is run
Now the function to create Master User is as follows
- As we discussed earlier we will store password in hashed form and for that we are using hashlib library.
- we use salt as combination of username and password you can use as your wish ,but make sure you remember the salt then,because it will be used further when we are needed to authenticate the master user.
Output:
Step 4:
Now we will move to create the functions for performing the CRUD
operations.
1.Store password in the database for various website Now we cannot store the passwords directly into the database
we need to encrypt it so that it is not accessed by anyone
without the KEY.
Also we cannot hash the passwords because we need to display them back not like our master password which we don't need to revert.
So we are going to user fernet library from cryptography
module in python
If you don't have it installed just run
pip install cryptography
we are going to need authentication of master more often
so we will create a function to authenticate it.
Code:
- so here we ask for credentials and make the hash using the saltand password.
- Hence we told early that you can have any salt but remember it.So we fire SQL query to fetch the master user hashedPassword from the database and compare it with our generated hash.
- if it matched we return the master password that we are going to use the different functions for CRUD operations later on.
- if it is not matched then we return "PDM" i.e password Dont match.
As we have an authentication function now we can move
to make our 1st CRUD operation function to Store the user Passwords
Code:
- In this function we first check if the site and username already exists in the database if so we ask them to update the password instead of creating a new record.
- if not we ask the website name , username,password and email id used for the website.
- As mentioned earlier we are using fernet for encrypting the passwords fernet requires fernet key to encrypt and decrypt the message.
- we can create a fernet key by using built in funtion provided by fernet called as generate_key(), but in that case we need to store the key some where safe and if the key is found the passwords can be seen.
- To avoid this problem we are creating are own key generation function called fernet_generate_passwordBased_key which takes master key as an argument and by using this generates the key.
- Thus the encryption of the passwords depends on the master password hence you need to remember the master password if your forgot it then it is not possible to decrypt the passwords for the websites.
2.Update a record:
Now every thing is easy just some SQL is needed to perform our
CRUD operations
lets take a look
Code:
Show Passwords:
- Here we first authenticate the user by calling the authenticate function that we created earlier and then ask for the site and username that we need to update.
- First we check if the site and username is present if yes then we ask for new credentials and we encrypt the new password using our fernet function and store it in database.
- if the site and username is not present then we send appropriate response to the user.
We try to update first record now.
After running the Operation the database looks like
3.Display all records:
For displaying the records we first authenticate the master user.
Then we fetch all records except the master password and display them
now as the passwords are encrypted we need to decrypt it.
so we use fernet decrypt function and pass masterkey to decrypt our
passwords and finally display the records.
4. Delete a record:
Now to perform deletion we ask the user to enter the site and username
that they need to delete .
we check if the site is present or not if present we delete the record.
if not we return the appropriate response
Code:
Output:
We try to delete the last record
After running the operation
Thus we have Successfully created our CRUD Operations.
Now we will include the Random Password Generator code in our app so that we can easily generate random passwords and store them in our database.
Output:
✌✌✌✌ We Finally Created our Own Secure Password Manager and Probably the best password manager for us.
To Get Full Code Visit: Github
0 Comments
Please Let me Know, If you have any doubts.