How Creating Own Password Manager Can Ease Your Pain. | by Codeityweb | Jan, 2021


Creating Your Own Best Password Manager


Their are many Password Manager available but in this post we will create our own offline password manager in python.


And I personally use this application for storing my passwords.

We all uses different applications and websites everyday and it requires us to login ,some of them give us option to login using OAuth and we can signup and login using it.

But in many cases we have to register using our Email Id and set a password for our account.
We have to make sure the Password is not common so that it cannot be guessed using dictionary attack.

Also the Length of the password should not be small and must include various letters, digits and punctuation marks to make it difficult to crack.

Much like this Yije4"*{|\/zm+Rgye`.QL>:M^`=&)8_O



We can create few difficult passwords like them, that are hard to crack but we cannot use them on all sites ,because if password of one website is compromised than the websites using the same passwords may also be in danger.

So we need to create almost different passwords for every website with more or less difficulty.

We have a Random Password Generator Post where we have created a random password generator using python which includes letters , digits and punctuation marks and they are almost hard to crack, but how do we remember them?.


So for That we are going to Create A Secure Offline Password Manager of our own to store those passwords and we can use them when they are needed.And indeed it will be  our best password manager so far.



So lets Start:

You might have heard that passwords should be hashed and then stored. Because getting the original password is impossible from the hashed passwords.

The Question is:


How to implement password storage with hashing and salting in our application?

For this we will use python hashlib library and we will use sha512 to hash our password.




So What should be the functionality of our app,basically it should perform CRUD operations. Right?


So the main functionality of our app will be :

 

  • Store the passwords
  • Display the passwords to the user
  • Update the existing record of a website
  • Delete a particular record



We will not use a simple file or something but we will be using Sqlite3 database for storing our passwords .




Best Password Manager


This is how it will look like


Step 1:

As we have decided to use sqlite3 database so we need to create a database and tables into it,but wait a minute!

Before Starting it we have some questions like
How many tables do we need?
What will be number of columns in the tables?
In technical terms What will be the fields of the tables? And so on..




So How many Tables do we need?

The answer is we will require only one table to store our passwords
as per our use case.

You can further increase the number of tables to make the app more functional.
if you require but to keep it simple and to make an app that we can use instantly we will make only one table.


Now What will be number of columns in the tables?
So we need Website Name, Username, Password, and also Email Id used for that website.Their are 4 columns in total, again you can increase as per requirements.



So our Sqlite3 database will be as:




Code:

-
import sqlite3
import hashlib
import base64

class PassManager:

    def __init__(self):
        self.conn = sqlite3.connect("PasswordManager.db")
        query = '''Create Table if not exists PassStorage(
        site varchar(255)not null,
        username varchar(255) not null,
        password varchar(255) not null,
        email varchar(255))'''
        self.conn.execute(query)
        self.conn.commit()

-


we are building PassManager class and we will build our CRUD operation as functions of this class as we move forward.



Step 2:


Now we have decided how our database will look like, now we have to think of the flow our app .


So we need a master username and master password ,so that only the user can access the database and no one else,and user needs to remember only the master credentials to get all the information.

You may have a question , that is password manager safe and is it really the best password manager app?

The answer is simple , yes it is safe because it is standalone offline application that only you will use on your local machine with local database,so no one have access to the details except you☺




Flow of th e app- Best Password Manager


This is the normal flow of our app.




Step 3:


Now lets start to build our app as per the flow.
so we start with getting master user credentials and storing them into the database by hashing the password.



Code:


We have Class PassManager in which we initialized the __init__ function and made the connection to the sqlite3 database as soon as the app is run


Now the function to create Master User is as follows

Master User - Best Password Manager



  • As we discussed earlier we will store password in hashed form and for that we are using hashlib library.
  • we use salt as combination of username and password you can use as your wish ,but make sure you remember the salt then,because it will be used further when we are needed to authenticate the master user.



Output:

Create Best Password Manager



Step 4:

Now we will move to create the functions for performing the CRUD
operations.




Best Password Manager



1.Store password in the database for various website                                                                                                                                          Now we cannot store the passwords directly into the database
we need to encrypt it so that it is not accessed by anyone
without the KEY.
Also we cannot hash the passwords because we need to display them back not like our master password which we don't need to revert.

So we are going to user fernet library from cryptography
module in python

If you don't have it installed just run
pip install cryptography

we are going to need authentication of master more often
so we will create a function to authenticate it.


Code:

Auth-Best Password Manager

  • so here we ask for credentials and make the hash using the saltand password.
  • Hence we told early that you can have any salt but remember it.So we fire SQL query to fetch the master user hashedPassword from the database and compare it with our generated hash.
  • if it matched we return the master password that we are going to use the different functions for CRUD operations later on.


  • if it is not matched then we return "PDM" i.e password Dont match.




As we have an authentication function now we can move
to make our 1st CRUD operation function to Store the user Passwords


Code:

Store pasword - Best Password Manager




  • In this function we first check if the site and username already exists in the database if so we ask them to update the password instead of  creating a new record.
  • if not we ask the website name , username,password and email id used for the website.





Output-Best Password Manager

  • As mentioned earlier we are using fernet for encrypting the passwords fernet requires fernet key to encrypt and decrypt the message.


  • we can create a fernet key by using built in funtion provided by fernet called as generate_key(), but in that case we need to store the key some where safe and if the key is found the passwords can be seen.


  • To avoid this problem we are creating are own key generation function called fernet_generate_passwordBased_key which takes master key as an argument and by using this generates the key.


  • Thus the encryption of the passwords depends on the master password hence you need to remember the master password if your forgot it then it is not possible to decrypt the passwords for the websites.





2.Update a record:
Now every thing is easy just some SQL is needed to perform our
CRUD operations

lets take a look


Code:


Update password-Best Password Manager

Show Passwords:


Show password -Best Password Manager




  • Here we first authenticate the user by calling the authenticate function that we created earlier and then ask for the site and username that we need to update.


  • First we check if the site and username is present if yes then we ask for new credentials and we encrypt the new password using our fernet function and store it in database.


  • if the site and username is not present then we send appropriate response to the user.




Output-Best Password Manager



We try to update first record now.


Output-Best Password Manager

After running the Operation the database looks like


Secure Password Manager




3.Display all records:

For displaying the records we first authenticate the master user.
Then we fetch all records except the master password and display them
now as the passwords are encrypted we need to decrypt it.

 so we  use fernet decrypt function and pass masterkey to decrypt our
passwords and finally display the records.



4. Delete a record:



Now to perform deletion we ask the user to enter the site and username
that they need to delete .
we check if the site is present or not if present we delete the record.
if not we return the appropriate response



Code:



Delete record-Best Password Manager



Output:



output


We try to delete the last record



output

After running the operation



output-Best Password Manager




Thus we have Successfully created our CRUD Operations.



Now we will include the Random Password Generator code in our app so that we can easily generate random passwords and store them in our database.

Output:


random password generator -Best Password Manager



✌✌✌✌ We Finally Created our Own Secure Password Manager and Probably the best password manager for us.





To Get Full Code Visit: Github


Post a Comment

0 Comments