A secure, zero-knowledge CLI password manager with military-grade encryption
| Feature | Description |
|---|---|
| π Zero-Knowledge | Your passwords are never stored in plain text |
| π Fernet Encryption | AES-128-CBC + HMAC-SHA256 for data protection |
| π PBKDF2HMAC | 480,000 iterations for secure key derivation |
| π Recovery System | Recovery key + security questions for account recovery |
| π» Cross-Platform | Works on Windows, Linux, and macOS |
| π¨ Beautiful CLI | Colorful terminal interface with ASCII art |
| π¦ Modular Design | Clean, maintainable codebase |
ββββββββββββββ
ββββββββββββββββββββββββββ
ββββββββββββββββββββββββββββββββββ
ββββββββββββββββββββββββββββββββββββββ
ββββββββββββββββββββββββββββββββββββββββββ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β βββββββ ββββββ βββββββββββββββββββ βββ βββββββ βββββββ βββββββ β
β βββββββββββββββββββββββββββββββββββ ββββββββββββββββββββββββββββ β
β βββββββββββββββββββββββββββββββββββ ββ ββββββ ββββββββββββββ βββ β
β βββ βββ βββββββββββββββββββββββββββββββββββββββββ βββββββββββ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β β WARNING: UNAUTHORIZED ACCESS IS STRICTLY PROHIBITED β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
- Python 3.8 or higher
- pip (Python package manager)
# Clone the repository
git clone https://github.com/YOUR_USERNAME/password-manager.git
cd password_manager
# Install dependencies
pip install -r requirements.txt
# Run the application
python main.py- Create Master PIN - This is your main password (minimum 4 characters)
- Set Security Questions - Choose 3 questions for identity verification
- Save Recovery Key - Store this key safely! It's your only way to recover access
βββββββββββββββββββββββββββββββββββββββ
β MENU UTAMA β
βββββββββββββββββββββββββββββββββββββββ€
β [1] π View All Passwords β
β [2] β Add New Password β
β [3] π Search Password β
β [4] ποΈ Delete Password β
β [5] π Change Master PIN β
β [6] πͺ Exit β
βββββββββββββββββββββββββββββββββββββββ
| Command | Description |
|---|---|
1 |
Display all stored passwords in a table |
2 |
Add a new password entry (Service, Username, Password) |
3 |
Search passwords by service name or username |
4 |
Delete a password entry |
5 |
Change your Master PIN |
6 |
Exit the application |
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β USER INPUT β
β (Master PIN) β
βββββββββββββββββββββββββββ¬ββββββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β PBKDF2HMAC β
β β’ Algorithm: SHA-256 β
β β’ Iterations: 480,000 (OWASP 2023 Standard) β
β β’ Salt: 32 bytes cryptographically random β
βββββββββββββββββββββββββββ¬ββββββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β FERNET ENCRYPTION β
β β’ AES-128-CBC for confidentiality β
β β’ HMAC-SHA256 for authentication β
βββββββββββββββββββββββββββ¬ββββββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β data.vault β
β (Encrypted Binary File) β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
- Zero-Knowledge: Passwords are encrypted locally; even if someone gets your vault file, they can't read it without the PIN
- Key Derivation: Uses PBKDF2 with 480,000 iterations to resist brute-force attacks
- Authenticated Encryption: Fernet provides both encryption and authentication
- Secure Recovery: Two-factor recovery using both Recovery Key and Security Questions
- Run
python main.py - Type
Rwhen prompted for PIN - Enter your Recovery Key (format:
XXXX-XXXX-XXXX-XXXX-XXXX) - Answer at least 2 out of 3 security questions correctly
- Create a new PIN or view your current PIN
- β Write it on paper and store in a safe
- β Store in a different password manager
- β Keep in a physical vault
- β Don't store on the same computer
- β Don't share with anyone
- β Don't take photos with unsecured devices
password-manager/
βββ main.py # Entry point
βββ requirements.txt # Dependencies
βββ README.md # Documentation
βββ .gitignore # Git ignore rules
β
βββ password_manager/ # Main package
βββ __init__.py # Package metadata
βββ config.py # Configuration & constants
βββ crypto.py # Encryption & key derivation
βββ storage.py # Database operations
βββ auth.py # Authentication
βββ recovery.py # Recovery system
βββ menu.py # Menu handlers
βββ ui.py # User interface
βββ styles.py # Colors & ASCII art
| Module | Purpose |
|---|---|
config.py |
Constants, paths, security settings |
crypto.py |
Encryption, decryption, hashing, key derivation |
storage.py |
CRUD operations for vault files |
auth.py |
Login and vault creation |
recovery.py |
Security questions and recovery process |
menu.py |
Handler for each menu option |
ui.py |
Display functions and formatting |
styles.py |
ANSI colors and ASCII art |
| File | Description |
|---|---|
data.vault |
Your encrypted passwords |
salt.key |
Unique salt for encryption |
recovery.vault |
Encrypted recovery data |
security.vault |
Encrypted security questions |
These files are already in .gitignore and should NEVER be committed to version control.
- Use a strong Master PIN - Combine letters, numbers, and symbols
- Keep backups - Copy your
.vaultand.keyfiles to secure locations - Store Recovery Key safely - This is your only way to recover if you forget the PIN
- Don't share files - Each installation should have its own vault
cryptography>=41.0.0# Run the application
python main.py- Fork the repository
- Create your feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
- cryptography - Python cryptographic library
- Fernet - Symmetric encryption recipe
- PBKDF2 - Password-Based Key Derivation Function
Made with β€οΈ for secure password management