This repository is the working tree of Connor Horman and Isaac Kilbourne's (Group 1) password manager for COMP 3340.
Passman is an end-to-end encrypted password manager that uses zero-knowledge proofs and modern cryptography to ensure that a user - and only that user - is able to view their stored credentials. Nobody else, not even the servers that run Passman, is ever in possession of sufficient information to decrypt any user's data.
The following are screenshots of Passman:
Signing In:
The first part of the project is to find at least 10 reputable publications that will inform our design and implementation decisions.
The following publications were chosen, in no particular order:
- PBKDF2 NIST Publication
- 1Password Whitepaper
- Keccack Implementation Overview
- Security Analysis of Password Managers
- Time-based OTP authentication via secure tunnel (TOAST): A mobile TOTP scheme using TLS seed exchange and encrypted offline keystore
- Announcing the Advanced Encryption Standard
- Curve25519: New Diffie-Hellmen Speed Records
- Web API Verification: Results and Challenges
- Persistence of Passwords in Bitwarden’s Browser Extension: Unnecessary Retention and Solutions
- UC-339 Cybersecurity Analysis of Password Managers
Good news - you're in the right place :) This repo contains the complete source code for Passman.