|
1 | | -libdecaf-based sphinx password storage implementation |
| 1 | +sphinx: a password **S**tore that **P**erfectly **H**ides from **I**tself |
| 2 | +(**N**o **X**aggeration) |
2 | 3 |
|
3 | | -sphinx: a password *S*tore that *P*erfectly *H*ides from *I*tself |
4 | | -(*N*o *X*aggeration) |
5 | | - |
6 | | -pitchforked sphinx is a cryptographic password storage as described in |
| 4 | +libsphinx is a cryptographic password storage as described in |
7 | 5 | https://eprint.iacr.org/2015/1099 |
8 | 6 |
|
9 | 7 | and as presented by the Levchin Prize winner 2018 Hugo Krawczyk on |
10 | 8 | Real World Crypto https://www.youtube.com/watch?v=px8hiyf81iM |
11 | 9 |
|
12 | | -pitchforked sphinx comes with variety of interfaces: a library, a |
13 | | -python wrapper around that library, a network server/client written in |
14 | | -python and simple command-line binaries. |
15 | | - |
16 | 10 | ## What is this thing? |
17 | 11 |
|
18 | 12 | It allows you to have only a few (at least one) passwords that you |
@@ -44,19 +38,19 @@ it's unique and cannot be used to login to other sites or services. |
44 | 38 | ## Installing |
45 | 39 |
|
46 | 40 | Install `libsodium` using your operating system provided package |
47 | | -management. And if you use any of the python goodies you need to |
48 | | -install also `pysodium` using either your OS package manager or pip. |
| 41 | +management. |
49 | 42 |
|
50 | | -Building everything should be quite simple afterwards: |
| 43 | +Building everything should (hopefully) be quite simple afterwards: |
51 | 44 |
|
52 | 45 | ``` |
53 | 46 | git submodule init |
| 47 | +cd src |
54 | 48 | make |
55 | 49 | ``` |
56 | 50 |
|
57 | 51 | ## Library |
58 | 52 |
|
59 | | -Pitchforked sphinx builds a library, which you can use to build your |
| 53 | +libsphinx builds a library, which you can use to build your |
60 | 54 | own password manager either in C/C++ or any other language that can |
61 | 55 | bind to this library. The library also contains an experimental |
62 | 56 | version of the PKI-free PAKE protocol from page 18 of the paper. |
@@ -156,7 +150,7 @@ function return 1, otherwise 0. |
156 | 150 |
|
157 | 151 | ## Standalone Binaries |
158 | 152 |
|
159 | | -pitchforked sphinx comes with very simple binaries, so you can build |
| 153 | +libsphinx comes with very simple binaries, so you can build |
160 | 154 | your own password storage even from shell scripts. Each step in the |
161 | 155 | protocol is handled by one binary: |
162 | 156 |
|
@@ -190,12 +184,14 @@ The derived password is sent to standard output and currently is a 32 byte |
190 | 184 | binary string. |
191 | 185 |
|
192 | 186 | ### step 4 - transform into ASCII password |
| 187 | + |
193 | 188 | The output from step 3 is a 32 byte binary string, most passwords have some |
194 | 189 | limitations to accept only printable - ASCII - chars. `bin2pass.py` is a python |
195 | | -script which takes a binary input on standard input and transforms it into an |
196 | | -ASCII password. It can have max two parameters the classes of characters |
197 | | -allowed ([*u*]pper-, [*l*]ower-case letters, [*d*]igits and [*s*]ymbols) and |
198 | | -the size of the password. The following examples should make this clear: |
| 190 | +script in the [pwdsphinx](https://github.com/stef/pwdsphinx) python module which takes a binary input on standard |
| 191 | +input and transforms it into an ASCII password. It can have max two parameters |
| 192 | +the classes of characters allowed ([**u**]pper-, [**l**]ower-case letters, |
| 193 | +[**d**]igits and [**s**]ymbols) and the size of the password. The following |
| 194 | +examples should make this clear: |
199 | 195 |
|
200 | 196 | Full ASCII, max size: |
201 | 197 | ``` |
|
0 commit comments