Encryption as a ‘Password Manager’

Encryption, and Encryption everywhere! But how does it helps as a ‘Password Manager’? Will it remember my password? save it somewhere? Let’s see.

What is Encryption?

encryption is the process of encoding information

Wikipedia

What it means is converting a human readable text to some sort of gibberish thing. Imagine a situation where you send a message to your imaginary friend Kara from high school. Casual conversation, everything’s good right? But one day you shared something secret which you don’t want no one but your friend Kara to know. This is where encryption comes in. And if the algorithm is good enough then it might take years to crack. Your messages are turned into some ‘unmeaningful’ texts then no one but your friend will be able to understand that. Wait! If that’s unmeaningful then how your friend will have the ability to turn the unmeaningful text to meaningful text again (aka ‘decryption’). Just saying, even if you are not sending some super secret ‘whatever’ you don’t want anyone to eavesdrop in your conversations.

How Encryption serves the purpose of a ‘Password Manager’?

Before I start, its okay if you never used a Password Manager before. Well, personally I have never used any password managing application except Google Passwords. But as the name implies, it helps managing your passwords, i.e. store them in a organized way plus you might get other cool feature’s depending on the software you use.

And, now to the answer of the question, it doesn’t! It doesn’t serve the purpose of a password manager literally, more like a metaphor or very close to that.

Let’s see what I mean. Imagine you want to signup for xyz.com and you have to create a new password for the account you are about to open. What if you could create passwords from really simple, even dumb yet remember-able words? Maybe if you can encrypt that simple word with some rule which is also easy to remember. Of course, the encrypted string is supposed to be strong and will most likely be accepted by every website you sign up. [You can make the string more complex by adding special character’s and numbers. We will see it a bit later.]

Cifar

Cifar is an application which reflects the above idea of generating passwords with simple, remember-able words.

Let’s see it action,

  1. At first please go to https://cifar.iamlizu.com/.
  2. Then please enter a string.
  3. After that select a number to shift the position of characters in the entered string.
  4. Now, press Generate and you shall see the generated password string.
  5. Finally, press the copy button to copy the generated password to your clipboard.
Generating password string

Those of you are familiar with encryption, can relate this to Caesar cipher. However, its not. The idea is pretty much similar or exact to it but the implementation is a little bit different. As of now, I think the implementation is rather stupid and imperfect. But hey, It gets the work done!

Cifar is also available as a npm package. You can install it with npm i cifar.

const feed = require("cifar");
console.log(feed("Hello54#", 2)) // prints "JgNnQ76%"

You can learn more about the usage of the npm package at it’s page here.

Advantages

If you use cifar, you don’t have to remember your tough passwords. For example, you can have a common pattern of simple text for each site, in that way you don’t have to even remember, you just know that ‘this word is the word to be used to generate password’. So, you don’t have to remember or might not need a password manager as well!

You can access your password from anywhere, just type in the string and shift!

Limitations

It may or can be hard to remember different words or different patter for that matter. Also, you might find it difficult to remember how many characters to shift.

Sam’s Solution to Overcome Limitations

Sam is a guy from Milky-way, whenever he signups to a new website, he adds two special character – ‘%^’ and there digits – ‘172’ to the website name and shifts 4 times to create a string. For example, if is signing up for his FireFox account, then the string he enters to cipher is ‘172FireFox%^’. If he is creating account for Facebook, then the string will be ‘172Facebook%^’.

As you can see, Sam doesn’t need to remember different plaintext to generate different passwords for different accounts. He has a very fixed and easy to remember pattern which let’s him generate very strong passwords. He doesn’t need to save these or use a password manager. He can just regenerate his passwords using cifar.

Conclusion

This might not be the ideal solution to choose over password manager. It was rather a fun project. But, I think there will be some of you who will get the idea handy. Also, the application is openly developed at GitHub, trust me I am not stealing your passwords 😄, neither anyone else. Password generation is done in the client side, your browser, and stored no where else.

Give the applications some try, I believe you will like it. Maybe you don’t have to use any password manager at all. Star the GitHub repo to support me and my work.

Svelte Ride – Step By Step Guide To Your First Web App

Svelte is a JavaScript framework. It is free and open-source. As you may know JavaScript applications are fast, reduces server load and also provides rich interfaces, Svelte is another entity in the game. In this article, we will focus on some of the topics and create our first web application using Svelte.

Continue reading “Svelte Ride – Step By Step Guide To Your First Web App”

HSTS Preload — Using TLS / SSL Certificate Properly

HSTS Preload ensures that your website securely loads in user’s the web browsers. It ensures no cyber criminal is able to redirect your website or application users to non-secure channel. It helps to improve your website security in a large scale. Just having TLS / SSL is not helping you that much!

Continue reading “HSTS Preload — Using TLS / SSL Certificate Properly”