Passera - Tool to generate strong unique passwords for each website

Tuesday, August 19, 2014



A simple tool that allows users to have strong unique passwords for each website, without the need to store them either locally or with an online service. It is available as a command-line tool for Linux/Mac/Windows and an Android app.

Passera turns any entered text into a strong password up to 64 characters long and copies it to clipboard. Figure out a decent system for yourself that will allow unique passphrases for every website, such as combining website name/URL with a phrase that you would not forget. To login, fire up Passera and enter the passphrase you chose and your real password will be copied to clipboard.

Turn
githubPasswd123
into
dpu7{Lrby(vQLd8m

This software is for privacy-aware people who understand the need to have strong unique passwords for each website, yet don't want to use any password managing software or services. Relying on password managing software means trusting your passwords to be kept safe by a third-party company, or trusting them to a single file on your disk.


To make it somewhat more conspicuous, when you start Passera it copies a random password to clipboard. The real password is then only stored in clipboard for 10 seconds, before being overwritten by another random string.

Password security considerations

Passera is not designed to produce a hash of a given string by reinventing the wheel of cryptography. Instead, it produces a unique string of specified length, suitable for usage as a strong password. The cryptographic methods used are ensuring that the produced passwords are as "random" as possible, and are absolutely impossible to trace back to original passphrases.

Passwords, produced by Passera are impossible to brute-force, since it would take an extremely long time (as opposed to using combinations of real words and sentences as passwords). If a password gets leaked from a compromised website, an attacker would not be able to determine any of your other passwords. And if the attacker is aware that Passera has been used to create the password, brute-forcing with intent to find out the original passphrase would also take an extremely long time.

Passera does not ask for a website URL or a "master password" when generating a password, because these values would be included into the hashing algorithm in a particular way, potentially known to an attacker. Instead, users have the freedom to combine anything in any order, shape or form in the initial passphrase, making it exponentially more difficult to brute-force, to the point of being impossible.





Subscribe via e-mail for updates!