mirror of https://gitlab.com/spectre.app/cli.git synced 2024-11-01 02:41:44 +01:00

The command-line interface brings the Spectre algorithm to POSIX platforms, including Linux, *NIX, macOS and Windows.

Find a file

Maarten Billemont 180cc3db8b Improve cmake search for sodium library. [IMPROVED] Ability for cmake to find installed sodium library.		2021-02-28 13:37:26 -05:00
api@3611ee5d42	Bump API to fix memory leak.	2021-02-28 11:15:30 -05:00
scripts	Master Password is now Spectre.	2021-02-28 11:14:33 -05:00
src	Master Password is now Spectre.	2021-02-28 11:14:33 -05:00
.gitignore	Master Password is now Spectre.	2021-02-28 11:14:33 -05:00
.gitmodules	Reference core API code through submodule.	2021-02-01 09:39:55 -05:00
bashcomplib	A bash completion script for mpw.	2015-03-12 01:03:02 -04:00
bashlib	Support for patching dependencies + ARM patch for bcrypt.	2014-11-21 09:39:30 -05:00
build	Master Password is now Spectre.	2021-02-28 11:14:33 -05:00
clean	Master Password is now Spectre.	2021-02-28 11:14:33 -05:00
CMakeLists.txt	Improve cmake search for sodium library.	2021-02-28 13:37:26 -05:00
distribute	Master Password is now Spectre.	2021-02-28 11:14:33 -05:00
Dockerfile	Master Password is now Spectre.	2021-02-28 11:14:33 -05:00
install	Master Password is now Spectre.	2021-02-28 11:14:33 -05:00
LICENSE	Initial UI.	2011-11-30 22:42:40 +01:00
README.md	Update nomenclature.	2021-02-18 11:58:01 -05:00
spectre-cli-tests	Master Password is now Spectre.	2021-02-28 11:14:33 -05:00
spectre.bashrc	Master Password is now Spectre.	2021-02-28 11:14:33 -05:00
spectre.completion.bash	Master Password is now Spectre.	2021-02-28 11:14:33 -05:00
spectre_tests.xml	Master Password is now Spectre.	2021-02-28 11:14:33 -05:00

README.md

Spectre

Spectre introduces a completely new way of thinking about passwords.

[[TOC]]

Don't store; derive

Every attempt to solve the problem of passwords by means of storing countless unique site-specific tokens inevitably leads to complexity, loss of control, and security compromise.

Spectre flips the problem on its head by rejecting the notion of statefulness and giving the user a single secret to remember. The Spectre algorithm then derives whatever secret tokens you need.

site-password = SPECTRE( user-name, user-secret, site-name )

How does it work?

In short (simplified):

user-key = SCRYPT( user-name, user-secret )
site-key = HMAC-SHA-256( site-name . site-counter, user-key )
site-password = PW( site-template, site-key )

Consequently, Spectre can derive any site-password given the necessary base ingredients (ie. the user-name, user-secret, site-name, site-counter and site-template).

As an example:

user-name = Robert Lee Mitchell
user-secret = banana colored duckling
site-name = twitter.com
site-counter = 1
site-template = Long Password
site-password = PozoLalv0_Yelo

We standardize user-name as your full legal name, site-name as the domain name that hosts the site, site-counter to 1 (unless you explicitly increment it) and site-template to Long Password; as a result the only token the user really needs to remember is their user-secret.

Source Code

Spectre's algorithm and implementation is fully documented and licensed Free Software under the (GPLv3)[LICENSE].

Components

The source is broken down into several components:

api: The algorithm's reference implementation and API library. There is a C, Java and W3C interface.
cli: The official command-line interface for POSIX systems.
desktop: The official cross-platform desktop application.
macos: The official Apple macOS desktop application.
ios: The official Apple iOS mobile application.
android: The official Google Android mobile application.
web: The official cross-platform web application.
www: The Spectre homepage.

Building and running

This repository hosts a Hugo static site.

Build using:

$ hugo

The site should be available at public/index.html.