mirror of https://gitlab.com/spectre.app/cli.git synced 2024-11-01 02:41:44 +01:00

The command-line interface brings the Spectre algorithm to POSIX platforms, including Linux, *NIX, macOS and Windows.

Find a file

Maarten Billemont 5361fc2961 Added ability to omit trailing newline from result output [ADDED] Added -n to ensure output can be raw result, avoiding need for post-processing. Resolves #15		2021-02-18 11:58:48 -05:00
api@84573c3ba7	Reference core API code through submodule.	2021-02-01 09:39:55 -05:00
scripts	Improved repeat generation of master password suggestions.	2020-05-24 19:54:50 -04:00
src	Added ability to omit trailing newline from result output	2021-02-18 11:58:48 -05:00
.gitignore	Ignore build files.	2018-06-19 01:59:28 -04:00
.gitmodules	Reference core API code through submodule.	2021-02-01 09:39:55 -05:00
bashcomplib	A bash completion script for mpw.	2015-03-12 01:03:02 -04:00
bashlib	Support for patching dependencies + ARM patch for bcrypt.	2014-11-21 09:39:30 -05:00
build	Update nomenclature.	2021-02-18 11:58:01 -05:00
clean	Reorganize core source and add Docker support to CLI.	2018-06-05 20:04:43 -04:00
CMakeLists.txt	Update nomenclature.	2021-02-18 11:58:01 -05:00
distribute	Update nomenclature.	2021-02-18 11:58:01 -05:00
Dockerfile	Migrate docker from ubuntu to alpine.	2018-06-05 21:25:38 -04:00
install	Update nomenclature.	2021-02-18 11:58:01 -05:00
LICENSE	Initial UI.	2011-11-30 22:42:40 +01:00
mpw-cli-tests	Update nomenclature.	2021-02-18 11:58:01 -05:00
mpw.bashrc	Update nomenclature.	2021-02-18 11:58:01 -05:00
mpw.completion.bash	Update nomenclature.	2021-02-18 11:58:01 -05:00
mpw_tests.xml	Update nomenclature.	2021-02-18 11:58:01 -05:00
README.md	Update nomenclature.	2021-02-18 11:58:01 -05:00

README.md

Spectre

Spectre introduces a completely new way of thinking about passwords.

[[TOC]]

Don't store; derive

Every attempt to solve the problem of passwords by means of storing countless unique site-specific tokens inevitably leads to complexity, loss of control, and security compromise.

Spectre flips the problem on its head by rejecting the notion of statefulness and giving the user a single secret to remember. The Spectre algorithm then derives whatever secret tokens you need.

site-password = SPECTRE( user-name, user-secret, site-name )

How does it work?

In short (simplified):

user-key = SCRYPT( user-name, user-secret )
site-key = HMAC-SHA-256( site-name . site-counter, user-key )
site-password = PW( site-template, site-key )

Consequently, Spectre can derive any site-password given the necessary base ingredients (ie. the user-name, user-secret, site-name, site-counter and site-template).

As an example:

user-name = Robert Lee Mitchell
user-secret = banana colored duckling
site-name = twitter.com
site-counter = 1
site-template = Long Password
site-password = PozoLalv0_Yelo

We standardize user-name as your full legal name, site-name as the domain name that hosts the site, site-counter to 1 (unless you explicitly increment it) and site-template to Long Password; as a result the only token the user really needs to remember is their user-secret.

Source Code

Spectre's algorithm and implementation is fully documented and licensed Free Software under the (GPLv3)[LICENSE].

Components

The source is broken down into several components:

api: The algorithm's reference implementation and API library. There is a C, Java and W3C interface.
cli: The official command-line interface for POSIX systems.
desktop: The official cross-platform desktop application.
macos: The official Apple macOS desktop application.
ios: The official Apple iOS mobile application.
android: The official Google Android mobile application.
web: The official cross-platform web application.
www: The Spectre homepage.

Building and running

This repository hosts a Hugo static site.

Build using:

$ hugo

The site should be available at public/index.html.