So I was looking for ways of managing my passwords without using a server-based password manager like LastPass and I came across https://lesspass.com. According to the website, this tool creates the same password for the given master password, username and website. I really liked the idea and decided to make my own proof of concept in python using the random module. I made this simple function:
import random
import string
import os
MASTER_PASS=os.environ.get('MASTER_PASS')
def generate(platform, user, length):
random.seed(platform+user+MASTER_PASS)
letters=string.ascii_letters +string.digits + string.punctuation
password=""
for i in range(length):
password+=random.choice(letters)
print(password)
generate("facebook", "xyz.abc", 32)
I think this should be secure enough as long as nobody knows my MASTER_PASSWORD but I cannot shake the feeling that this is somehow stupidly unsafe. Can anyone point out the glaring flaws in this approach and suggest some ways to improve the robustness?
Aucun commentaire:
Enregistrer un commentaire