Awesome
<img src="https://raw.githubusercontent.com/SecUSo/privacy-friendly-passwordgenerator/master/fastlane/metadata/android/en-US/images/icon.png" alt="Privacy Friendly Backup Icon" width="80px" align="right" style="float: right; margin-right: 10px;" />
Privacy Friendly Password Generator
<img src="https://f-droid.org/badge/get-it-on.png" alt="Get it on F-Droid" height="60"><a href="https://play.google.com/store/apps/details?id=org.secuso.privacyfriendlypasswordgenerator"><img src="https://play.google.com/intl/en_us/badges/images/generic/en_badge_web_generic.png" height="60"></a>
Privacy Friendly Password Generator is an Android application that generates passwords based on previously saved accounts and a master password. The generated passwords can than be copied into the password or PIN field by the user. This app belongs to the Privacy Friendly Apps group developed by the SECUSO research group. Further information can be found on secuso.org/pfa<br />
Users can save the following properties of a password: <br />
- Account name: e.g. a website or account name
- Username: the username in case a user has multiple accounts for one service or website
- Character set: at least one of uppercase, lowercase, special, numbers
- Password length
- Password version: used to create different passwords if an update without changing of the master password and account data is intended. <br />
Password Generation
The password generation is based on the combination of two algorithms: the key deviation function PBKDF2 and the hash algorithm BCrypt. <br />
- The master password serves as a secret for the PBKDF2 algorithm.
- Password counter, account name, username and installation salt (optional) are concatenated to a string and form the salt of PBKDF2.
- The result of the PBKDF2 hashing is encoded into a special version of Base64 which is compatible with BCrypt and not longer than 22 characters.
- The master password serves as a secret for the BCrypt algorithm.
- Result of the PBKDF2 hashing combined with the string "$2a${bcrypt_cost}$" the beginning forms the salt for BCrypt ({bcrypt_cost} can be configured in the settings and has a default value of 10).
- The prefix and the salt is cut from the resulting byte-array.
- The byte-array is used to choose characters out of the character set the user has chosen. <br />
The passwords as well as the master password are never stored in the device. The master password has to be entered by the user and password is always created on the fly.
Motivation
Nowadays users need many different passwords for all kinds of services and also websites. Remembering and generating strong passwords can be a tough task. <br /> Privacy Friendly Password Generator should support users in creating strong passwords without having to trust a program to store them securely and safely for them. The complexity of remembering the passwords is reduced to a single master password.
Building
Further development requires Android Studio, we recommend to use at least version 2.3<br /> If you wish to contribute to this project, have a look at the contribution policy.
API Reference
Mininum SDK: 17<br> Target SDK: 33
Data Backup
You can use the Privacy Friendly Backup app to backup and restore this application's data. This can also be used to migrate your data to a new phone.
Translation
If you want to help translate this app, you can use Weblate.
License
Privacy Friendly Password Generator is licensed under the GPLv3.<br> Copyright (C) 2016-2018 Karola Marky<br> Copyright (C) 2019-2022 Christopher Beckmann<br>
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.<br>
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.<br>
You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.<br>
The app uses icons from Google Design Material Icons licensed under Apache License Version 2.0. All other images (the logo of Privacy Friendly Apps, the SECUSO logo) copyright SECUSO (2022).
Contributors
App-Icon: <br /> Markus Hau<br />
<a href="https://github.com/SecUSo/privacy-friendly-passwordgenerator/graphs/contributors"> <img src="https://contrib.rocks/image?repo=SecUSo/privacy-friendly-passwordgenerator&max=100&columns=20" /> </a>