{"id":27979371,"url":"https://github.com/holmbrg/hashflog","last_synced_at":"2025-05-08T02:52:37.061Z","repository":{"id":291832261,"uuid":"978929648","full_name":"Holmbrg/HashFlog","owner":"Holmbrg","description":"File-based credential vault: SHA-256 email IDs, bcrypt-salted passwords, each record Fernet-encrypted and appended to one log + tiny index for O(1) look-ups. No database, two files, scales to millions of users; ideal for secure prototypes, IoT, and web apps.","archived":false,"fork":false,"pushed_at":"2025-05-06T19:06:22.000Z","size":26,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-05-06T19:37:48.839Z","etag":null,"topics":["append-only-log","bcrypt","credential-store","encryption-decryption","fernet","file-based-database","lightweight-auth","password-hashing","python","sha256"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Holmbrg.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-05-06T18:14:51.000Z","updated_at":"2025-05-06T19:06:26.000Z","dependencies_parsed_at":"2025-05-06T19:37:50.772Z","dependency_job_id":"4f0f2cfb-a961-4760-a2f8-e8c7b3957459","html_url":"https://github.com/Holmbrg/HashFlog","commit_stats":null,"previous_names":["holmbrg/hashflog"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Holmbrg%2FHashFlog","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Holmbrg%2FHashFlog/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Holmbrg%2FHashFlog/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Holmbrg%2FHashFlog/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Holmbrg","download_url":"https://codeload.github.com/Holmbrg/HashFlog/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252989963,"owners_count":21836667,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["append-only-log","bcrypt","credential-store","encryption-decryption","fernet","file-based-database","lightweight-auth","password-hashing","python","sha256"],"created_at":"2025-05-08T02:52:35.493Z","updated_at":"2025-05-08T02:52:37.053Z","avatar_url":"https://github.com/Holmbrg.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# HashFlog\nFile-based credential vault: SHA-256 email IDs, bcrypt-salted passwords, each record Fernet-encrypted and appended to one log + tiny index for O(1) look-ups. No database, two files, scales to millions of users; ideal for secure prototypes, IoT, and web apps.\n\n**HashFlog** is a file-based credential vault that stores every user record in three concentric security layers—SHA-256 e-mail digests, bcrypt-salted passwords, and Fernet encryption—written to a single append-only log with a compact index.\n\nThis program is essentially made to avoid any brand databases that might charge for such services.\n\n## Highlights\n- **No database required**: two runtime files (`users.log`, `users.idx`)\n- **Constant-time look-ups**: one disk seek and decrypt per login, even with ~1M+ users\n- **Crash-safe**: append-only design; optional compactor rewrites a slim log off-peak\n- **Portable**: works anywhere Python runs; depends only on `bcrypt` and `cryptography`\n- **MIT-licensed**: permissive for commercial or personal use\n\n## Storage model\n1. E-mail → SHA-256 digest → UID (plain addresses never stored)  \n2. Password → bcrypt hash (cost 14, salted)  \n3. Hash → Fernet ciphertext  \n4. `[LEN][CIPHERTEXT]` appended to **users.log**  \n5. `UID OFFSET` line appended to **users.idx**\n\n## Setup note\n- Generate fernet and store as environment variable permanently under name 'FILE_ENCRYPTION_KEY', to use this package.\n\n## Future plans\n- Add --rebuild-index tool.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fholmbrg%2Fhashflog","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fholmbrg%2Fhashflog","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fholmbrg%2Fhashflog/lists"}