{"id":13468109,"url":"https://github.com/michoo/spasm","last_synced_at":"2025-03-26T03:31:34.448Z","repository":{"id":69414729,"uuid":"303522302","full_name":"michoo/spasm","owner":"michoo","description":"{S}mol {PAS}sword {M}anager","archived":false,"fork":false,"pushed_at":"2020-10-12T22:00:43.000Z","size":112,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-10-29T21:59:24.915Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/michoo.png","metadata":{"files":{"readme":"readme.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-10-12T21:55:50.000Z","updated_at":"2021-05-29T07:16:16.000Z","dependencies_parsed_at":"2023-07-09T22:46:07.210Z","dependency_job_id":null,"html_url":"https://github.com/michoo/spasm","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/michoo%2Fspasm","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/michoo%2Fspasm/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/michoo%2Fspasm/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/michoo%2Fspasm/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/michoo","download_url":"https://codeload.github.com/michoo/spasm/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245584974,"owners_count":20639656,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-31T15:01:05.614Z","updated_at":"2025-03-26T03:31:34.439Z","avatar_url":"https://github.com/michoo.png","language":"Rust","funding_links":[],"categories":["Libraries"],"sub_categories":["Cryptography"],"readme":"# Spasm\n```                          \n  ____  _____      __      ____    ___ ___    \n /',__\\/\\ '__`\\  /'__`\\   /',__\\ /' __` __`\\  \n/\\__, `\\ \\ \\L\\ \\/\\ \\L\\.\\_/\\__, `\\/\\ \\/\\ \\/\\ \\ \n\\/\\____/\\ \\ ,__/\\ \\__/.\\_\\/\\____/\\ \\_\\ \\_\\ \\_\\\n \\/___/  \\ \\ \\/  \\/__/\\/_/\\/___/  \\/_/\\/_/\\/_/\n          \\ \\_\\                               \n           \\/_/                               \n```\n{S}mol {PAS}sword {M}anager\n\n\n## Goals\nI was fedup to store all my passwords into commercial tools and to have no tools to generate or evaluate my passwords.\n\nYou'll find here some cli tools to:\n- manage passwords\n- generate password or passphrase (diceware)\n- tools to check the quality of a password using Shannon entropy and leakage from Have I been pwnd?\n\nThe main goal is to have something simple to modify for your needs.\n\nBe aware that I'm not responsible of the loss of your password if theres any bug. I use it every day and it's a week end project so there's no warranty. \n\nNB: The Master Key you use is never stored and can be different for each entry. No possibility to recover lost master key(s).\n\n## Releases \n- Releases are available for linux based on stable-x86_64-unknown-linux-gnu (default) rustc 1.46.0 (04488afe3 2020-08-24)\n- I'll try to do something on macosx\n- If someone want to build on windows and test, be my guest.\n\n## pre requisites on linux for clipboard\n```\nsudo apt-get install xclip upx\n```\n\n## build \nInstall (rustlang)[https://www.rust-lang.org/learn/get-started]: \n```\ncurl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh\n```\nand then build spasm\n\n```shell script\ncargo build --release\n```\non linux you can add other cool stuffs to reduce the size\n```\nstrip target/release/spasm\nupx -9 target/release/spasm\n```\n\nCopy/Paste the spasm binary (from target/release) on a accessible Path from terminal (PATH variable for example).\nThen copy bin/ directory with all the files in the same directory of spasm,\nFinally copy .env file filed with the good properties near spasm\n\nand start with a spasm -h\n\n## Have I been Pwnd?\nIf you have an api key from (Have I been Pwnd?)[https://haveibeenpwned.com/API/Key]\nYou can use it by adding an env variable \"HIBP_API\" with the key (or you can add it into .env file - I removed it by default)\n\n## Usage\n\n    spasm -h : help and list all commands\n    spasm list: list all entries\n    spasm add: add a new entry\n    spasm get: get your stored password back into your clipboard\n    spasm del: delete an entry\n    spasm generate: generate a password\n    spasm dice: generate a passphrase based on diceware\n    \n    spasm -P \u003csome_password\u003e : check the quality of your password\n    spasm -b \u003csome_email\u003e : check if there's some leaks with this email\n    spasm --auto-completion \u003cout\u003e : generate autocompletion for out = bash or elvish or fish or powershell or zsh\n\n\n## Diceware\nIt's based on diceware wordlist. I simplified those files.\nhttp://weber.fi.eu.org/software/diceware/src/\nhttps://github.com/yuvallanger/rusty-diceware\n\n## Crypto\nEach password entry is individually encrypted and authenticated with ChaCha20/Poly1305. \nThe key is derived with Argon2id from the master key and a randomly generated 16-byte salt. \nThe plaintext is the UTF-8 encoding of the password. \nThe additionally associated data consists of the entry name, shortened name, and extra data. \nThe exact construction is SHA256(name) || SHA256(short) || SHA256(extra) to avoid collisions.\nAll metadata (long name, short name and login/extra) are not encrypted. Try to open .spasm.json to check how it's stored. \n\n## Quality of a password\nThis is based on 2 criteria:\n- Shannon's entropy. If it superior to 70, it's not perfect but it's a start for a good password it's totally subjective (today 12/10/2020). It depends off so many things like type of storage of password (ssha1,...), electical cost of an infrastructure versus a rig of cpu/gpu. You can do your math and try to define a nice threshold and recompile the app or add new features :)\n  (https://tutorials.technology/blog/08-Hashcat-GPU-benchmarking-table-Nvidia-and-amd.html)\n- Pwnd on Have I been pwnd (if you have set your api key in env variable HIBP_API into .env or into your workspace )\n\n## Sources\nI'm not a genius, I just mixed some source code from:\n- https://github.com/defund/pw\n- https://github.com/TypeError/pwnage.rs\n\nThanks for that's! (for the code not that I'm not a genius uwu)\n\n## License\nMIT\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmichoo%2Fspasm","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmichoo%2Fspasm","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmichoo%2Fspasm/lists"}