{"id":50487124,"url":"https://github.com/systemslibrarian/crypto-lab-phantom-vault","last_synced_at":"2026-06-09T19:01:49.366Z","repository":{"id":349078994,"uuid":"1200976919","full_name":"systemslibrarian/crypto-lab-phantom-vault","owner":"systemslibrarian","description":"Browser-based stateless password manager — derive any password from a master passphrase using HMAC-DRBG. Nothing stored, nothing synced, nothing to breach.","archived":false,"fork":false,"pushed_at":"2026-04-08T06:34:54.000Z","size":78,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-01T23:07:00.451Z","etag":null,"topics":["crypto-compare","csprng","hmac-drbg","key-derivation-function","pbkdf2-hmac-sha256","rejection-sampling","stateless-password-manager","webcrypto"],"latest_commit_sha":null,"homepage":"https://systemslibrarian.github.io/crypto-lab-phantom-vault/","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/systemslibrarian.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-04-04T03:50:35.000Z","updated_at":"2026-04-08T06:34:58.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/systemslibrarian/crypto-lab-phantom-vault","commit_stats":null,"previous_names":["systemslibrarian/phantom-vault"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/systemslibrarian/crypto-lab-phantom-vault","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/systemslibrarian%2Fcrypto-lab-phantom-vault","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/systemslibrarian%2Fcrypto-lab-phantom-vault/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/systemslibrarian%2Fcrypto-lab-phantom-vault/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/systemslibrarian%2Fcrypto-lab-phantom-vault/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/systemslibrarian","download_url":"https://codeload.github.com/systemslibrarian/crypto-lab-phantom-vault/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/systemslibrarian%2Fcrypto-lab-phantom-vault/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34121022,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-09T02:00:06.510Z","response_time":63,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["crypto-compare","csprng","hmac-drbg","key-derivation-function","pbkdf2-hmac-sha256","rejection-sampling","stateless-password-manager","webcrypto"],"created_at":"2026-06-01T23:03:59.393Z","updated_at":"2026-06-09T19:01:49.361Z","avatar_url":"https://github.com/systemslibrarian.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Phantom Vault\n\n**Live:** [https://systemslibrarian.github.io/crypto-lab-phantom-vault/](https://systemslibrarian.github.io/crypto-lab-phantom-vault/)\n\n## 1. What It Is\nPhantom Vault is a stateless password derivation demo that combines PBKDF2-SHA-256, HMAC-DRBG (SP 800-90A Rev.1 §10.1.2), and rejection sampling to deterministically produce service-specific passwords. It solves the problem of storing synced password vault data by regenerating credentials from a master passphrase plus context (`service`, `username`, and `version`). The model is symmetric and deterministic: whoever knows the same inputs can regenerate the same output. This is not asymmetric cryptography, zero-knowledge proof storage, or threshold key management, and it does not provide account recovery if the passphrase is lost.\n\n## 2. When to Use It\n- You want deterministic per-service passwords without syncing a vault: the same inputs always reproduce the same password on any device.\n- You need explicit rotation by version number: incrementing `version` gives a new output while old versions remain reproducible.\n- You want an auditable educational pipeline: the UI exposes progress and DRBG state snapshots so each derivation stage is inspectable.\n- You should not use it when users need recovery workflows: because no secrets are stored, forgotten master passphrases cannot be recovered.\n- You should not use it where policy requires random one-time generated passwords per account: this design is deterministic by definition.\n\n## 3. Live Demo\nLive demo: [https://systemslibrarian.github.io/crypto-lab-phantom-vault/](https://systemslibrarian.github.io/crypto-lab-phantom-vault/)\n\nThe demo derives passwords in-browser from a master passphrase plus service context and selected charset rules. You can tune service, username, version, output length, and character class toggles (`lowercase`, `uppercase`, `digits`, `symbols`), then run derivation and inspect pipeline/proof output. The demo does not encrypt/decrypt stored payloads; it only derives deterministic passwords.\n\n## 4. What Can Go Wrong\n- Master passphrase compromise cascades globally: if an attacker learns the passphrase, every derived credential can be regenerated.\n- Weak or low-entropy passphrase selection: deterministic generation cannot compensate for guessable input material.\n- Context collisions (`service`, `username`, `version`) across accounts: reused context produces identical outputs and defeats separation.\n- Incorrect implementation of rejection sampling: modulo-biased mapping would skew distribution and reduce effective password strength.\n- Operational misuse of versioning: failing to track version changes can lock users out after rotation.\n\n## 5. Real-World Usage\n- PKCS #5 / RFC 8018 PBKDF2: defines PBKDF2 for password-based key derivation used broadly in application and credential protection workflows.\n- NIST SP 800-132: recommends PBKDF2 for deriving cryptographic keys from passwords in federal guidance.\n- NIST SP 800-90A Rev.1 HMAC-DRBG: standardizes the DRBG construction implemented by this project for deterministic pseudorandom byte generation.\n- OpenSSL PKCS #8 encrypted private keys (`PBES2`): commonly uses PBKDF2 parameters when protecting private keys with passphrases.\n- WPA2-PSK (`PBKDF2-HMAC-SHA1`): derives Wi-Fi pre-shared key material from passphrases using the PBKDF2 design family.\n\n## Related Projects\n- corrupted-oracle: DRBG backdoor demonstration and analysis lineage.\n- crypto-compare CSPRNG category: comparative references for deterministic RNG systems.\n- quantum-vault-kpqc: post-quantum-oriented vault exploration.\n\n## Data Sources\n- NIST SP 800-90A Rev.1, HMAC-DRBG (§10.1.2)\n- NIST SP 800-132, PBKDF2 recommendations\n- OWASP Password Storage Cheat Sheet\n\n*\"So whether you eat or drink or whatever you do, do it all for the glory of God.\" — 1 Corinthians 10:31*\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsystemslibrarian%2Fcrypto-lab-phantom-vault","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsystemslibrarian%2Fcrypto-lab-phantom-vault","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsystemslibrarian%2Fcrypto-lab-phantom-vault/lists"}