Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/lucasepe/grasp

Create strong passwords using words that are easy for you to remember. A password manager that does not require any type of storage
https://github.com/lucasepe/grasp

golang password-generator password-manager security

Last synced: about 1 month ago
JSON representation

Create strong passwords using words that are easy for you to remember. A password manager that does not require any type of storage

Host: GitHub
URL: https://github.com/lucasepe/grasp
Owner: lucasepe
License: bsd-3-clause
Created: 2021-01-07T16:45:54.000Z (almost 4 years ago)
Default Branch: main
Last Pushed: 2022-10-22T12:50:25.000Z (about 2 years ago)
Last Synced: 2024-06-19T02:01:44.885Z (7 months ago)
Topics: golang, password-generator, password-manager, security
Language: Go
Homepage:
Size: 2.24 MB
Stars: 22
Watchers: 3
Forks: 5
Open Issues: 1
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE

Awesome Lists containing this project

README

# `Grasp`

[![Go Report Card](https://goreportcard.com/badge/github.com/lucasepe/grasp)](https://goreportcard.com/report/github.com/lucasepe/grasp) [![Go Coverage](https://gocover.io/_badge/github.com/lucasepe/grasp?nocache=grasp)](https://gocover.io/_badge/github.com/lucasepe/grasp?nocache=grasp) [![Twitter](https://img.shields.io/twitter/url?style=social&url=https%3A%2F%2Fgithub.com%2Flucasepe%2Fgrasp)](https://twitter.com/intent/tweet?text=Wow:&url=https%3A%2F%2Fgithub.com%2Flucasepe%2Fgrasp)

## Create strong passwords using words that are easy for you to remember

A way to circumvent password complexity rules and restrictions while only needing to remember something _memorable_.

## A password manager that does not require any type of storage

Cross Platform simple and secure password generator / manager that does not require a file/cloud/whatever archive.

- [Open Source](https://github.com/lucasepe/grasp)
- Works on [Linux, Mac OS, Windows](https://github.com/lucasepe/grasp/releases/latest)
- Just a single portable binary file

Passwords become complicated (one capital letter, one number, one punctuation mark, one emoji, etc.)...

- It's impossible to use and remember different passwords for all of your accounts?
- You often reuse the same passwords on various accounts?
- Yes! There are a lot of greats passwords managers tools

Using `grasp` all you need to remember are:

> your favorite words! anything that is easy for you to remember! (a poem? a song? a sequence of insults? :bowtie:)

## How to install

### [Homebrew](https://brew.sh/index_it)

```bash
brew tap lucasepe/grasp
brew install grasp
```

## Ready-To-Use Releases

[Here you can find `grasp` already compiled](https://github.com/lucasepe/grasp/releases/latest) for: MacOS, Linux and Windows.

---

## How to use (examples)

```
grasp google.com [email protected] vercingetorige
>qhOzrL^*+IF
```

```
grasp linkedin.com [email protected] hope to find the job of my life!
[email protected]$|mIp
```

```
grasp -s L --no-symbols amazon.com [email protected] this is lambda!
sRZg5qOvK2GnDLJ9
```

Using these parameters `grasp` will generate a password:

- unique, complex and safe
- that meets all validation standards (uppercase, lowercase, numbers and special characters)

---

### Who cares... I have a secure online password manager...

Using `grasp` does not stop you from managing your passwords using a secure 'wallet' and in fact this is encouraged.

What `grasp` gives to you is:

- a simple way to generate good quality and safe passwords for websites and other services
- a secure mechanism to retrieve your passwords
- an easy system for managing your passwords

:warning: **WARNING!**

> **To recreate the same password for a given account you must make sure you don't forget the original words you used**.
>
> **If you enter different words, `grasp` will produce a different password! (the order of the words and the difference between upper and lower case is also important)**

## How does `grasp` works?

The sequence of words you type after the command is used as salt (the first word) and secret (all remaining words) to generate a secret key using the [Argon2](https://en.wikipedia.org/wiki/Argon2) key derivation function.

The result of this encryption is used as key for a cryptographically secure pseudorandom number generator (CSPRNG).

Finally the password is composed picking characters, digits and symbols using the integers generated by this CSPRNG.

- all these calculations are done _"on the fly"_ every time you request it
- this is why `grasp` does not need any archive

---

![](demo.gif)

---

## Credits

A huge thank you to:

> [Christopher Wellons](https://github.com/skeeto) for his hints about security and help in replacing the Mersenne Twister PRNG algorithm by a `cipher.Stream` CSPRNG with cryptographic AES.