Synopsis of

Project
‘Password Manager & Generator’

Submitted to - Submitted by -

Miss. Supriya Kamble Ujjwal Singh

(HOD) BSC.CS 6th Semester

Contents

1. Introduction
2. System Requirements
3. Objective of the Project
4. Summary
5. Description
6. Methodology
7. Problem Statement
8. Existing System
9. Proposed System
10.Conclusion
11.Reference
 Introduction
We know that password are a real security threat. To keep your account
safe and prevent your password from being hacked you to make your password
hard enough that nobody can guess.

Password generator is a tool that generates password based on the given

guideline that you set to create an unpredictable strong password for your
accounts. The password generator tool creates a random and customized
password for the users that helps them to create a strong password which
provides greater security.

Some password generators are simply random password generators.

These programs produce complex/strong passwords with combinations of
numbers, uppercase and lowercase letters, and special characters such as braces,
asterisks, slashes, etc.

Other types of password generators are made to generate more

recognizable passwords rather than a completely random set of characters.
There are tools for generating pronounceable passwords, as well as custom tools
that allow users to set detailed criteria. For instance, a user could set a request
for a certain number of characters, a certain mix of letters and numbers, a
certain number of special characters, or any other criteria for generating a new
password.

Password generators help those who have to constantly come up with

new passwords to ensure authorized access for programs and to manage a large
number of passwords for identity and access management. Other kinds of tools
include a password vault, where users manage large numbers of passwords in a
secure location.
 System Requirement
A. Hardware requirement:
1. Windows Vista, 7, 8, 10, 2003 server or higher.
2. 600 MHz intel Pentium III processor or similar.
3. At least 2 GB of RAM or more.
4. 250 GB of free hard disk space.

B. Software requirement:
1. Python 2.8
2. VS Code
 Objective of the project
A password generator software offers a good display of all your
credentials. As such, it saves you from memorizing hundreds of passwords
except the generator's login details. The primary objective of using a generator
is creation of strong and unpredictable passwords for all of your accounts.
 Summary
A random password generator is software program or hardware device
that takes input from a random or pseudo-random number generator and
automatically generates a password. Random passwords can be generated
manually, using simple sources of randomness such as dice or coins, or they can
be generated using a computer.

While there are many examples of "random" password generator

programs available on the Internet, generating randomness can be tricky and
many programs do not generate random characters in a way that ensures strong
security. A common recommendation is to use open source security tools where
possible since they allow independent checks on the quality of the methods
used. Note that simply generating a password at random does not ensure the
password is a strong password, because it is possible, although highly unlikely,
to generate an easily guessed or cracked password. In fact, there is no need at all
for a password to have been produced by a perfectly random process: it just
needs to be sufficiently difficult to guess.

A password generator can be part of a password manager. When a

password policy enforces complex rules, it can be easier to use a password
generator based on that set of rules than to manually create passwords.

Long strings of random characters are difficult for most people to

memorize. Mnemonic hashes, which reversibly convert random strings into
more memorable passwords, can substantially improve the ease of
memorization. As the hash can be processed by a computer to recover the
original 60-bit string, it has at least as much information content as the original
string.[1] Similar techniques are used in memory sport.
 Description
Password managers commonly reside on the user's personal computer or
mobile device, in the form of a locally installed software application. These
applications can be offline, wherein the password database is stored
independently and locally on the same device as the password manager
software. Alternatively, password managers may offer or require a cloud-based
approach, wherein the password database is dependent on an online file hosting
service and stored remotely, but handled by password management software
installed on the user's device.

Some offline password managers do not require Internet permission, so

there is no leakage of data due to the network. To some extent, a fully offline
password manager is more secure, but may be much weaker in convenience and
functionality than an online one. An online password manager is a website that
securely stores login details. They are a web-based version of more
conventional desktop-based password manager.

The advantages of online password managers over desktop-based

versions are portability (they can generally be used on any computer with a web
browser and a network connection, without having to install software), and a
reduced risk of losing passwords through theft from or damage to a single PC –
although the same risk is present for the server that is used to store the users
passwords on. In both cases this risk can be prevented by ensuring secure
backups are taken.
 Methodology
 Setting up an account
 Creating a master password
 Watching/reading instructional content
 Encrypting files
 Sharing files
 Adding browser extensions
 Installing mobile apps
 Adding passwords (either through a browser extension or manually)
 Importing and exporting passwords
 Generating passwords
 Checking password strength
 Auto filling passwords
 Configuring 2FA and/or biometric authentication
 Using additional features

We test the functionality of the password manager through their various apps as
well, as sometimes there can be noticeable differences between desktop and
mobile versions of the app. When testing ease-of-use, we underscore aspects
like:

 How intuitive the platform is to use, on both desktop and mobile

 Whether there are any glitches in the system or slowness when using the
password manager
 How easy it is to access your passwords
 How many browsers and operating systems the password manager is
compatible with
 How simple it is to import passwords from other management systems.
 Problem Statement
Passwords are difficult to remember, and users have many accounts that
require passwords. This causes users to choose memorable but weak passwords
and then reuse them, which creates major security problems.

We propose a method for users to only need to remember one password

that they use to access all their other passwords from any device at any time.
 Existing System
Inputs to Password Generation: The following data input types have been
employed in existing schemes. A master password is a user-specific long-term
secret value; this could either be a user-entered password, i.e. entered by the
user whenever a password is to be generated, or a stored password, i.e. a
userspecific secret value stored as global configuration data. A site name is a
name for the authenticating site; this could take a variety of forms, including a
user site name, i.e., a name for a site chosen by a user, all or part of the site’s
URL, or a site-specific secret, e.g. a random value associated with the site URL.
A digital object is anything available on the user platform which could be used
as input to the password generation process, e.g. a file or a selected block of text
on the target web site. A password policy is information governing the nature of
the password generated, e.g. the set of acceptable symbols.

Generating the Password: Combining inputs to generate a password can

be done variously. All approaches involve a 2-stage process, i.e. first combining
inputs to generate a bit-string, then formatting the bit-string to obtain a
password in the desired format. Horsch et al. propose an XML syntax, the
Password Requirements Markup Language (PRML), designed specifically to
enable requirements on passwords, as needed in the second stage, to be
specified.

Password Output and Use: There are many ways in which a generated
password could be transferred to the password field of a login page. Simplest is
manual copy and paste, as used by SSP ,where the password generator displays
the password, and the user copies it to the login page. A slightly more
automated approach is copy to clipboard in which the generated password is
copied to the clipboard; for security reasons the password can be made to only
reside in the clipboard for a limited period, e.g. in PasswordSitter the generated
password is saved to the clipboard for 60 seconds before being deleted .The
simplest approach for the user is probably automatic copying to the target
password field; this can either be done automatically, as is the case for
PwdHash in the web page implementation and the ObPwd Firefox browser
extension . Alternatively it can require the user to perform an action, e.g.
clicking a specific key combination, before copying; PassPet requires the user to
click on a screen button, and Password Multiplier, requires the user to double
click the password field or press ctrl+P to trigger password copying.

Proposed System
– For inputs, we propose the use of a master password, stored by the system (as
global configuration data), and a password (or PIN) to be entered by the user.
We also propose use of the first part of the URL of the site, where, depending
on the implementation, this should also be stored as part of the site-specific
configuration and used to retrieve the other site-specific data. The master
password can be held encrypted by a key derived from the user password. We
also propose the optional use of a digital object, where use of this option is
indicated in the site-specific configuration data.

– The first stage of password generation adopts a two-level hash approach,

giving some protection against brute force attacks. The second stage, i.e.
encoding, uses the AutoPass cloud service to retrieve the password policy for
the web site being visited this policy could be encoded using PRML. It also uses
other cloud-stored configuration data, notably the password offset, password
input parameters, and password reminders .

– The precise option for password output and use depends on the
implementation. Where possible, auto-filling the password is desirable; where
this is impossible, the copy to clipboard/paste buffer approach is advocated.

–Implementation as a browser add-on is probably the best option, not least in

giving simple access to the web page of the target site, although a range of
options may need to be pursued depending on the platform type.

We next consider the AutoPass Cloud Service, whch will be required to

store two main types of data. User-independent data will be accessed by
AutoPass users, and will include non-sensitive site-specific data, e.g. password
policies. Even if corrupted by a malicious party, it would at worst cause a denial
of service. User-specific data will only be accessed by a single user, and
includes a range of password configuration data. Although this data is not
highly confidential, access to it will need to be restricted to the user to whom it
belongs, e.g. via a one-off login process in the local AutoPass application (with
access permissions encoded in a cookie stored in the user platform).
 Any cloud service has associated risks arising from non-availability;
however, this can be addressed through caching. The local AutoPass app should
maintain a copy of the data downloaded from the cloud service; since this data
is not likely to change very quickly, the cached data should normally be
sufficient.

Conclusion
Passwords are the last defense mechanism from online criminals trying to
access your sensitive data. Always aim at making things difficult for them by
using strong and unpredictable passwords. Thanks to the technicians who are
working relentlessly to ensure the development of robust authentication
systems. These systems have aided in reducing networking breeches and
ensuring data security.

Password generators can save you from fraud and other cyber security
threats by creating secure and strong passwords. However, all passwords are not
created equally. Understand how each password works to get the one that will
befit your requirements.
 Reference
1. "RAND_MAX". docs.microsoft.com.
2. "Visual Studio 2005 Retired documentation". Microsoft Download
Center.
3. "PHP: microtime – Manual". php.net.
4. "PHP: rand – Manual". php.net.
5. "Archived copy". Archived from the original on 2008-10-19.
Retrieved 2008-10-17.
6. "Linux / UNIX: Generating Random Password With mkpasswd /
makepasswd / pwgen". cyberciti.biz. November 2007.
7. "StrongPasswords – Community Help Wiki". help.ubuntu.com.
Retrieved 2016-03-25.
8. NIST. Automated Password Generator standard FIPS 181
9. Shay, Richard; Kelley, Patrick Gage; Komanduri, Saranga;
Mazurek, Michelle L.; Ur, Blase; Vidas, Timothy; Bauer, Lujo;
Christin, Nicolas; Cranor, Lorrie Faith (2012). Correct horse
battery staple: Exploring the usability of system-assigned
passphrases (PDF). SOUPS '12 Proceedings of the Eighth
Symposium on Usable Privacy and Security.
doi:10.1145/2335356.2335366.
10.Ganesan, Ravi; Davies, Chris (1994). "A New Attack on Random
Pronounceable Password Generators" (PDF). Proceedings of the
17th {NIST}-{NCSC} National Computer Security Conference.
NIST: 184–197. Retrieved 2014-12-17.
11."Rate my random password generator!". Crypto.
12. "9.6. random — Generate pseudo-random numbers — Python 3.5.1
documentation". docs.python.org. Retrieved 2016-03-25.