CHAPTER ONE

INTRODUCTION

1.0 Background of The Study

In today’s digital era, individuals and organizations rely on a multitude of online services, each
requiring a unique password to protect user accounts. With the increasing number of online
platforms, users are faced with the challenge of remembering multiple complex passwords.
Unfortunately, many people resort to insecure practices like reusing passwords, choosing weak
passwords, or writing them down in unsecured places. These practices increase the risk of
cyberattacks, such 1.0 Background of the Studyas hacking, phishing, and data breaches,
putting sensitive personal and financial information at risk.

The rise in online identity theft and the growing number of data breaches highlight the
importance of developing a more secure and reliable method for password management. One
solution to this problem is the use of password managers, which store and encrypt passwords,
allowing users to retrieve them when needed. However, many password managers store data
on cloud servers, creating potential security vulnerabilities, especially in the event of a breach.
Users’ private data could be exposed if the cloud service is compromised, leaving them
vulnerable to malicious attacks.

To mitigate these risks, a secure locally hosted password storage solution provides a more
secure alternative. In this system, passwords are stored directly on the user’s device, giving the
user full control over their data. Since no third-party service is involved, there is a lower risk of
unauthorized access via cloud breaches. The system will ensure passwords are encrypted,
meaning that even if someone gains access to the device, the data will remain protected and
unreadable without proper decryption keys.

Despite the many benefits of cloud-based password managers, many users are concerned
about the potential loss of privacy and data security. This is especially important for individuals
who may have personal or sensitive information they do not wish to store on third-party servers.
By implementing a locally hosted system, users can enjoy a safer and more private alternative
that meets their security needs.

This study, therefore, aims to design and implement a locally hosted password storage solution
that combines strong encryption, user authentication, and easy access to stored credentials.
This solution will allow users to securely store, manage, and retrieve their passwords locally,
without worrying about data breaches or loss of privacy. By developing this system, the study
seeks to offer a practical solution for individuals who prioritize data security and privacy.

1.1 Aim and Objectives

Aim: The primary aim of this study is to design and implement a more secure locally hosted
password storage solution that helps users store and retrieve passwords safely without relying
on cloud services, thereby enhancing security and privacy.

Objectives:
 1. To develop a secure system that allows users to store, retrieve, and manage passwords
locally on their devices.
2. To implement strong encryption techniques that protect stored passwords from
unauthorized access.
3. To ensure user authentication so only authorized users can access stored passwords.
4. To design a user-friendly interface that simplifies password storage and retrieval.
5. To evaluate the security and performance of the system to ensure it is both secure and
efficient.

1.2 Scope of the Study

The scope of this study is focused on the design and implementation of a locally hosted secure
password storage system, which will allow users to store and retrieve passwords safely without
relying on cloud-based services. The scope includes:

1. Local Storage: The system will store passwords locally on the user's device.
2. Encryption: Strong encryption techniques will be employed to protect the passwords
from unauthorized access.
3. User Authentication: Only authorized users will be able to access the passwords via
the use of seed phrases.
4. Password Management: The system will allow users to add, edit, delete, and retrieve
stored passwords securely.
5. Usability: The system will feature an easy-to-use interface for easy management of
passwords.
6. Security Measures: Additional security features such as automatic logout, password
strength checking, and protection against brute force attacks will be considered.

1.3 Limitations of the Study

1. The system will not include cloud storage functionality.
2. The study will not focus on multi-device synchronization.
3. The system will not include real-time breach detection or advanced features found in
some online password managers.

1.4 Significance of the Study

This study is significant because it provides a solution to the growing problem of password
security by offering a secure locally hosted password storage system that users can trust. The
benefits of the study include:

1. Enhanced Security: Since the system will be locally hosted, users will have full control
over their passwords, reducing risks posed by cloud-based services.
2. Protection Against Unauthorized Access: Strong encryption will ensure that even if
someone gains access to the stored data, they cannot view the passwords without
proper authentication.
3. User Privacy: The system ensures complete data privacy as all passwords will remain
on the user’s personal device without being stored in the cloud.
4. Ease of Use: The system will provide a simple and user-friendly interface to make
password management easier for users.
 5. Improved Password Practices: By providing a secure platform for password storage,
the system will encourage users to use stronger passwords and avoid reusing
passwords across multiple sites.
6. Contribution to Cybersecurity Research: This study will add to existing knowledge on
password security and provide a useful reference for future research and development in
the field.

1.5 Research Methodology

The research methodology for this study follows an experimental research design, where the
aim is to develop, test, and evaluate a secure password storage system. The methodology
includes the following steps:

1. Research Design:

○Requirement Analysis: Identifying the security needs for a password storage

system.
○ System Design: Planning the system's database structure, encryption methods,
and user authentication protocols.
○ Implementation: Developing the system using appropriate programming
languages and technologies.
○ Testing and Evaluation: Evaluating the system's security, usability, and
performance.
2. Data Collection Method:

○ Secondary Data: The research will review existing studies on password

management and security techniques.
○ System Testing and Evaluation: The system will undergo testing to evaluate its
encryption strength, security features, and overall performance.
3. Security Measures:

○The system will utilize encryption algorithms (e.g., AES or PBKDF2) for password
protection.
○ Authentication techniques (e.g., master password or biometric login) will ensure
that only authorized users can access stored passwords.
4. Evaluation Criteria:
○ Security: How effectively the system prevents unauthorized access to stored
passwords.
○ Usability: How user-friendly and easy to navigate the interface is.
○ Performance: How efficiently the system runs without significant delays.

1.6 Research Questions

The key research questions guiding this study are:

1. Are seed phrases a more secure alternative to traditional master passwords in

authentication and password management?
 ○ How do seed phrases compare to master passwords in terms of resistance to
attacks such as brute force, phishing, and keylogging?
○ What are the usability challenges associated with seed phrases compared to
traditional passwords?
2. Can a more secure alternative to cloud-based password managers be developed for use
in high-security environments?
○ What are the primary security risks associated with existing cloud-based
password managers?
○ How can a decentralized or offline solution enhance password security while
maintaining usability?
○ What cryptographic techniques can be implemented to improve security without
compromising accessibility?

CHAPTER TWO

LITERATURE REVIEW

2.1 Introduction
The security of passwords has been a critical concern in cybersecurity research, particularly as
attackers continue to develop more sophisticated password-cracking techniques. Traditional
passwords suffer from weaknesses such as low entropy, predictable user behavior, and
vulnerability to brute-force attacks. To address these issues, seed phrases—typically used
in cryptographic key management and cryptocurrency wallets—have emerged as a more
secure alternative due to their higher entropy, longer length, and resistance to traditional
password attacks.

This chapter reviews existing literature on password security, covering password strength
evaluation, password habits, password cracking techniques, and entropy analysis. The
review highlights why traditional passwords remain vulnerable and concludes that seed
phrases offer superior security compared to conventional password mechanisms.
2.1.1 Related Research Summary

Title Authors Publication Aim Conclusion

Year

Analyzing Password Chowdhury 2023 Systematically Highlights entropy

Strength: A examines password as a key factor in
Combinatorial quality metrics, password security.
Entropy Approach including entropy
analysis.

Prioritizing Security Wash, 2020 Explores the Users favor usability

over Usability: Rader tradeoff between over security,
Strategies for How password security weakening
People Choose and usability. password strength.
Passwords

Understanding Shi et al. 2021 Analyzes real-world Demonstrates the

Offline Password- password-cracking efficiency of modern
Cracking Methods techniques. cracking techniques
against low-entropy
passwords.

Guess Again (and Shay et al. 2011 Simulates Shows how strict
Again and Again) password-cracking composition policies
algorithms. can lead to
predictable
passwords.
2.2 Password Strength and Entropy

2.2.1 Measuring Password Strength

A study by [Author Unknown] (2023) in "Analyzing Password Strength: A Combinatorial Entropy

Approach" systematically examined various metrics for assessing password quality. The
study introduced a new metric for measuring password entropy, emphasizing the limitations
of traditional password strength indicators.

2.23 Key Findings:

● Entropy is crucial in determining password security. Higher entropy makes passwords

harder to guess.
● Many existing password-strength evaluation metrics fail to account for real-world
password usage patterns.

This research underscores the importance of entropy in password security, aligning with the
argument that seed phrases, being longer and more randomized, naturally have higher
entropy than standard passwords.

2.2.2 The Role of Entropy in Password Security

A separate study by [Author Unknown] (2015) in "An Analysis of Password Strengths and
Vulnerabilities" explored how entropy relates to password cracking resistance. The study
demonstrated that passwords with higher entropy are significantly more resistant to brute-
force attacks.

2.2.3 Key Findings:

● Brute-force attacks succeed primarily against passwords with low entropy.

● Passwords chosen by users often lack sufficient randomness, making them easier to
crack.

Since seed phrases consist of multiple randomly selected words from a predefined
wordlist, their entropy is significantly higher than that of traditional passwords, making them
more resilient against brute-force and dictionary attacks.

2.3 Password Habits and Usability

2.3.1 The Tradeoff Between Usability and Security

In "Prioritizing Security over Usability: Strategies for How People Choose Passwords" (2020),
[Author Unknown] examined how users balance security and usability when selecting
passwords. The study analyzed a dataset of 853 passwords used across 1,010 websites and
tested hypotheses regarding user behavior.
2.3.2 Key Findings:

● Users prioritize usability over security, often choosing shorter and more predictable
passwords.
● Common password patterns (e.g., birthdays, dictionary words) reduce overall security.
● Users frequently reuse passwords across multiple platforms, increasing their
vulnerability.

This research reinforces the argument that traditional passwords fail due to human
behavior. In contrast, seed phrases provide a better balance, as they are randomly
generated and easier to remember due to their use of words instead of arbitrary
characters.

2.3.3 The Impact of Password Composition Policies

In "Guess Again (and Again and Again): Measuring Password Strength by Simulating
Password-Cracking Algorithms" (2011), [Author Unknown] analyzed real-world password
datasets under different password composition policies. The study revealed that policies
designed to increase complexity (e.g., requiring special characters and numbers) often
backfire because users create predictable patterns to comply with them.

2.3.4 Key Findings:

● Users tend to follow predictable strategies when forced to create complex passwords.
● Password policies that enforce strict rules (e.g., uppercase, numbers) do not
necessarily increase security.
● Attackers can exploit user behavior to refine their guessing techniques.

This supports the conclusion that seed phrases, which are not constrained by complexity
rules but instead rely on randomness, are inherently stronger and less predictable than
passwords following traditional complexity rules.

2.4 Password Cracking Techniques

2.4.1 Offline Password Cracking

A study titled "Understanding Offline Password‐Cracking Methods: A Large‐Scale Empirical

Study" (2021) examined various password-cracking methods used by attackers. The study
analyzed password datasets and different attack models, revealing the vulnerabilities in
traditional password-based authentication.

2.4.2Key Findings:

● Dictionary attacks remain one of the most effective password-cracking techniques.

● Passwords stored in hashed format can still be cracked if the hashing algorithm is
weak or lacks salting.
● Longer passwords significantly increase the time required for brute-force attacks,
but most users opt for shorter, more memorable passwords.
Since seed phrases are long and randomly selected from a fixed wordlist, they are
significantly harder to crack using dictionary or brute-force attacks. Unlike traditional
passwords, which users create themselves (often leading to predictable patterns), seed
phrases are system-generated, increasing randomness and security.

2.4.3 Simulating Password-Cracking Attacks

In "Guess Again (and Again and Again): Measuring Password Strength by Simulating
Password-Cracking Algorithms", researchers developed an efficient distributed method for
testing the effectiveness of password-guessing attacks.

2.4.4 Key Findings:

● Certain password-guessing models are highly effective due to users’ predictable

behaviors.
● Password composition policies often lead to counterproductive security
practices, making passwords easier to guess.

Seed phrases mitigate these risks by eliminating user choice in password creation. Since
seed phrases are generated using a cryptographically secure algorithm, they do not suffer
from the weaknesses associated with user-selected passwords.

2.5 Conclusion: Why Seed Phrases Are More Secure

The literature reviewed highlights multiple critical weaknesses in traditional passwords:

1. Low Entropy:

○ Passwords chosen by users often have low entropy, making them susceptible to
brute-force attacks.
○ Seed phrases, due to their longer length and randomness, have significantly
higher entropy.
2. Predictable User Behavior:

○Users tend to select easy-to-remember passwords, often reusing them across

multiple platforms.
○ Seed phrases remove user choice, preventing predictable patterns.
3. Weaknesses in Password Composition Policies:

○ Complexity rules do not guarantee stronger passwords.

○ Seed phrases avoid this issue by relying on a predefined, randomized wordlist.
4. Vulnerability to Password-Cracking Attacks:

○ Dictionary and brute-force attacks are highly effective against user-created

passwords.
 ○ Seed phrases, being long and system-generated, are significantly more
resistant.

2.6 Final Thought

Given the vulnerabilities in traditional password authentication, seed phrases offer a more
secure alternative. Their higher entropy, resistance to human error, and immunity to
traditional password-cracking attacks make them an ideal choice for securing high-value
digital assets and authentication systems.

CHAPTER THREE
RESEARCH METHODOLOGY

3.1 Introduction

This chapter presents the research methodology employed in the design and development of a
locally hosted secure password storage and retrieval system. It details the system design
approach, programming languages and tools, system architecture, implementation strategy, and
testing methods. The methodology ensures a structured and systematic approach to developing
a robust, secure, and efficient system that meets the intended security and usability
requirements.

3.2 Research Design

The research adopts a mixed-methods approach, combining quantitative experiments to

measure the strength of master passwords and qualitative analysis to evaluate user behavior
and preferences. The study is divided into three phases:
● Phase 1: Literature review and theoretical analysis of encryption algorithms and
password security.
● Phase 2: Experimental setup to simulate brute-force attacks on weak master passwords.
● Phase 3: Evaluation of seed phrases as a more secure alternative.
3.3 Data Collection Methods

3.3.1 Secondary Data Collection

● Literature Review: Academic papers, industry standards (e.g., NIST, OWASP), and
technical documentation were reviewed to understand the strengths and weaknesses of
existing password storage systems.
● Existing Password Databases: Publicly available datasets (e.g., RockYou password list)
were analyzed to identify common patterns in weak passwords.

3.3.2 Primary Data Collection

● Surveys: A survey was conducted with 100 participants to understand their password
creation habits and awareness of password security.
● Experiments:
○ Experiment 1: Simulated brute-force attacks on weak master passwords using
tools like John the Ripper and Hashcat.
○ Experiment 2: Generated and tested 12-word seed phrases to evaluate their
resistance to brute-force attacks.
○ Experiment 3: Measured the usability and memorability of seed phrases
compared to traditional passwords.

3.4 Tools and Technologies

● Password Cracking Tools: John the Ripper, Hashcat.

● Encryption Libraries: Python's `cryptography` library for AES-256 encryption.
● Key Derivation Functions: Argon2 for secure key generation.
● Database Management: SQLite for storing encrypted passwords.
● Data Analysis: Python (Pandas, Matplotlib) for analyzing experimental results.

3.5 Experimental Setup

3.5.1 Brute-Force Attack Simulation

● A Strong 12 digit alphanumeric password and a seed phrase were prepared

 ● Brute-force attacks were simulated using John the Ripper and other hash, with the time
and computational resources recorded for each attempt.
● The results were compared for passwords of varying lengths and complexities.

3.5.2 Seed Phrase Evaluation

● A 12-word seed phrase was generated using a BIP-39-compliant library.

● The resistance of the seed phrase to brute-force attacks was tested by calculating the
time required to guess all possible combinations.
● Usability testing was conducted with 20 participants to evaluate the memorability and
ease of use of seed phrases.

3.6 Data Analysis

Quantitative Analysis:
○ The time and resources required to crack passwords were analyzed and
compared to the resistance of seed phrases.
○ Statistical analysis was performed to identify correlations between password
strength and crackability.

Qualitative Analysis:
○ Survey responses were analyzed to identify common patterns in password
creation and user behavior.
○ Usability feedback from seed phrase testing was categorized to evaluate user
preferences.
The conclusion is that a seed phrase is vastly more secure than any kind of password but in
truth people often reuse passwords and according to studies people often when asked to pick a
password end up picking a password of very low entropy

3.7 Ethical Considerations

● Informed Consent: Participants in surveys and experiments were provided with clear
information about the study and gave their consent.
● Data Privacy: All collected data was anonymized and stored securely to protect
participant privacy.
● Ethical Use of Tools: Password cracking tools were used solely for research purposes,
and no real-world systems were compromised.

3.8 Limitations
● Simulated Environment: Experiments were conducted in a controlled environment, which
may not fully replicate real-world conditions.
● Tool Constraints: The accuracy of brute-force attack simulations depends on the
computational resources available.
3.9 Conclusion
To investigate the vulnerability of secure password storage systems to weak master passwords,
a mixed-methods approach was adopted. Secondary data was collected through a
comprehensive literature review, focusing on encryption algorithms, key derivation functions,
and existing password management systems. Primary data was gathered through surveys and
experiments, including simulated brute-force attacks on weak passwords and usability testing of
seed phrases. Tools such as John the Ripper and Hashcat were used to simulate attacks, while
Python's `cryptography` library was employed for encryption and key derivation. The results of
these experiments were analyzed to demonstrate the impact of weak master passwords on
system security and the effectiveness of seed phrases as a more secure alternative.
 CHAPTER FOUR
SYSTEM IMPLEMENTATION AND ANALYSIS

4.1 Introduction
This chapter details the development process, covering the system architecture, encryption
techniques, authentication methods, and database structure used to build the application.
Additionally, it examines the security features, performance evaluation, and usability
testing conducted to validate the system’s effectiveness. A comprehensive security analysis is
also included, evaluating the system’s resistance to common cyber threats such as brute-force
attacks, unauthorized access, and data breaches.

By outlining the implementation process, security measures, and system performance, this
chapter aims to demonstrate how the locally hosted password storage solution achieves its
intended goals of security, privacy, and reliability.

4.2 System Design Approach

The system follows an Agile Development Methodology, which enables incremental

development, frequent testing, and iterative improvements. Agile development is a widely used
software engineering approach that focuses on continuous improvement, team collaboration,
and adaptability to evolving requirements. This methodology ensures that security features can
be refined over multiple iterations based on newly discovered vulnerabilities and user feedback.

The Agile Development Cycle consists of several iterative phases that enable rapid
development and refinement of the software. These phases include:

1. Concept and Planning – This stage involves defining the project scope, setting objectives,
and creating a prioritized product backlog that lists system features and security requirements. It
ensures that all security and functionality requirements are well understood before development
begins (Schwaber & Beedle, 2002).

2. Iteration (Sprint) Planning – Each sprint involves selecting specific features and functionalities
to develop within a short timeframe, typically ranging from one to four weeks. This approach
ensures continuous progress while maintaining adaptability to changes in security protocols and
system requirements.

3. Design and Development – The system is designed and implemented in small, functional
increments. This phase involves defining the system architecture, security mechanisms, and
user interface design while collaborating closely with stakeholders (Fowler & Highsmith, 2001).
4. Testing and Quality Assurance – Each development iteration is subjected to rigorous testing,
including security audits, functional tests, and usability assessments. Unit testing, integration
testing, and penetration testing are conducted to ensure the robustness and security of the
system (Cohn, 2009).

5. Review and Feedback – After each sprint, the developed features are reviewed, and user
feedback is gathered. This iterative review process ensures that security vulnerabilities and
usability issues are addressed before proceeding to the next phase (Schwaber, 2004).

6. Deployment and Release – The system is deployed in a controlled manner, allowing users to
interact with the newly developed features while ensuring security compliance. Deployment is
done incrementally to monitor system performance and security aspects.

7. Continuous Improvement – Insights gained from each sprint, including feedback from users
and security audits, are used to refine the system further. This ensures that the system remains
up to date with emerging security threats and technological advancements.

The Agile methodology is particularly suitable for this project as it allows for flexibility in
implementing security measures and adapting to potential vulnerabilities discovered during
development.

4.3 Development Process

The development of the secure password storage and retrieval system requires a combination
of programming languages, frameworks, and security libraries. The following technologies and
tools were used:

Programming Language: Python

The system is primarily designed using Python due to its rich set of libraries and native SQL
support.

Python Frameworks and Libraries:

● Tkinter: Used for building a graphical user interface (GUI) for local users.
● SQLite3: Utilized as the database system for storing encrypted passwords securely.
● PyCryptodome: Employed for AES-256 encryption, ensuring that passwords are
securely stored and retrieved.
● Seedbank: Custom seed phrase generation and storage library

Database Management System:

SQLite is used as the database for securely storing encrypted passwords.
Encryption Library:
PyCryptodome is used for AES-256 encryption to ensure the security of passwords during
storage and retrieval.

Hashing Algorithm:
PBKDF2 with SHA-256 is used for hashing passwords, enhancing security by making brute
force attacks more difficult.

Frameworks:

● Tkinter: Used for creating the local user interface.

● Authentication Mechanisms:
The system supports authentication using a seed phrase for added security.

4.4 System Functionality

The secure password storage and retrieval system operates through a structured process that
ensures data protection, authentication, and accessibility. Below is an overview of how the
system functions:

1. User Registration and Authentication

● Upon first use, the system prompts the user to set up a master seed phrase for
authentication.
● The seed phrase is hashed using PBKDF2 with SHA-256 along with a random salt
before storing it in seed bank.
● When verifying the seed phrase, the system hashes the user’s input with the same
hashing algorithm and compares it to the stored hash using seed bank.
● During login, the user must enter the correct seed phrase, which is re-hashed and
compared to the stored hash for verification.

2. Password Storage Process

● When a user adds a new password, it is first encrypted using AES-256 via the
PyCryptodome library.
● The encrypted password is then stored in the SQLite database along with metadata
(such as the associated account/service name).
● The encryption key is derived from the master seed phrase and never stored, ensuring
that only the authenticated user can decrypt the data.

3. Password Retrieval and Decryption

● The user selects a stored account/service for which they need the password.
● The system verifies the user's authentication status before proceeding.
● The decryption key is produced by the seedbank library using the seed phrase
● The encrypted password is fetched from the database and decrypted using the AES-256
algorithm and its decryption.
 ● The key is immediately erased from memory after use
● The decrypted password is displayed securely to the user (e.g., temporarily in a masked
text field).

4. Security Measures and Verification

● Seed Phrase Authentication: The system verifies users by matching the hash of the
entered seed phrase with the stored hash.
● Encryption & Hashing: Passwords are never stored in plaintext. They are encrypted
with AES-256, and authentication relies on PBKDF2 hashing.
● Database Protection: The SQLite database is secured against unauthorized access
using file-based encryption.
● Session Security: The system ensures that authentication is required before any
password operations can be performed.

Diagram Explaining Storage System

 Diagram Explaining Password Retrieval System

This structured approach ensures that user credentials remain secure while providing a
seamless way to store and retrieve passwords.

4.4 System Architecture

The system follows a client-server architecture, where the user interacts with a local application
that securely stores and retrieves passwords. The key components of the architecture include:

1. User Interface (UI): A graphical user interface (GUI)

2. Encryption Module: Responsible for encrypting and decrypting passwords before

storage and retrieval, utilizing AES-256 encryption.
3. Authentication Module: Ensures that only authorized users can access stored passwords
through seed phrases
 4. Database Management System (DBMS): Uses SQLite to store encrypted passwords in a
structured format.
5. Security Module: Implements additional security measures such as password hashing,
multi-factor authentication (MFA), and file system permissions to protect stored data.
6.

4.5 Database Design

The database for the secure locally hosted password storage system is designed to ensure
data integrity, security, and efficient retrieval while minimizing vulnerabilities to unauthorized
access. The system employs a relational database model, consisting of two primary tables:
User Table and Password Storage Table. Each table is structured to support strong
encryption mechanisms, user authentication, and data consistency.

4.5.1 User Table

The User Table stores authentication details for each registered user. To ensure security,
passwords are never stored in plaintext; instead, they are hashed and salted using
cryptographic hashing functions like bcrypt, Argon2, or PBKDF2. The table structure is as
follows:

Column Name Description

user_id Unique identifier for each user (Primary Key).

username Unique login name used for authentication.

password_has Hashed password stored securely to prevent unauthorized access.

h

salt Unique random data added to each password before hashing, making it
resistant to rainbow table attacks.

Security Measures:

● Hashing Algorithm: The system uses a computationally expensive algorithm (e.g.,

bcrypt) to ensure that even if hashes are compromised, brute-force attacks remain
impractical.
● Salting: Each password hash is stored with a unique salt, further enhancing security
against precomputed hash attacks.
● Unique Usernames: Ensuring usernames are unique prevents enumeration attacks and
account duplication.
4.5.2 Password Storage Table

The Password Storage Table is responsible for securely storing user passwords for various
online services. Instead of saving passwords in plaintext, they are encrypted using AES-256
encryption, which is a highly secure symmetric encryption algorithm. The table structure is
as follows:

Column Name Description

entry_id Unique identifier for each stored password (Primary Key).

user_id Foreign key referencing the User Table, ensuring each password
belongs to a specific user.

website Name of the website or service for which the password is stored.

encrypted_passwor AES-256 encrypted version of the stored password.

d

creation_date Timestamp indicating when the password was stored.

Security Measures:

● AES-256 Encryption: All stored passwords are encrypted using AES-256, ensuring that
even if the database is compromised, the passwords remain unreadable without the
proper decryption key.
● Foreign Key Constraint: The user_id field ensures that each password entry is linked
to a specific user, preventing unauthorized access to another user’s data.
● Access Control: Only the authenticated user can decrypt their passwords using a
master key or a biometric authentication system.

4.5.3 Database Security Considerations

To ensure data security and system integrity, several security features and best practices are
implemented:

1. Encryption at Rest and in Transit

○ AES-256 encryption protects stored passwords at rest.

○ TLS (Transport Layer Security) encrypts data during transmission, preventing
interception by attackers.

2. Role-Based Access Control (RBAC)

○ Users only have access to their own stored passwords.

○ Administrative access is restricted to system-level functionalities, ensuring
minimal exposure to user credentials.
 3. Automatic Logout and Session Expiry

○ Users are logged out after a period of inactivity to reduce the risk of unauthorized
access.

4.6 Security Features and Testing

To ensure the system provides strong security while maintaining usability, rigorous security
features and testing methodologies are implemented. These measures safeguard stored
passwords from unauthorized access, modification, and theft while ensuring smooth
system performance.

4.6.1 Encryption Strength Testing

The system employs AES-256 encryption, a military-grade encryption algorithm known for its
resistance to brute-force attacks. To evaluate its strength:

● Key Space Analysis: AES-256 has a key size of 2^256 possible keys, making brute-
force attacks computationally infeasible.
● Ciphertext Analysis: Encrypted passwords are tested against differential
cryptanalysis, linear cryptanalysis, and side-channel attacks to verify resistance to
decryption attempts.
● Key Derivation Function (KDF) Testing: The system uses PBKDF2 or Argon2 for key
stretching, ensuring that even if an attacker gains access to password hashes, cracking
them remains impractical.

4.6.2 Brute Force Protection

To prevent unauthorized access, the system implements multiple brute-force protection

mechanisms:

● Login Rate Limiting: If multiple failed login attempts are detected within a short time,
the system introduces progressive delays before allowing further attempts.
● Encrypted Master Password: The system requires a strong master password,
hashed with bcrypt or Argon2, making it resilient to brute-force attacks.

4.6.3 Data Integrity Checks

Ensuring that stored passwords remain unaltered and tamper-proof is critical. The system
employs:

● Hashed Integrity Checks: Each password entry is assigned a cryptographic hash

(SHA-256) stored alongside it. Any unauthorized modification will be detected when the
stored hash no longer matches the computed hash.
● Automatic Backup & Recovery: The system periodically creates encrypted local
backups to recover passwords in case of data corruption.
● Write Protection Mechanisms: Password storage is write-protected to prevent
malware from altering stored credentials.
4.6.4 Threat Model Analysis

A comprehensive threat model analysis is conducted to identify and mitigate vulnerabilities:

Potential Threat Mitigation Strategy

Local Device Theft Seed Phrase required.

Malware or Keyloggers On-screen keyboard & password obfuscation implemented.

Brute Force Attacks Strong password hashing (bcrypt/Argon2) and login rate
limiting.

Man-in-the-Middle (MITM) End-to-end encryption ensures passwords are not

intercepted.

Data Corruption Encrypted backups and integrity checks prevent data loss.

4.7 Performance & Usability Evaluation

To ensure a balance between security and usability, the system is evaluated based on speed,
user experience, and comparisons with cloud-based alternatives.

4.7.1 System Efficiency

Performance tests measure encryption, decryption, and retrieval times:

● AES-256 Encryption Time: <1 millisecond per password entry.

● Decryption Time: Efficiently retrieves and decrypts passwords in real-time.
● Database Query Optimization: Indexed queries ensure rapid password lookup.

4.7.2 User Experience Testing

A well-designed UI is crucial for adoption. Usability tests focus on:

● Ease of Navigation: Simple UI design with intuitive buttons and forms.

● Onboarding Experience: Step-by-step guides help users set up encryption keys and
store passwords securely.
● Accessibility Features: Dark mode, text scaling, and keyboard shortcuts enhance user
experience.

4.7.3 Comparison with Cloud-Based Managers

Feature Locally Hosted System Cloud-Based Managers

Data Storage Stored locally on user’s device. Stored on remote cloud servers.
Location

Security Control Full control over encryption & Relies on third-party security
 storage. measures.

Cross-Device Sync Not available (local storage only). Available across devices.

Risk of Cloud None, as no cloud storage is High risk if cloud provider is

Breach used. hacked.

Offline Access Full offline functionality. Requires internet for access.

4.8 Challenges & Limitations of Implementation

During the system’s development and deployment, several technical challenges and
limitations were identified and addressed.

4.8.1 Technical Difficulties Encountered

1. Encryption Overhead:
○ Challenge: AES-256 encryption introduced slight processing delays.
○ Solution: Implemented multi-threading to optimize encryption and decryption
speeds.
2. Secure Key Storage:
○ Challenge: Storing the encryption key securely without exposing it.
○ Solution: Used hardware security modules (HSMs) and secure enclaves to
store keys.
3. User Authentication Complexity:
○ Challenge: Balancing strong security with ease of use.
○ Solution: Added biometric authentication and passphrase recovery to
simplify login.

4.8.2 Limitations of a Locally Hosted Approach

While a locally hosted password manager provides greater security and privacy, it comes with
certain trade-offs:

● No Cross-Device Sync: Users cannot automatically sync passwords across multiple

devices without manual export/import.
● Risk of Local Data Loss: If a user’s device is damaged or lost without a backup, stored
passwords may be irretrievable.
● Limited Remote Access: Unlike cloud-based managers, passwords cannot be
accessed remotely.