
LessPass: sync-less open source password manager - mgliwka
https://lesspass.com/#/
======
JulianMorrison
What this seems to be, in essence: password = HMAC(key, website).

Why this is bad, compared to an encrypted on-disk key store:

1\. A password is now ciphertext, not a block of line noise. Every time you
transmit it, you are giving away potential clues of use to an attacker.

2\. The search space for possible passwords is bounded if you know the
website. You are subject to key guessing attacks. If your key is short, pure
serial guessing will break it fast.

3\. They don't need any access to you or your stuff, to guess a key. They
don't even need access to the server, it can be guessed on an unrelated
machine. You don't have the opportunity to detect a break-in and neither does
your bank, etc.

4\. You only have one password for all the sites, really, underneath, and it's
your secret key. If it's broken, it's now a skeleton-key and your digital ass
is theirs.

~~~
grhino
These weaknesses all hold if it's discovered that lesspass is in use. How
would information that the user is using lesspass leak?

~~~
StavrosK
The GP's points are all a bit weak, especially if this method uses a good KDF
like bcrypt to generate the keys.

I used SuperGenPass for a while, before switching to KeePass, and the major
drawbacks I found were:

1) No way to change a password. None at all. If a site required you to make up
a new password, you're out of luck (or you have to come up with a new master
password every time and remember which master password to use for which site).

2) If a website is incompatible with the generated password, you're out of
luck. My bank (because of course it would be the bank, cat sharing websites
are more secure) would throw a fit because I had a number in my password and
refuse to set it.

3) If someone has a keylogger or otherwise steals your master password, you're
done for everywhere. This is not so with password databases, because the
attacker also needs the file.

4) It's just not really that much more convenient than KeePass +
KeePassAndroid. Hell, the latter is _more_ convenient because I don't have to
keep retyping my password, I can store it in memory protected by my
fingerprint, which is something that no SuperGenPass-compatible app I've found
does.

In summary: Go with KeePass, it's better.

~~~
problems
> 3) If someone has a keylogger or otherwise steals your master password,
> you're done for everywhere. This is not so with password databases, because
> the attacker also needs the file.

It's about equivalent though. If someone can keylog you, they can probably
obtain the file. If that's through malware then they simply grab the file with
the malware, if that's through a hardware keylogger then they just grab it off
your machine when you're not around. Even if you used FDE, you're dead in the
water because they logged your FDE password too.

Heck, if I were the malware author I'd inject into KeePass or similar and dump
your decrypted database as soon as you login, immediately bypassing any anti-
keylogger tools, keyboards, alternative authentication methods for your
password manager, etc that you might have used.

It's important to think about realistic threat models with things like this.
If you're keylogged you're already screwed unless you use your password
database on a separate machine.

~~~
StavrosK
Sure, a much more plausible model is that you reuse the master password
somewhere vulnerable and it's game over.

~~~
problems
But that's trivially mitigated - don't.

------
sixhobbits
I really dislike the copy/marketing of this tool. OK, so it doesn't sync? How
does it work? _reads whole front page and all features_. No sync, but access
anywhere? How does it work?? *clicks the "How it works" link and reads another
5 paragraphs of "This is great. It's so simple. It works really really well.
You can phone people and they'll tell you how well LessPass works". Finally,
after clicking on the link and scrolling past a bullet list and stylised
quotation, we get

"The trick is to compute passwords rather than generate and store random
passwords.

LessPass generates unique passwords for websites, email accounts, or anything
else based on a master password and information you know."

"Next-gen", "Anywhere, anytime", "Manage directly from your browser". These
are all super cliched, really cheap phrases that I really dislike. The front
page is full of them. If you're marketing a luxury yacht trip to people with
more money than sense, then sure you're probably going to get good results by
writing like this. But the folk reading about this are going to be pretty
technical and I'm sure everyone would appreciate to see something like "We
provide a function that generates a memorable password from the site name and
your master password" on the front page, above the fold.

In terms of entropy, you may as well come up with your own function. Security
through obscurity is bad (no one knows the function you use to generate site
specific passwords) but it's better than security through less obscurity (use
a public function that a bunch of other people are using).

You can't get free entropy. If you care about your passwords not being broken
when a database of hashes is dumped, you need to use a long, securely
generated, random password. Sure, this is better than using the same password
everywhere, but it's not really an alternative to something that uses proven
cryptography to generate secure unique passwords. Passwords generated using
this are only as good as your master password, with some obscurity thrown in.

~~~
TuringTest
Obviously you are not the target audience for the main website; it explains
_how it works in general terms_ , i.e. what concepts should I know to
understand its purpose and usage; not _how it works from a technical
perspective_.

I only wish more open source websites followed _this same_ approach, as it is
the best way to introduce the tool to a public that may not know very well
what a password manager is good for or how to use it properly.

You probably should jump directly to the github project page[1], where you'll
find that kind of technical description that you were expecting and didn't
find.

[1]
[https://github.com/lesspass/lesspass](https://github.com/lesspass/lesspass)

~~~
sixhobbits
Well there are different levels of description here.

First, I think I am pretty representative of the target audience for the main
website (it's sad, but most non technical people still don't know what a
password manager is or why they might want to use one).

Second, there is a difference between "What it does" (A password manager that
re-computes the same site-specific password on every use, meaning that no
syncing of passwords is necessary) which you can still make pretty informative
vs "Me telling you why you should use it" (The cliches I quoted). Even if the
website was aimed at those with zero technical knowledge, it could still give
more concrete detail on what it is and why you need it rather than the empty
marketing phrases.

The github repo should be where I go if I want to know what hashing libraries
they're using, if their Math checks out, and who the contributors are. Not if
I just want to know what it actually is (apart from "The best ever super duper
password manager that you really need to download right now before tomorrow")
and _kind-of-how_ it works.

~~~
TuringTest
> First, I think I am pretty representative of the target audience for the
> main website (it's sad, but most non technical people still don't know what
> a password manager is or why they might want to use one).

Maybe they're trying to make a website for non technical people, in order to
gain some traction among that audience?

If developers keep pandering to the technical audience who already knows
enough about the purpose of password lockers, you have a circular problem
where the general audience never learns about them.

And remember, marketing phrases exist because they work. If you don't know
what a product is good for, the seller needs to state it in plain terms in
order to convince the customers of how it could benefit them.

~~~
Ar-Curunir
Plain terms doesn't mean meanless terms. Having meaningless marketing
buzzwords is not useful. You can explain things simply and clearly without
resorting to vagueness.

------
adilparvez
It's great people are exploring this problem space, but so far nothing comes
close to [https://www.passwordstore.org/](https://www.passwordstore.org/)
which is just a wrapper around gpg and git. It has Android/iOS clients, as
well as GUI clients.

On Android I use Password Store + OpenKeychain, the UX with a YubiKey is very
smooth.

[https://fossdroid.com/a/openkeychain.html](https://fossdroid.com/a/openkeychain.html)
[https://fossdroid.com/a/password-
store.html](https://fossdroid.com/a/password-store.html)

~~~
lucaspiller
I was using this for ~4 years and really liked it, but recently I've been
using 1Password. I tried 1Password as it has a family plan, that didn't really
work out though (getting non-technical people to use a password manager is
hard - so I'll forever keep being asked "What's the Netflix password?"), but I
have stuck with it for myself.

I really like the browser integration, which there isn't anything comparable
for pass. I had a bash script [0] which when run would pull the current URL
from my browser, and run pass to generate or copy the password to the
clipboard - but the 1Password extension is so much nicer. If I'm on a site
with weird requirements I'd have to figure out the params to make pass
generate a password which matched it; with the extension I just click a few
buttons.

I've also got hooked on the iOS app. I didn't know there was one for pass, but
it looks rather basic compared to 1Password [1]. 1Password also supports TOTP,
so you don't need a seperate app for that - although for security you probably
should.

Maybe one day I'll get around to writing my own extension and app for pass,
but for now paying $60/year is worth it for me. I don't pay for many
apps/services, but this I find really worth it.

[0]
[https://github.com/lucaspiller/passosx](https://github.com/lucaspiller/passosx)

[1] [https://github.com/davidjb/pass-ios](https://github.com/davidjb/pass-ios)

~~~
gr3yh47
>I really like the browser integration, which there isn't anything comparable
for pass.

people keep saying stuff like this (the one i use because x feature has no
real competitor)

lastpass. i've used most password managers out there and lastpass hits all
these points and more

~~~
ohstopitu
After lastpass was bought out, I went on a spree to find a different password
manager and in that process, I tried almost all of them (free & paid). Nothing
came close to Lastpass so I decided to stick with them until they mess up.

If the worst comes to worst, I'll probably move to Dashlane (which is
significantly more expensive & a bit more work to use - extensions won't work
without a desktop app)

~~~
porker
Why were Lastpass and Dashlane better than 1Password for you?

I've used 1P for a few years without looking at the competition, so curious to
hear what they can do.

~~~
ohstopitu
I did try 1Password, and while it was pretty good, it was never "great". By
that I mean,

1\. It required a desktop app to be installed to use the clients (while this
is an issue with Dashlane, the 1Password windows desktop client is just weird
- looks outdated, crashes etc.)

2\. The 1Password Android app seemed to not have in-app password fill in
(which both Dashlane & Lastpass had). While it's not too much of an
inconvenience, I feel like 1Password is great if you are in the apple
ecosystem.

This is not to say 1Password is "bad" by any means...I loved it's dropbox sync
feature for example and it's integration with Alfred on Mac was awesome!

------
croon
Others have expressed most of them, but issues I see with this is:

* Algorithm can't be changed/improved without changing all your passwords.

* Your master password can't be changed without changing all your passwords.

* You have to remember yourself at what sites you are already registered, and in case of critical bug, you would perhaps need to change password at some services (again remembering which ones they were).

With that said, I really like the outside-of-the-box thinking on this.

~~~
joosters
Also, some sites (generally banks) change their login URLs and domains from
time to time. With a 'traditional' password manager, I can map it to the old
login details with a few clicks. With a stateless system, you're out of luck.

~~~
5xman
Well, you are not forced to use a specificic url or your real login details to
generate the password. You could do it with "My Personal Bank Account"+"My
alias (not the same as my login)"+MASTER_PASSWORD. It's the same with SSO. You
can use "Google Private" or "Google Public" and any login you want to generate
a password for your google accounts, without using a real URL nor your real
credentials.

------
pilif
How do you deal with sites whose password requirements don't match the output
of LessPass? How do you handle the fact that sites want you to change your
password? Yes. There's a counter field, but how do you know what site uses
what version of the counter? How do you change the master password without
having to change all passwords?

Thing is: There's a solution for all these problems: All you have to do is
actually generating a random password and store that (in-fact, that's the
solution proposed by LessPass to use for these special cases. But if you have
storage for the special cases, why not just store the passwords to begin
with?)

You don't want to sync it because you don't trust the client-side encryption
used in all the managers out there? Use a piece of paper to write the
passwords down. Or use a device you constantly carry with you as your password
store.

While there are tons of workarounds for the issues of stateful password
managers, there are none for the stateless ones (aside of storing the state
somewhere, but if you're doing that, why not just store the password?)

~~~
3pt14159
The problem with writing passwords down is that I need to fly places and it's
not unheard of if you work in financial tech or military tech to have your
things riffled through at the boarder. Plus a mugger can say "give me your
things!" or "Empty your pockets!" and now he has my credentials.

Passwords are not easy. My current solution for the long tail of things that
need passwords is two factor + really strong password I generate then don't
save anywhere. If I get signed out I do password reset to my gmail. Gmail is
two factor (obviously) with a really strong password and recovery email to an
email address nobody knows.

This is still a huge pain though.

~~~
pilif
If you used _any_ stateful password manager instead of a piece of paper, then
the passwords would be stored in an encrypted fashion. Don't give out your
master password and your passwords are useless to an attacker.

If you use a paper based solution, just alter the passwords you write down
using some additional information only known to you - maybe some prefix or
suffix and the list would be useless for an attacker.

If you think they can force you to divulge the master password or your
password scheme if you're using paper (they probably can, see
[https://xkcd.com/538/](https://xkcd.com/538/)), then LessPass won't be of any
help to you either.

------
guillaume20100
I'm the creator of LessPass. We did not expect as many visits on our website.
Thank you. We are working on:

* encrypt password profiles client side.

* help user change their master passwords ([https://github.com/lesspass/lesspass/issues/36](https://github.com/lesspass/lesspass/issues/36))

* mobile version([https://github.com/lesspass/lesspass/issues/6](https://github.com/lesspass/lesspass/issues/6))

Change his master password seems to be the biggest problem for many of you. We
will address this problem as a priority.

~~~
palant
I was quite surprised to see your extension, it is very similar to my Easy
Passwords extension in both concept and design. I've had a brief look at the
source code and I guess that it was a completely unrelated development after
all?

Please increase the number of iterations, PBKDF2 with 8192 iterations is a
very bad idea in year 2016. I would consider 100k iteration the lower limit,
my Easy Passwords extension uses 256k. For reference, I described the threat
scenario here:

[https://palant.de/2016/04/20/security-considerations-for-
pas...](https://palant.de/2016/04/20/security-considerations-for-password-
generators)

Note that LastPass isn't a good example when it comes to security-relevant
decisions. If you are interested, I published a lengthy writeup under
[https://security.stackexchange.com/a/137307/4778](https://security.stackexchange.com/a/137307/4778).

~~~
guillaume20100
Hi Palant, I found your app in the comment today. So yes, LessPass was
developed it independently.

And yes we are working in a way to change the number of rounds of PBKDF2.
[https://github.com/lesspass/lesspass/issues/38](https://github.com/lesspass/lesspass/issues/38)

API already evolve
([https://github.com/lesspass/core/commit/70bebd5e5bcd0c9a32ac...](https://github.com/lesspass/core/commit/70bebd5e5bcd0c9a32ac6aee05ea4586f0a8773a)),
we are updating the user interface.

~~~
palant
I don't think that this is sufficient as long as 8192 is still the default.
Personally, I don't think that exposing the number of iteration is a good idea
at all - users have no way of knowing how much is enough. Frankly, it took me
quite a while to find out what contemporary hardware (especially GPUs) is
capable of and how many iterations should be considered safe today.

~~~
guillaume20100
LessPass starts with 8192 iterations. I prepare the code to increase this
number, I will not let users change it. We are creating an interface to change
master password and then we will plan a LessPass version change (with a number
of iterations changes)

------
avian
I don't know what these are used for, but secret keys generated from current
time are easy to guess. You only have to try around 2^24 values if you can
estimate installation time within a specific year.

[https://github.com/lesspass/lesspass/blob/master/lesspass.sh...](https://github.com/lesspass/lesspass/blob/master/lesspass.sh#L16)

~~~
mgliwka
The SECRET_KEY is used by Django, see here:
[https://stackoverflow.com/questions/7382149/django-secret-
ke...](https://stackoverflow.com/questions/7382149/django-secret-key)

EDIT: I've created a issue on GitHub about this.
([https://github.com/lesspass/lesspass/issues/43](https://github.com/lesspass/lesspass/issues/43))

------
fps
We need to re-think passwords. Password re-use is a big problem for technical
and non-technical users alike, because managing a unique generated password
between devices is hard. Dealing with password managers and syncing password
lists back and forth is super frustrating to users. None of the existing tools
work quickly and easily on all the different devices a user could be using, so
at some point everyone that uses a password manager is going to be stuck
fighting their password manager to log into a website. The user will likely
perform a password reset, which will send an email that allows the user to
bypass the password entirely.

Why not provide people with a quick and easy "login by email", since this
fallback is almost always available anyway? Slack does this
[https://auth0.com/blog/how-to-implement-slack-like-login-
on-...](https://auth0.com/blog/how-to-implement-slack-like-login-on-ios-with-
auth0/) and allows people to have accounts with no password memorization.
You're not making the login any less secure - any attacker with access to a
user's email can almost always perform a password reset anyway.

~~~
whyever
> Why not provide people with a quick and easy "login by email", since this
> fallback is almost always available anyway?

There was Mozilla's Persona (which was shut down a few days ago). Now there is
this:

[https://portier.github.io/](https://portier.github.io/)

------
jiehong
Not-so-good good idea?

Given that you already have dozens of site with their own passwords, you just
can't import your passwords, but you need to change all of them to start using
lesspass first.

Also, if the way the generation of passwords works changes later (i.e. bug),
then the users are stuck with a version, or the bug is never fixed, ever.

~~~
erikb
There are a lot of reasonable complaints in the comments, but "you need to
change your passwords when changing to this service" is actually not one. You
want to do that anyway from time to time, and when you are using a new
password manager is actually a great time.

~~~
joosters
If you want to change your passwords from time to time, as you say, then this
system isn't going to suit you, because it only ever generates one password
for each site.

~~~
5xman
You could change your master password from time to time and you chould
increase the counter (which changes your password) for a given site from time
to time.

------
romseb
I am surprised Stanford PwdHash [0] has not been mentioned yet as an
alternative, which has extensions for Chrome, Fx, Safari, Android, iOS,
Terminal and other software.

[0] [https://pwdhash.com/](https://pwdhash.com/)

------
cyphar
While the idea sounds alright (and I've seen similar ideas done before), there
are a few problems with this system that make me quite cautious about trying
it:

* In order to handle different password complexities, regeneration of passwords and similar setting, you have to use a "connected" version (read: you have to store the configuration). In addition, the configuration they have includes potentially sensitive information (password length, number of times password was changed, list of websites I use, _my username on the site_ ). And currently those profiles are unencrypted. So you in order for it to be useful it's no longer sync-less. As an aside, my bank (foolishly) uses my generated username as a "privileged" piece of information -- which means that I literally could not use this manager for my bank.

* You can't change your master password without updating all of your site passwords. This also means you can't import your old passwords without just changing them all. IMO this makes LessPass not a password "manager". It's a password generator.

* Also, the profile doesn't appear to contain any configuration details for the PBKDF, which seems like a bad idea (it means that they can never practically update the PBKDF without introducing backwards compatibility in the profile settings). Also not sure why they're using SHA when there are better password hashing algorithms.

* Aliases are impossible to implement (without adding more information to the profile), which just makes this impossible to use with SSO systems (I'm not going to remember which of the 5 different hostnames I used to generate a password I use once a year).

I've got to admit that I kinda like the symbols shown next to your password to
make sure you're using the right master password, but there doesn't seem to be
any description how that's generated. My guess is that it's similar to SSH
keyart (which then brings up the question how often will collisions happen
with only X^3 options, and can you have two passwords result in different
orderings of the same tokens).

Overall, seems like an okay idea. But I would prefer if someone just offered a
nice way to host your KeePass databases (or rather if there was an app that
did it). You could probably do it with git and push to GitLab or something,
but that is just ugly to do manually.

~~~
5xman
The login you use with lesspass doesn't need to match your actual login on a
web site. In fact, nothing needs to match anything real. You could use any url
or alias for the service you want to access ie "Google" and you can use your
real login or any other text, it doesn't matter as far as you remember it (You
could use 'me' for every site, I don't know why this field is required)

~~~
cyphar
Okay, but now I have to remember 3x as many things as with a managed password
manager. And how do I handle having multiple accounts on the same website?

"You can put whatever you want in field X" is not a solution to the problem
IMO.

~~~
5xman
> how do I handle having multiple accounts on the same website?

You use the url of the site and your different logins to generate different
passwords. What's so difficult about it.

Anyway, I don't think there is a problem at all.

Imagine this: I have 3 google accounts, which I use mainly for my gmail,
another one for google play on my android and another one for my kids (google
play, youtube). I could use the following setup: Gmail + me + masterpassword
for the first one, Google Play + me + masterpassword for the second one, and
Google Kids + kids + masterpassword. Another configuration could be: google +
mail + pass, google + play + pass and google + kids + password. I actually
would use my real login, since my accounts are already like this:
username.mail@gmail.com, username.play@gmail.com, username.kids@gmail.com.

First there is nothing new to remember here, I already rememeber that I have 3
different accounts and what they are for. Second, it doesn't matter how many
accounts you have on a site or how many sites you can access with the same
account. You can use the url of a site and a different login for several
accounts. You can use a description/purpose of your accounts and the same or
different logins for several accounts on SSO services.

As I said, I don't see the problem.

~~~
cyphar
> You use the url of the site and your different logins to generate different
> passwords. What's so difficult about it.

Your suggested solution of "not using your actual login" requires me to
remember something that is not related to my login. This means that for
multiple different accounts I need to remember twice as many things. Which
makes it impractical (they can't be linked to my account or else my profiles
will reveal the information).

> Imagine this: I have 3 google accounts, ...

I have ~8 different gmail accounts, all of which are used for emails. Yes,
they're for different purposes but your scheme won't help differentiate them
without also giving away my logins.

------
sonofgod
Don't use this if you're ever going to type in a password where the screen
might be shared -- the constantly-updating "is my password correct" glyphs
give away enough information to make it super trivial to decode by eye.

PS: the password for the demonstration gif is "passwordpassword"

~~~
spb
This is why I designed the similarly-updating glyphs in surpass
([https://stuartpb.github.io/surpass/demo.html](https://stuartpb.github.io/surpass/demo.html))
to only update after a half-second delay when masked.

------
ekiru
The _prettyPrint [1] and _getPasswordTemplate [2] functions they use to get
from the HMAC to the actual password seem to have a lot of issues:

\- _prettyPrint calls into _getPasswordChar which will then take the character
code modulo the length of the array of possible characters [3], which is
usually going to be biased if the character code is not uniformly distributed
between 0 (inclusive) and a multiple of the length (exclusive).

\- It's even worse because the input to _prettyPrint is the HMAC encoded as a
hexadecimal string. The impact of this depends on the size of the possible
character array, but in several cases, some of the options can never be chosen
and others will be chosen twice as often as others that can be chosen.

\- Using the hex encoding also drastically reduces the number of possibilities
for a given length even if that input was then used in a less flawed fashion.

\- _getPasswordTemplate appears to treat a password with lowercase/uppercase
letters as a series of alternating vowels and consonants (by appending 'vc' or
'VC' to the password template).

\- It also generally seems to define "password containing X and Y char types"
as "password containing X char type, then Y char type, then X, then Y, and so
on".

[1]:
[https://github.com/lesspass/core/blob/master/lib/index.js#L8...](https://github.com/lesspass/core/blob/master/lib/index.js#L82)

[2]:
[https://github.com/lesspass/core/blob/master/lib/index.js#L6...](https://github.com/lesspass/core/blob/master/lib/index.js#L66)

[3]:
[https://github.com/lesspass/core/blob/master/lib/index.js#L1...](https://github.com/lesspass/core/blob/master/lib/index.js#L117)

------
ch0wn
I've used PasswordMaker in the past which uses the same concept but recently
moved away from it. Changing passwords is a pain as you now have to remember
special parameters for certain pages. Even worse, in case of a compromise of
your master password, you're toast. The same is true when losing your password
manager database + credentials, but at least you will have a list of all your
compromised records which you would have to keep separate in this case.

I've moved to KeeWeb since then + CPK for Chrome and Keepass2Android on my
phone and couldn't be happier.

------
Ruphin
Hi Guillaume,

Your master password is 'passwordpassword'. 10 points if you know how I
figured that out :)

~~~
PuffinBlue
An issue was raised for this over on GitHub[1] after it was pointed out by
others.

Quite an interesting example of how easy it is to slip up and make something
trivially crackable.

[1]
[https://github.com/lesspass/lesspass/issues/48](https://github.com/lesspass/lesspass/issues/48)

------
corobo
What happens when the method of creating passwords needs updating, do I then
need to visit countless numbers of sites to change the password?

I like the idea don't get me wrong, I just can't see all of the downsides
right now which will stop me using it.

Elephant in the room: Are you going to be sued by lastpass for the name?

~~~
guillaume20100
We are not a danger to LastPass. We'll see in time if it happens. The idea
came after using KeePass -> I want to keep less passwords -> lesspass ->
lesspass.com is available -> done

------
HackinOut
I wouldn't use a password manager system that doesn't have the ability to
change the master password.

EDIT: You can't change any password really, without changing all of them (or
having a separate master password). Seems unpractical as soon as, for example,
site X gets its database hacked.

~~~
mgliwka
Actually, you can. See [https://blog.lesspass.com/lesspass-how-it-works-
dde742dd18a4...](https://blog.lesspass.com/lesspass-how-it-works-
dde742dd18a4#.3lqvm28uu)

~~~
HackinOut
That is either by using the "connected version" or loosing the multi devices
ability. BTW shouldn't the "connected version" be the one detailed on the home
page? Sure sounds more attractive to me.

~~~
bryanlarsen
Or you have to remember the counter. Since most people just append a counter
to their password for those sites that force them to change regularly, it's
not really that different. :)

------
viralpoetry
I have created Alzheimer Password Manager on the same ideas as this one.

I believe the better idea is to use also user specific salt per browser. In
that case, the passwords are more unique, and the threat model changes
dramatically.

Current Threat Model:

* No one with an access to the PC with installed extension should be able to authenticate without knowing the correct passphrase.

* The same passphrase used in two different web browsers should produce two different passwords (cryptographic salt will solve this problem).

* If an attacker obtains password for some websites, she should not be able to derive passwords for another websites using that knowledge.

* Attacker should not be able to brute force master passphrase from the salt and knowledge of one password (PBKDF with lots of iterations).

* it provides protection against basic keyloggers (but they can read our salt from the memory / file...)

[https://chrome.google.com/webstore/detail/alzheimer-
password...](https://chrome.google.com/webstore/detail/alzheimer-password-
genera/emclcafdgdeodlhpenmejdapecfgenof)

[https://github.com/viralpoetry/password-
generator](https://github.com/viralpoetry/password-generator)

------
hellofunk
One issue with this is that URLs for sites can, and in my experience, often
do, change, while logins remain the same. A password that uses the URL/site
itself may no longer work unless you can remember the old site. That's a
headache. I used to have my own mental model of generating a password based on
a URL, and it eventually failed several times over because of this issue.

------
wyclif
A gentle critique: don't use "How it works?" since that is not proper English.
"How does it work?" is better.

~~~
dancek
"How it works" without the question mark is fine, too. The site actually uses
"How it works ?" which is a dead giveaway that the author is French.

As an ESL speaker myself, I wouldn't nitpick about grammar, though. The
language on the site is very good in general, and learning second languages is
very difficult. Je sais je ne peux ecriver francais bien. Right?

~~~
wyclif
Yes, I should have added that "How it works" sans question mark is proper as
well.

------
msl09
I started using Nic Wolff's password generator[0] to solve that very problem,
but I noticed that the need for connected passwords makes up a large size of
the passwords that I needed to use, so I gave up on the idea of "store nothing
passwords". The idea of generating always the same password for the same site
is also doesn't work, because of database breaches, so in the end I created a
program[1] that did all the things I needed. Check the README to know how it
works.

[0] -
[http://angel.net/~nic/passwd.current.html](http://angel.net/~nic/passwd.current.html)

[1] -
[https://github.com/marceloslacerda/password_generator](https://github.com/marceloslacerda/password_generator)

~~~
majewsky
Looks pretty similar to what I'm using:
[https://github.com/majewsky/pwget](https://github.com/majewsky/pwget)

Mine doesn't have any provisions for passwords with a specific length or
charset. If someone does not like what my pwget generates, I will adjust the
password manually and write down the rules in a file that is kept in a private
Git repo.

------
3pt14159
Very cool project!

One thing though, LessPass sets HSTS headers, but should include the
`includeSubDomains` directive and the `preload` directive to stop a first time
MITM (for example, when you get a new phone). Once these are done, LessPass
should be added to various browser preload lists.

------
mrleinad
What happens if a site requires you to change passwords regularly and keeps a
history of the passwords you've used? Wouldn't you be locked on a single
password for each site (or a very limited number of options to force the app
to change it)

~~~
askmike
I guess you can increment the password length by one each time. Though you
have to keep track of the last used length.

~~~
fnj
For brain dead sites with rules like "min 6 chars, max 8, mandatory change
every 60 days", that won't take you very far.

------
nicwolff
I may be the inventor of in-browser hash-based password generation – at any
rate, most of the early variants like SuperGenPass [1] credit mine [2] as the
original. And I still use it for low-value sites – but I let iCloud Keychain
generate, store, and sync passwords for e-commerce sites and e-mail services,
for all the reasons mentioned by others here.

[1]
[https://github.com/chriszarate/supergenpass/wiki/FAQ](https://github.com/chriszarate/supergenpass/wiki/FAQ)

[2]
[http://angel.net/~nic/passwd.current.html](http://angel.net/~nic/passwd.current.html)

~~~
bascule
Does your work predate Stanford PwdHash?

[https://crypto.stanford.edu/PwdHash/](https://crypto.stanford.edu/PwdHash/)

~~~
nicwolff
Maybe! archive.org's oldest capture of my page [0] is from 22 Dec 03, and
doesn't have anything for Stanford's until 9 Apr 04 [1]. But I don't think
they got the idea from me, since the first links to my page from blogs and
aggregators came in Sep 04 after I added the bookmarklet [2].

[0]
[https://web.archive.org/web/20031222201145/http://angel.net/...](https://web.archive.org/web/20031222201145/http://angel.net/~nic/passwd.html)

[1]
[https://web.archive.org/web/20040507195550/http://crypto.sta...](https://web.archive.org/web/20040507195550/http://crypto.stanford.edu/PwdHash/)

[2] [http://jonudell.net/udell/2004-09-07-nic-wolffs-single-
signo...](http://jonudell.net/udell/2004-09-07-nic-wolffs-single-signon-
bookmarklet.html)

------
vrikis
I used to use SuperGenPass[1] to do exactly this, but what you'll soon find is
that every website has slightly different password rules, so you'll have to
start memorizing unique settings for each site (i.e. website X can't have
certain chars, website Y can't be longer than 12 chars, etc...). Then you run
into the issue of multiple things you need to remember, such as secret answers
for various questions, birthdays that you may lie about, etc...

Much easier to just use a vault to store all this.

[1]
[https://chriszarate.github.io/supergenpass/mobile/](https://chriszarate.github.io/supergenpass/mobile/)

------
arantius
I did roughly the same thing twelve years ago, with even less security built
in (hey, I was young(er)):

[https://bookmarklets.arantius.com/password+maker+bookmarklet](https://bookmarklets.arantius.com/password+maker+bookmarklet)

I did not market it so heavily. It has the same problems, most importantly
rotation. As soon as you want to rotate one site's password the only option is
to change the "master" password, but now you need to remember which site uses
which master password, and your utility is gone. The random site requirements,
as mentioned, is also a big deal.

------
atemerev
OK, fine. This is one thing I can finally use.

(I can't use regular storage-based password managers, as I have ADD and I will
lose my password file. If it is backed up, I will lose a backup, or I will
forget to update it when passwords are changed, or something else. I always
screw such things up, this is absolutely inevitable, so I have to prepare. To
compensate, my symbolic memory is excellent, so I just chose to memorize all
my passwords, as I can't lose my head. But even my memory has limits, and I
had to lose some entropy on my passwords to keep them all in my head.)

Now, I will get the best of both worlds.

~~~
teach
What's wrong with something like Lastpass?

~~~
atemerev
Lastpass is something I have no control of. Leaks can happen (already have:
[https://blog.lastpass.com/2015/06/lastpass-security-
notice.h...](https://blog.lastpass.com/2015/06/lastpass-security-
notice.html/)). More importantly, DDoS can happen, and I will be out of access
to everything.

~~~
blueplanet200
Lastpass stores your password encrypted. If in your threat model you're
unwilling to use Lastpass because of the leakability of the master database,
you should avoid Lesspass since trying to guess your password on Webstie X
given Lastpass database is more/less the same as trying to guess it given
you're using Lesspass.

~~~
atemerev
Like I said before, leakability of master database is not that big concern.
DDoS on Lastpass, however, is a very likely scenario, especially in the light
of recent high-profile DDoS attacks.

~~~
xpil
DDoS on LastPass is not a big deal as long as you have at least one device
logged on. LastPass database is stored locally and can be used off-line.

------
leepowers
Aside from the security concerns already noted I have two major questions:

1) How do I change my master password? It appears that all generated passwords
would change as well. Even master passwords should be expirable and
changeable.

2) I don't just use a password manager to manage passwords. I use it to manage
_credentials_. I have a ton of credentials, so I need something that will
remember the _usernames_ for me as well. Otherwise I don't just have to
memorize the master password - I also have to memorize the usernames for the
hundreds of different logins I'm managing. That's a non-starter.

------
tim333
How it works roughly: [https://blog.lesspass.com/lesspass-how-it-works-
dde742dd18a4...](https://blog.lesspass.com/lesspass-how-it-works-
dde742dd18a4#.wwoj952kz)

It seems they take info from the site (its name?) plus your master password
and hash them - "LessPass uses PBKDF2 with 8192 iterations and a hash function
sha-256."

I guess they then produce something of the required length and characters from
the hash.

Guess it's ok till someone finds your master password.

------
mehdix
I use [pass]([https://www.passwordstore.org/](https://www.passwordstore.org/))
which is an open source command line password manager. It uses gpg to encrypt
passwords which in turn is setup to use a hardware key with its own password.
The downside is the metadata which is exposed in file system tree, however the
data is stored on a dm-crypted disk. Difficult to setup but much more secure.

------
iKlsR
Enpass is my goto, recently recommended it to some people as well and all are
happy. I have it on my phone as well as work PC, personal laptop and a linux
box. One master password and it's all local, I just use dropbox to sync the
encrypted "wallet" so I have my accounts on all my devices.
[https://www.enpass.io/](https://www.enpass.io/)

------
mikegerwitz
See also gnu-pw-mgr (CLI):

[https://www.gnu.org/software/gnu-pw-mgr](https://www.gnu.org/software/gnu-pw-
mgr)

It generates passwords based on a secret key ("seed") and memorized
transformations to URLs. You can adapt that to use a master password, if you
so desire, by using a password as a base for such a transformation, but that's
not built in.

------
lsrom
I wrote a short blogpost about LessPass, it's security and what should be done
in near future. You can find it here:
[http://lsrom.cz/blog/2016/11/08/lesspass_why_holding_back_ge...](http://lsrom.cz/blog/2016/11/08/lesspass_why_holding_back_gets_you_nowhere.html)

------
sschueller
This one isn't bad either [https://keeweb.info/](https://keeweb.info/)

~~~
arcticfox
This looks really nice as well, is there a catch? Why would I pay for eg
LastPass?

~~~
Marc_Bryan
Lastpass is free now for mobile devices! If that is what you were willing to
pay for!

It syncs seamlessly across all desktop browsers, iOS and Android devices
without any issues.

~~~
arcticfox
Oh! Thanks.

------
nachtigall
How is this better/worse than [https://addons.mozilla.org/en-
US/firefox/addon/easy-password...](https://addons.mozilla.org/en-
US/firefox/addon/easy-passwords) which claims that "No web servers involved,
the data never leaves your computer."?

------
Marc_Bryan
Lastpass is free now for mobile devices. Enjoy!

------
laurent123456
Same as this one -
[https://ssl.masterpasswordapp.com/](https://ssl.masterpasswordapp.com/) and
also same problem that if you need to change your master password, all the
passwords of all your websites becomes invalid. I really don't see how this
kind of solution is workable.

------
dexterdog
Why do none of the password managers integrate a decent xkcd password option?
I like having a complex password, but God forbid I have to ever read it from
my phone and type it somewhere else. xkcd is easy. Use a word dictionary pick
a few words and delimit them with special characters. Mix the case as an
option, too.

------
libeclipse
I made something similar to this:
[https://github.com/libeclipse/visionary](https://github.com/libeclipse/visionary)

Works by using a master password and a keyword to generate a seed, then
applies various deterministic algorithms to generate multiple passwords.

------
Nux
Nice idea and willing to try it, but..

"The requirement for self-hosting is to have docker and docker-compose
installed on your machine."

Fsck that.

If I will trust this with my passwords, I need to know how to _really_ install
it. I can't trust you if all you have to offer is a steaming pile of docker or
your idea of how I should run my systems.

~~~
fapjacks
If you knew anything about the applications you disparage, you would know how
to take a Dockerfile and docker-compose.yml file and determine exactly how to
install it on your system. Since that's what they do.

~~~
Nux
Of course that I know how to do that. What bothers me is the first approach
they take.

------
stcredzero
I wish someone would make a sync-friendly open source password manager.
Something like KeePass, but with fewer features, user initiated auto-fill, has
a client on just about all platforms, and is designed ground-up to live on a
file sync service like Dropbox or Google Drive.

------
rahvee
If you re-generate the password for each site, rather than sync, it means (1)
you can't change your password on that site, (2) if any site puts in the
effort to brute-force guess your password, they will have access to _all_ the
sites you visit.

This is not a good idea.

------
leshow
I did a quick over-look of the information on the site, but it looks to me
that this is a pretty bad 'password manager'

it looks like anyone can try to brute force your password based on the
login/site combo. can someone tell me why i'm wrong here?

------
s9ix
Wouldn't enabling two-factor on the primary login and naming sites whatever
you want solve most gripes with this (in the comments here)?

i.e. I name hacker news hn or hack, as opposed to news.ycombinator.com - one
more thing to guess for an attacker.

------
chiefalchemist
This only confirms one thing: How we're doing account security is inadequate
at best. Perhaps LessPass comes up short, but that's more a symptom of the
broader problem than it is a mistake on the part of LessPass and its ilk.

------
mgliwka
Here a write up on how it works: [https://blog.lesspass.com/lesspass-how-it-
works-dde742dd18a4...](https://blog.lesspass.com/lesspass-how-it-works-
dde742dd18a4#.3lqvm28uu)

------
jhasse
I've written a native app (in C++ with wxWidgets) with the same principle:
[https://bixense.com/pwcalculator/](https://bixense.com/pwcalculator/)

------
dchest
Obligatory post about password generators:
[http://crypto.stackexchange.com/a/5691/291](http://crypto.stackexchange.com/a/5691/291)

------
ciorici
I've been using a similar tool long time ago:
[http://angel.net/~nic/passwd.current.html](http://angel.net/~nic/passwd.current.html)

------
jasikpark
A more developed and mature implementation of a stateless password manager is
[http://masterpasswordapp.com](http://masterpasswordapp.com)

~~~
rorygreen
Out of interest, do you actually use this? I saw it recommended on HN before
and tried it. I found it has one of the most awful UIs I've ever seen. I found
it completely unusable and dropped it immediately. I'm not saying people
shouldn't use it if it works for them but I don't think I could honestly
recommend it to anybody.

------
redpanda_ua
Is this better than this:
[https://ssl.masterpasswordapp.com/](https://ssl.masterpasswordapp.com/) ?

------
marcioaguiar
How is this different from having one password for all sites? If I break the
master password I gain access to everything.

~~~
minitech
If you use one password for all sites:

* if password hashes from any site you use leak and they’re weak, you’re compromised everywhere

* if any site is or becomes malicious and its operators/hackers read your password, you’re compromised everywhere

This approach (maybe not implementation – its hashing is kind of weak) is fine
if your master password is strong enough, which it should be.

------
lindner
This looks a lot like [https://getvau.lt/](https://getvau.lt/)

------
shinigami
> PBKDF2 with 8192 iterations

Not nearly good enough.

------
wjd2030
So what is stopping someone who already knows the username from generating the
correct password?

------
SippinLean
Maybe make the difference between your name and LastPass more than 2 letters?

------
mihaifm
Does anyone know a good password manager that uses touch id, on the iphone?

------
cchubitunes
At last, a simple software project a beginner can understand.

------
daurnimator
SuperGenPass is (was?) a similar concept: supergenpass.com

~~~
palant
Please don't use that, the password derivation "algorithm" used there is
extremely weak. I explained the issue a while ago here:

[https://palant.de/2016/04/20/security-considerations-for-
pas...](https://palant.de/2016/04/20/security-considerations-for-password-
generators)

That blog post lists two extensions with hashing algorithm "custom" \- that's
SuperGenPass.

------
jayeshsalvi
Can I change the master password?

------
trungonnews
what happens if someone figured out your master password?

------
rorygreen
I feel like most of the complaints here are about stateless password
managers/generators in general. If not being able to change your master
password is an issue to you, then this type of password manager is not for
you. The cryptographic arguments seem more valid and worth considering if you
plan to use this. I was planning to build something very similar to this as I
came to the same conclusions as the creator of LessPass, that the existing
solutions are not satisfactory for my use case.

My current choice in software of this type is Twik
([https://github.com/gustavomondron/twik](https://github.com/gustavomondron/twik))
because it has an Android app available from F-Droid and an extension I can
install in Chromium. The browser extension is especially good but not without
faults. For daily use I find this adequate but I find myself in situations
where I need to access a password outside of a browser or my phone which is a
huge pain. Other drawbacks include no ability to change or bump the password
to a new one without creating a new profile. Keeping my phone and computer in
sync is also slightly annoying as you need to manually copy the UUID (long-ish
complicated string) which is used to identify each profile.

I think a lot of these issues could be overcome by relatively simple solutions
just by applying some sensible design without going all in and trying to be
everything at once like LessPass is. If, for example, Twik generated QR codes
for its profile keys which you could scan in the mobile app, it would speed
things up massively. If it had a compatible CLI interface and a macOS menu bar
application, it would be fantastic.

I'd also rather not bother with creating an account with another service just
to sync my password version numbers and silly password rules that sites
implement. The ability to self-host LessPass is nice but do I really need to
bother with this? What's wrong with syncing this information in a simply
formatted, maybe also encrypted, text file with services I already use such as
Dropbox or Google Drive? Also, why is the default password length 12
characters? It's a small gripe but I thought the whole point of using software
like this was to enforce good password practices.

I think [https://getvau.lt/](https://getvau.lt/) gets pretty much everything
right other than having to remember the rules of each password every time you
generate it which, for me, isn't much better than remembering different strong
passwords for multiple sites.

I've been hoping for some time that somebody would create a solution that I
feel makes sense so I was excited to see this post but unfortunately it seems
to have too many drawbacks for me personally to incorporate into my daily
life. The open source nature of a lot of these products is very helpful and
will hopefully reduce the effort I will have to eventually put into building a
solution that gets out of my way.

------
fnj
When I find stuff like this that uses SHA256, I instantly just tune out.
SHA256 is stupid. Use SHA512 or find another line of work. SHA512 is
astronomically more secure. Anyone who is using anything less than SHA512 for
hashing is an idiot.

~~~
palant
SHA512 is astronomically more secure how exactly? Under which scenarios?

Just so you know: SHA1 is problematic because of potential collision attacks.
So you should definitely not use SHA1 for signing anything because it might be
possible to construct a different document with the same signature. That's it.

What does it have to do with password derivation? Nothing at all. Collision
attacks are irrelevant, what matters is computational complexity. So if you
use PBKDF2-HMAC-SHA1 the only thing that would make your solution less secure
is some shortcut allowing to compute a SHA1 hash radically faster without
throwing faster hardware at it. And so far nobody found one.

Since you seem to like name calling, what do you call somebody making
authoritative statements on matters they don't understand?

For reference, I am the author of Easy Passwords extension which uses a
concept similar to LessPass. And it also uses SHA1 - for technical reasons.

