Privacy Friendly App that deterministically generates passwords from parameters and a master password.
Home Page: https://secuso.org/pfa
License: GNU General Public License v3.0
another developer:
Hi @Wjxfi thanks for the feedback.
why do you want to increase the length of the password so much? Do you have any particular use cases?
In general, the password required in login forms is in the range of 30-40 characters maximum.
I am developing a passphrase creation section (#3), perhaps in contexts where a very long password is required the passphrase can be used, what do you think?
For convenience I could also add the length of the generated string to the passphrase screen so that the user has evidence of the number of characters.
wjxfi:
create it however you want. i haven't studied it, so i can't say which is better.
For me I really need such a long password. for file encryption (most important (small passwords are not reliable)), creating special accounts, backups, etc.
What happens: When editing an existing password while the list of passwords is filtered by a search term, the edit popup will show the password properties of the first entry in the unfiltered list of passwords.
What I expect: The edit popup shows the properties of the password I tapped on, no matter if the list is filtered or not.
Android version: 8.1
Hi there,
thx for the fine app. I use it as a pw generator for every site i visit. Now I have over 35 accounts in there. I want to install another os on my phone and would have to write down evey pass just to be sure it will work after that. Since the passwords are generated from account name and user name. I have set everywhere a username. I think it is also case sensitive.
Would be nice to have the ability to export and import them.
I like the idea of using a master password as a salt to generate per-site passwords. This is similar to an idea I had except that in my version the final passwords were generated by using the bits of the hashed string to pick a number of real words from a fixed length dictionary. For example if you had a dictionary of 4096 (2 ^ 12) words, the first 36 bits could be used to pick three words from this list. (You would need to add some extra characters as well to pass password rules but you see the idea.)
The reason I like this scheme is that, once generated, the passwords for each account would be easy to remember purely mentally, whereas passwords made from a random sequence are hard to remember. This would mean that for sites you use often you would not need to keep regenerating the passwords.
For this to work, the extra characters should probably be chosen by the user but fixed for all accounts.
Connect Privacy Friendly Password Generator with Sync and Share when ready.
API 33 introduced the option to Hide sensitive content from clipboard. This would hide the password from the content preview.
Limiting the length to 25 characters seems unnecessary. Unicode support increases the amount of possible passwords (most hackers probably wouldn't even bother).
Currently swiping left/right just instantly removes an account and the small revert popup is shown too briefly.
Git Hub Repository Link
https://github.com/SecUSo/privacy-friendly-passwordgenerator
Expected Behaviour
When ever i search for a key word and i get the results then rotate the screen i expect the search results to still be available.
Actual Behaviour
When ever i search for a key word and i get the results then rotate the screen the search results disappears and i get taken back to the home page.
How To Reproduce
download the password generator apl from fdroid
open the app and make use of the search box at the top of the app to be able to search for existing accounts
once you get the results of the search, rotate the screen
Browser: Password Generator Version 1.0.2
Operating System: Android 7.0
Recording Of The Bug
https://youtu.be/WbUGuxyp2rs
Exclusively on Android 4
java.lang.IllegalStateException: at android.app.Fragment.getResources(Fragment.java:766) at android.app.Fragment.getString(Fragment.java:788) at org.secuso.privacyfriendlypasswordgenerator.dialogs.BenchmarkDialog$2.onPostExecute(BenchmarkDialog.java:130) at org.secuso.privacyfriendlypasswordgenerator.dialogs.BenchmarkDialog$2.onPostExecute(BenchmarkDialog.java:108) at android.os.AsyncTask.finish(AsyncTask.java:631) at android.os.AsyncTask.access$600(AsyncTask.java:177) at android.os.AsyncTask$InternalHandler.handleMessage(AsyncTask.java:644) at android.os.Handler.dispatchMessage(Handler.java:99) at android.os.Looper.loop(Looper.java:137) at android.app.ActivityThread.main(ActivityThread.java:5419) at java.lang.reflect.Method.invokeNative(Native Method:0) at java.lang.reflect.Method.invoke(Method.java:525) at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:1187) at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1003) at dalvik.system.NativeStart.main(Native Method:0)
I expected the app to exit the benchmark feature (when I click on 'Done') without crashing.
I clicked on the 'START' button and the time was shown. I clicked again and observed the time that was shown got updated. Then I kept clicking on the 'START' button so the time would keep updating.
Afterwards, I clicked on the 'DONE' button and there was an application error.
I noticed that the application error occurs whenever the time is above 2 seconds.
Device: Gionee f100s
Android version: v6.0
App version: v1.0.3
06-15 10:17:30.166 956-2216/? V/WindowManager: findFocusedWindow: Found new focus @ 3 = Window{24d544a u0 org.secuso.privacyfriendlypasswordgenerator/org.secuso.privacyfriendlypasswordgenerator.activities.SettingsActivity}
06-15 10:17:30.168 956-2216/? V/WindowManager: Set focused app to: AppWindowToken{53f09a8 token=Token{69badcb ActivityRecord{21f909a u0 org.secuso.privacyfriendlypasswordgenerator/.activities.MainActivity t5150}}} old focus=AppWindowToken{9051dec token=Token{30f23fd ActivityRecord{f4f1854 u0 org.secuso.privacyfriendlypasswordgenerator/.activities.SettingsActivity t5150}}} moveFocusNow=true
06-15 10:17:30.169 956-2216/? V/WindowManager: findFocusedWindow: Found new focus @ 3 = Window{24d544a u0 org.secuso.privacyfriendlypasswordgenerator/org.secuso.privacyfriendlypasswordgenerator.activities.SettingsActivity}
06-15 10:17:30.182 956-27597/? D/AES: process : org.secuso.privacyfriendlypasswordgenerator
06-15 10:17:30.182 956-27597/? D/AES: module : org.secuso.privacyfriendlypasswordgenerator v4 (1.0.3)
06-15 10:17:30.183 956-27597/? D/AEE/LIBAEE: shell: raise_exp(4, 27536, -1361051648, org.secuso.privacyfriendlypasswordgenerator, 0x0x96a8bbe0, 0x0x0)
06-15 10:17:30.185 27598-27598/? I/AEE/AED: [OnPurpose Redunant in void preset_info(aed_report_record*, int, int)] pid: 27536, tid: -1361051648, name: UNKNOWN >>> org.secuso.privacyfriendlypasswordgenerator <<<
06-15 10:17:30.185 27598-27598/? V/AEE/AED: dashboard_record_update() : rec->module = org.secuso.privacyfriendlypasswordgenerator
06-15 10:17:30.185 27598-27598/? D/AEE/AED: Module: org.secuso.privacyfriendlypasswordgenerator
06-15 10:17:30.188 956-990/? D/ViewRootImpl: hardware acceleration is enabled, this = ViewRoot{b0dc712 Application Error: org.secuso.privacyfriendlypasswordgenerator,ident = 73}
06-15 10:17:30.188 956-990/? D/WindowManager: addWindowToListInOrderLocked: win=Window{3a790e0 u0 Application Error: org.secuso.privacyfriendlypasswordgenerator}
06-15 10:17:30.188 956-990/? V/WindowManager: Free window: Adding window Window{3a790e0 u0 Application Error: org.secuso.privacyfriendlypasswordgenerator} at 4 of 10
06-15 10:17:30.189 956-990/? V/WindowManager: findFocusedWindow: Found new focus @ 4 = Window{3a790e0 u0 Application Error: org.secuso.privacyfriendlypasswordgenerator}
06-15 10:17:30.189 956-990/? V/WindowManager: Changing focus from Window{24d544a u0 org.secuso.privacyfriendlypasswordgenerator/org.secuso.privacyfriendlypasswordgenerator.activities.SettingsActivity} to Window{3a790e0 u0 Application Error: org.secuso.privacyfriendlypasswordgenerator}
06-15 10:17:30.189 956-990/? D/WindowManager: Input focus has changed to Window{3a790e0 u0 Application Error: org.secuso.privacyfriendlypasswordgenerator}
06-15 10:17:30.189 956-1021/? I/WindowManager: Focus moving from Window{24d544a u0 org.secuso.privacyfriendlypasswordgenerator/org.secuso.privacyfriendlypasswordgenerator.activities.SettingsActivity} to Window{3a790e0 u0 Application Error: org.secuso.privacyfriendlypasswordgenerator}
06-15 10:17:30.189 956-1021/? I/WindowManager: Gaining focus: Window{3a790e0 u0 Application Error: org.secuso.privacyfriendlypasswordgenerator}
06-15 10:17:30.200 256-256/? D/BufferQueueDump: [Application Error: org.secuso.privacyfriendlypasswordgenerator] this:0xb5aee460, value:0xbee3a690, iLen:6
06-15 10:17:30.201 956-990/? V/WindowManager: findFocusedWindow: Found new focus @ 4 = Window{3a790e0 u0 Application Error: org.secuso.privacyfriendlypasswordgenerator}
06-15 10:17:30.216 956-3322/? D/OpenGLRenderer: CanvasContext() 0x9ed85800 initialize window=0x9e524008, title=Application Error: org.secuso.privacyfriendlypasswordgenerator
06-15 10:17:30.237 956-1021/? I/WindowManager: Losing delayed focus: Window{24d544a u0 org.secuso.privacyfriendlypasswordgenerator/org.secuso.privacyfriendlypasswordgenerator.activities.SettingsActivity}
06-15 10:17:30.670 956-989/? W/ActivityManager: Activity pause timeout for ActivityRecord{f4f1854 u0 org.secuso.privacyfriendlypasswordgenerator/.activities.SettingsActivity t5150 f} ```
My suggestion will improve users experience with the app. The suggestion requires an additional option in the app settings.
I understand how this project takes security issues seriously, and at the same time, the app seems to be privacy friendly. I noticed that the application has FLAG_SECURE feature enabled. For those who don't know what FLAG_SECURE is, it's a feature that disables the app screen from being be captured or recorded.
My experience with the app was awesome, but, I think there's an option missing. This option is the ability for users to enable, or disable the FLAG_SECURE feature.
The FLAG_SECURE can be narrowed down to users level, by adding an option in the app settings to disable/enable screen recording.
I sincerely understand that the project is aiming at setting its security level at topnotch while being friendly. But, I at the same time, I believe if this option is implemented, the app will be even more friendly, and will still main its privacy level.
The button can be titled as Screen security. Once this button is switched on, users won't be able to take recordings or screenshots, while when it's turned off, will be the opposite case.
Implementing this request will definitely let any user enable or disable screenshot feature. I know it's an issue, but, it can be solved by enabling Master password while trying to disable FLAG_SECURE option. This simply means if a user doesn't have the Master password, then the user can't enable screen recording. The app has the master key enabled already. So, requesting for the master key while turning off FLAG_SECURE option should be an ease intent.
Before the user could turn the screen security off, he/she must have entered the app master key.
If this feature is implemented, the account owner will be free to take screenshots for personal reasons. As I have sated at the beginning of this suggestion that, I had a nice time with the app. But, I needed to take a screenshot of the app, but I was denied access.
Also, I might decide to take screenshots of my passwords so as to save them on another storage( picture form), as we all know an app can be uninstalled anytime, and I don't want to lose my passphrases to my accounts.
The toolbar should contain a magnifier, after tapping on it a search dialog should open.
Is currently commented for testing
Either the colour of the textdrawable should be changeable or it should be replaced by the icon of a service. We should investigate whether this is feasible without the Internet Permission.
Missing info about how-to back up this app's data to make it clear to users how they can do this. This is very necessary when a user is switching physical phones.
Currently the app displays the password in non-monospace font. This creates ambiguity when you are typing them out on separate devices. Notably I had problems with I, l, and |, each corresponding to uppercase I, lowercase l, and symbol |. This has made me either go through several versions and find the one that has no ambiguity, or limit the character set to eliminate them. Copy-paste is not an option since it needs to be typed in separate location. I propose either:
Just a minor adjustment, but could you please fix the gradle conf:
Found plain HTTP URL for gradle repository:
build/org.secuso.privacyfriendlypasswordgenerator/app/build.gradle
repositories{
maven {
url 'http://dl.bintray.com/amulyakhare/maven'
}
gradle build uses plain HTTP URLs for repositories! This is insecure!
https://max.computer/blog/how-to-take-over-the-computer-of-any-java-or-clojure-or-scala-developer/
ERROR: Job failed: exit code 1
(fdroid build complains, pipeline breaks) Fix should be as easy as replacing http by https (URL works then) – but not being an Android dev I cannot verify that.
Thanks!
Master password needs minimal 8 characters.
I'm a PhD student interested in finding security vulnerabilities in open source projects.
We found a total of 2 warnings (indicating potential vulnerabilities) when running the CogniCrypt static analyzer (*) on privacy-friendly-password-generator (or its library dependencies). We documented each one of these issues in private gists for the sake of confidentiality (non-disclosure).
Can you please let us know whether we can share these gists with you? We are eager to evaluate the perception of developers (e.g. severity of these warnings) and improve on privacy-friendly-password-generator's security, and the quality of the reports of static analysis tools.
Confusion whether its a point for thousands or seconds. It should be made clear that seconds are meant.
Git Hub Repository Link
https://github.com/SecUSo/privacy-friendly-passwordgenerator
Expected Behaviour
When i generate a password and switch to landscape mode i expect the generated password to still be visible.
Actual Behaviour
When i generate a password and switch to landscape mode the generated password goes away from the screen.
How To Reproduce
download the password generator app from fdroid
open the app and create an account or click on existing accounts to be able to generate password
input the master password
click on "GENERATE"
Browser: Password Generator Version 1.0.2
Operating System: Android 7.0
Recording Of Bug
https://youtu.be/41UnjLRgNKI
Various sites require characters from a "special" that is a subset of passwordgenerator's special character set. It can take dozens of versions to get a satisfying password.
It would be nice to be able to specify which characters (especially from the special set) we want to include. For example, we could specify:
Allowed: "!@#$%^&*()" + lower + upper + numbers
which would not return passwords that contain "-_=+[{]}|;:'",<.>/?"
https://github.com/SecUSo/privacy-friendly-passwordgenerator
Password Generator (Privacy Friendly) is an open source application with the help of this application you can generate a difficult password for every account.
in this application you can create an easily strong password just click on the account the put the master password ( The master password is a password made up by you and it guides all other passwords ) and just click on the generate the password will be generated.
The components (Features) I want to suggest is
This feature must be in this application and This feature will increase the utility of application.
1- Saved Password
according to my information, this very simple and useful application and all the features are really amazing but I want the suggestion Saved password features in the application.
This option for those people who want to save the password in this application.
According to my information Saved Password very neccery for those people who want to Save password here you know the strong password do no remember in the mind every time.
this is very easy to use this option when you generating the password There will be a password save option with a copy icon simply click on the button of Save password your password will be saved in Saved Password list
here you can see your Saved Password
You do not need to Good memory to remember your strong password. you can Fast Access to your account with help of Saved Password option. with the help of this button, you can use a strong password for every account
https://github.com/nasirshah1813
.
A user of my PfP pointed me to this app. Since I've done some (very cursory) analysis already, I thought that I would share the findings with you. The password generation algorithm as it is implemented right now has multiple issues:
Finally, it is concerning that passwords generated are device-specific, as there is no way to recover passwords should that device fail.
This prevents to see the accounts used with the app.
قمقحنتي
ج
The list of parameters should be sort alphabetically by pressing a button.
This would allow per account salts and would allow the backup to simply copy the salts and still have unique password generation
Hi,
It’s nice to be able to see the master password in clear text (typo is easy). But I’d like this feature to be limited in time. The master password should be hidden after a timeout (10 s), and should not be shown anymore unless it is typed again.
Why ? Because, sometimes my phone locks itself after I typed the master password and displayed it in clear text. When the phone is unlocked, the master password just appear in clear text. (and maybe, someone else could unlock my phone).
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.