beval/password_zebra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
password_zebra/README.md
Pavel Baksy 2b3fc88f31 Add README
2026-03-06 20:27:06 +01:00

69 lines
2.2 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Password Zebra
An open-source Android password manager with two core features: a syllable-based random password generator and a deterministic password vault. No passwords are stored — they are derived on demand.
**Minimum Android version:** 10 (API 29)
<!-- Screenshots -->
## Features
### Random Password Generator
Generates memorable, pronounceable passwords from a syllable corpus. Options:
- Word count (110)
- Remove spaces
- Add special characters (uppercase letter, digit, special symbol inserted at random positions)
### Deterministic Password Vault
Derives passwords reproducibly from three inputs:
- **Master password** — known only to you, never stored
- **Device secret** — random key generated once and stored in Android Keystore via EncryptedSharedPreferences
- **Service name + counter** — identifies the account and allows rotation
The derivation uses **Argon2id** (memory: 64 MB, iterations: 3) so the same inputs always produce the same password, on any device that has the same device secret.
**Service history** is saved locally so you can quickly regenerate passwords for known services.
### Export / Import
Transfer your device secret and service history to another device using an encrypted QR code, secured with Android device credentials (PIN/pattern/password).
## Security
- Screen content is protected with `FLAG_SECURE` (no screenshots, no recent apps preview)
- Master password is held as `CharArray` and wiped from memory immediately after derivation
- Device secret lives exclusively in Android Keystore-backed EncryptedSharedPreferences
- No network permissions; no data leaves the device
## Build
```bash
# Debug APK
./gradlew assembleDebug
# Install on connected device
./gradlew installDebug
# Unit tests
./gradlew test
# Lint
./gradlew lint
```
Release signing requires a `keystore.properties` file at the project root:
```
storeFile=<path to .jks>
storePassword=<password>
keyAlias=<alias>
keyPassword=<password>
```
## Tech Stack
- Kotlin + Jetpack Compose + Navigation Compose
- Material 3 with dynamic color (Android 12+)
- Argon2id via Bouncy Castle (`bcprov-jdk15on`)
- EncryptedSharedPreferences (`security-crypto`)
- QR export/import via ZXing
## License
GNU General Public License v3.0 — see [LICENSE](LICENSE).
Reference in New Issue View Git Blame Copy Permalink