Question

PYTHON Exercise 3. Password locker. 1. You probably have accounts on many different websites. It’s a bad habit to use the same password for each of them because if any of those sites has a security breach, the hackers will learn the password to all of your other accounts. Develop a simple password manager software on your computer where you write the account name (blog, facebook, instagram, etc) as an argument and the password is copied to the clipboard. Then you can paste it into the website’s Password field. For example, if you execute this command line in your terminal: python3 ./pw.py instagram The password for Instagram (example: htS:D`t*hQH3]9"C) should be copied to the clipboard. 2. Add a second argument where is a master password. Only copy to the clipboard the password for the first argument if the master password is correct. (Note: (You don’t need to code this) Now your program is more secure than before, but it is still insecure because anyone could go to your source file and get the passwords. To be secure: - You should introduce your passwords through the command line arguments. - Once a password is introduced, encrypt them using a master password you only know (not in the source file, passed through the command line arguments) and store them in a file. - When you want to retrieve them, decrypt them using the master password. Then, it would be secure because no one can retrieve the passwords without the master password and the passwords are saved encrypted in the computer.)

Answer 1

Q1. Python code(Commented)

'''
Execute this script as follows:
>> python file_name.py website_name
'''
import pyperclip # library to copy password to clip board
import sys # library to read commandline argument

# dummy password dictionary
psswd_dict = {
   'website1':12345,
   'website2' :58946,
   'website3' :48955,
   'website4' :78493
}

# read the website to be used from commandline
choice = sys.argv[1]
password = psswd_dict[choice]

# copy the password to the clipboard
pyperclip.copy(str(password))
spam = pyperclip.paste()

#end of the program

Q2. Python code for password manager with master password

Script 1(To encrypt passwords of the websites)[To be used only once to encrypt the website passwords]

import base64
import os
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
from cryptography.fernet import Fernet

# dummy password dictionary
psswd_dict = {
   'web1':1234,
   'web2':5677,
   'web3':7896
}
psswd_list = ['web1','web2','web3']

# file to store the encrypted keys
file = open('key.key','wb')

# master password used for encryption
MASTER_PASSWORD = "Howdy"
password = MASTER_PASSWORD.encode()

# salt is cryptographically strong random number
salt = '\xc2h\xf9\xd3\xa9\xd4\xf0\x05V\x10`\rOE\xa9\xb1'
kdf = PBKDF2HMAC(
   algorithm = hashes.SHA256(),
   length = 32,
   salt = salt,
   iterations = 100000,
   backend = default_backend())
# generate the hashed for the MASTER_PASSWORD
key = base64.urlsafe_b64encode(kdf.derive(password))

#encrypt the passwords and save it to a file
f = Fernet(key)
for website in psswd_list:
   encoded = str(psswd_dict[website])
   encrypted = f.encrypt(encoded.encode())
   file.write(encrypted)
   file.write("\n")

Script 2(password manager program):

'''
Execute this script as follows:
>> python file_name.py website_name master_password
'''
import base64
import os
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
from cryptography.fernet import Fernet

import pyperclip # library to copy password to clip board
import sys # library to read commandline argument
import bcrypt # library to use bcrypt hash function

MASTER_PASSWORD = "Howdy"

# open the file to read the encrypted website keys
file = open('key.key','rb')

psswd_list = ['web1','web2','web3']

# list containing the encrypted password
file_list = file.readlines()

# read the website to be used from commandline
choice = sys.argv[1]

# same salt as before
salt = '\xc2h\xf9\xd3\xa9\xd4\xf0\x05V\x10`\rOE\xa9\xb1'
kdf = PBKDF2HMAC(
   algorithm = hashes.SHA256(),
   length = 32,
   salt = salt,
   iterations = 100000,
   backend = default_backend())

# read the master password
master_psswd = sys.argv[2]
password = master_psswd.encode()

if master_psswd==MASTER_PASSWORD:
   # decrypt message
   key = base64.urlsafe_b64encode(kdf.derive(password)) # generate key from master password
   f2 = Fernet(key)
   encrypted = file_list[psswd_list.index(choice)]
   # remove the /n
   encrypted = encrypted[:-1]
   decrypted = f2.decrypt(encrypted) # decrypt using the key
   original_msg = decrypted.decode()
  
   #copy to clip board
   pyperclip.copy(str(original_msg))
   spam = pyperclip.paste()  

else:
   print("master password incorrect")