-
Notifications
You must be signed in to change notification settings - Fork 14
Password generation (legacy)
Note: Dynamic password generation was available up to PfP 2.x. Starting with PfP 3.0, all passwords are stored in the database and no longer generated dynamically.
When generating a password, PfP will first derive some data from the master password (converted to UTF-8). The derivation algorithm depends on PasswordInfo.type value:
- For
generated2, derivation algorithm is scrypt(N=32768, r=8, p=1). - For
generated(legacy EasyPasswords 1.x password), derivation algorithm is PBKDF2-HMAC-SHA1 with 262,144 iterations. As of PfP 2.2, this derivation algorithm is no longer supported.
The number of bytes to be derived is determined by the PasswordInfo.length value. The salt is composed from the following PasswordInfo values:
- PasswordInfo.site
- PasswordInfo.name
- PasswordInfo.revision (optional, only if set)
These values are converted to UTF-8 and concatenated with NUL characters to build the salt.
The following PasswordInfo values will enable character sets to be used for the password:
| Flag | Character set |
|---|---|
| PasswordInfo.lower | abcdefghjkmnpqrstuvwxyz |
| PasswordInfo.upper | ABCDEFGHJKMNPQRSTUVWXYZ |
| PasswordInfo.number | 23456789 |
| PasswordInfo.symbol | !#$%&()*+,-./:;<=>?@[]^_{ |
Note: Some characters have been removed to avoid ambiguities in case passwords are printed out.
For each byte in the data, the potential character sets are concatenated in the order given in the table above. Potential character sets are normally all character sets enabled for this password. However, if the number of bytes left is equal to number of yet unused character sets, only the unused character sets will be considered. A character is then selected by its position in the concatenated potential character sets using the numerical byte value modulo total number of potential characters.