SYP is a password manager that doesn't store your passwords – instead, it (re)generates them on demand. It is implemented as a webapp that runs entirely in your browser since it does not require a server-side storage backend.
- Open SYP.
- Enter a master password.
- Add a first login, e.g.
john.doe@example.com. - Click on the newly added login to generate the password.
- Bookmark the URL to be able to regenerate your passwords (see What's in a URL?).
- Send the URL to all your devices so you can generate your passwords on them too!
Notice that the URL will contain a few parameters, for example:
https://curiousleo.github.io/syp/#N=16384&r=8&p=1&salt=0063b3028795b083f30780f871d70b52
N, r and p are passed on to the Scrypt algorithm which is used for generating the passwords. They are set to the recommended values for interactive logins.
The salt parameter is passed to the password generator too. A random salt is generated when you visit the webapp. In order to regenerate your passwords, you must use the same salt (and the same Scrypt parameters) every time.
SYP's password generation algorithm takes an alphabet, the desired password length, the master password, a login identifier, the salt and parameters for Scrypt (N, p, r). It then treats the output of successive calls to the Scrypt function with increasing length (L) argument as an infinite stream from which the actual password is extracted.
In Haskell-like pseudocode, this works roughly as follows:
scrypted :: String -> Salt -> Int -> Int -> Int -> [Word8]
scrypted pwd salt n p r = scrypted' 2 where
scrypted' len = scrypt pwd' salt' n p r len : drop len $ scrypted' (len * 2)
pwd' = fromString pwd :: [Word8]
salt' = fromSalt salt :: [Word8]
password :: [a] -> Int -> String -> String -> Salt -> Int -> Int -> Int -> [a]
password alphabet len master login salt n p r =
take len $ map (alphabet !!) $ filter (< k) $ map (`div` d) stream
where
k = length alphabet
d = 255 `div` k
pwd = master ++ login
stream = scrypted pwd salt n p r