A local, desktop-based password manager built with Python and Tkinter. This application securely stores user credentials using industry-standard AES encryption and handles user authentication via PBKDF2 key derivation.
- Secure Authentication: User login is verified using SHA-256 hashing. The master password is never stored in plain text.
- AES-128 Encryption: All stored passwords (in the vault) are encrypted using Fernet (AES-128 in CBC mode).
- Salted Hashing: Uses a unique, randomly generated salt for every user to prevent rainbow table attacks.
- CRUD Functionality: Users can Create, Read, and Delete passwords from their local vault. (Updating coming soon)
- Password Strength Checker: Built-in regex validation ensures the Master Password meets security complexity standards.
- Local Storage: Data is persisted locally using SQLite.
- Language: Python 3.13.3
- GUI: Tkinter
- Database: SQLite3
- Cryptography:
cryptographylibrary (Fernet, PBKDF2HMAC)
-
Clone the repository
- git clone https://github.com/DarkCheese63/Password-Manager.git
- cd password-manager
-
Install Dependencies
- This project requires the
cryptographylibrary. - pip install cryptography
- This project requires the
-
Run the Application
- python password_manager.py
-
First Run:
- The app will detect that no database exists.
- You will be prompted to create a Master Password.
- Note: If you lose this password, your data cannot be recovered (as per secure design principles).
This application employs a "Trust No One" architecture regarding the database file:
- Master Password: When a user registers, a random 16-byte salt is generated. The password + salt are run through PBKDF2-HMAC-SHA256 (600,000 iterations) to derive a 32-byte key.
- Verification: Only the Hash and the Salt are stored in the
master_passwordtable. - Vault Encryption: When the user logs in successfully, the derived key is loaded into memory and used to encrypt/decrypt entries in the
password_vaulttable using*Fernet (AES).
