[APP] Magic Keys: password generator and manager

[jm38]

Hello!

I would like to present you an application I've wrote that is both a random password generator and a password manager. Hum I already see a few eyebrows raising, security and password management is too sensitive to trust a new application! Please keep reading

Magic keys mixes together 2 keys you choose and generate a random password from those inputs.
Choose easy to remember keys and you can regenerate the same password any time you need it. Password are not saved locally or in the cloud. Magic keys does not request any permission at all.


Let's say Paul wants to generate a password for his gmail account. Instead of using his pet name (so easy to crack!) he can simply choose rocky and gmail as his keys, and magic keys will generate something like ft3G#8m( .
If paul enters again tomorrow rocky and gmail he will get again the same password.

The application password generation algorithm is phone dependant so that someone entering the same keys on another phone will not get Paul's password.

Let me know your comments about the application.

Application link on the playstore:
free : https://forums.androidcentral.com/e...t.in.chartreuse.magickeys.demo&token=SjgY0Xch
paid: https://forums.androidcentral.com/e...t.in.chartreuse.magickeys.full&token=x08L_dEP

New The application is now supported on PC as a chrome extension. See the installation steps here: http://soft-in-chartreuse.blogspot.fr/p/magic-keys-for-chrome-en.html


A few snapshots:

 

[Raptor007]

Sounds intriguing.

 

[fin3than]

Nice app !

 

[jm38]

Hi Raptor!

The idea for the application came from the fact that I tried several times to explain my dad that he shall not use the same password everywhere and he always fails to remember any random enough to be safe password. Plus at work I'm asked to change my password every 6 months or so and after I while I went out of ideas to invent random enough password that I could remember.
I've read in several forum that there are plenty of password managers that are not so safe (appart from the really big players) because of weak local encryption of passwords or easy to hack communication to cloud storage.

My app does not store any thing so no risk of sensible information evasion.
Cheers.

 

[FishenFool]

So why is the free version not available in my country?

Sent from my SAMSUNG-SGH-I337 using Tapatalk

 

[jm38]

Hello FishenFool,
Thx for pointing this! It is an error! I did not select all countries for free version.
It should be fixed now.:-[
Please reply if you still do not see the application
jm

 

[jm38]

Hello,
Coud any one from the north america reading this post confirm that you see 2 applications when following this link?

https://play.google.com/store/apps/developer?id=SoftInChartreuse

Suprisingly enough I do not see any us/english user of my application in the playstore statistics.
Thx!

 

[FishenFool]

See 2 applications.

Sent from my SAMSUNG-SGH-I337 using Tapatalk

 

[Cat_tilda]

Good idea. Simple words are easily to memorize. App generates strong password from them.
I don’t trust password managers keeping data in cloud or inside phone. Neville Longbottom in “The Prisoner of Azkaban” liked to write passwords on paper sheet and - what kind of result he got? A couple questions. What is the length generated password? Is it possible to manage password parameters?

 

[jm38]

Hello Cat_tilda
Thanks for your comment.

Password generated lenght is configurable (up to 32 characters) in the paid version and fixed to 8 characters in the free version.
You can edit the generated password if you want to have even more customization, like appending a character or number.

I'm not sure what you mean by password parameters but when you generate a password you can choose the combination of characters it might contain in the following list : upper case, lower cases, digit, symbols.

 

[jm38]

Hello all,
The application now works on PC thanks to ARC welder for Chrome. I guess most of you have heard about this extension that allows to run Android native application on a PC in chrome browser. If not you can have a look here for how to use it for your favorite android app. (still in beta). https://developer.chrome.com/apps/getstarted_arc

Here is how this looks like:
View attachment 177825

If you want to give it a try, follow the steps presented here (it's free!)
Soft In Chartreuse: Magic keys for chrome (en)

 

[ragdefalcis]

Nice app, but how do you manage when a user forgot the two keywords? I mean that happen right?

 

[jm38]

Hello, if you forget or miss type one of your keys, magic keys does not do any thing specific as it does not store any thing. From the 2 keys you enter magic keys generates a password. If you do not enter exactly the same keys each time you will not get exactly the same password each time. Let's say you want to generate a secure password for Android central and you choose to use "ragdefalcis" and "androidcentral" as your keys. You use magic keys that generates say "aht81)fu/". You configure your androidcentral account for this new safe password.
Few days later you want to login and instead of entering "ragdefalcis" and "androidcentral" you enter "ragdelfalcis" and "mobilenations". You will just get a completely different password from magic keys like "jdosb52dj". Magic Keys will not tell you this are not the original keys because it does not remember any thing you entered previously. This is mainly the reason it is safer than other keyword managers. Nothing is save.
Cheers.

 

[jm38]

Hello. Lastpass just announced they might have been hacked. https://blog.lastpass.com/fr/2015/06/lastpass-security-notice.html/

Might be a good incentive to give magic keys a try! ;-)

 

[KamCho]

Hello,

I'm very interested how it works . I mean that password is every time the same. I'm quite a programming geek and I would be very tankful if you could shortly describe the algorithm behind it. If you want of course.

 

[jm38]

Hello KamCho,
Here is how the algorithm works. Please don't copy it ;-)

It generates a look up table (lut[]) of usable characters to generate the password based on user selected character set (like digits only, digit + symbols,....).
Then the trick is to select one of those possible character per password character position.

Let's say you the user enters key1[] and key2[].

What the algo does is something like this password = Lut[F(key1, key2),i]
where password is the i-th password character
key1 is the i-th character from key1
key2 is the i-th character from key2
The function F has the following properties F(a,b,i) = F (b,a,i). (so that you can invert key1 and key2).
F generates an index to be used in the Lut

F does some simple math calculation on ascii value and positions (i) of of characters to generate an index.
a simple F function could be for instance F(a,b,i) = ascci(a) + ascii(b) + i

 

[KamCho]

Thank you very much . Don't worry. I will not copy it. I wanted to know just because of curiosity . Nice idea btw.

 

[onlinewolves]

Wow! Interesting solution. However it seems to be a kind of reminder for one single password, right?

 

[jm38]

Hello,
No the application can work for as many passwords as you like, it is just a matter of choosing easy enough for you to remember "keys" per password.
Like for androidcentral you could simply choose "onlinewolves" and androidcentral. You will get a specific random password for those 2 keys.

 

[sur04sep]

Looks very useful but my only worry is lack of some master backup i.e if ever company/app is shutdown in the event of phone upgrade or bug in the app all my passwords will be gone.Is there something like super/local recovery?