thePR0M3TH3AN/seedPass
1
0
Fork 0
mirror of https://github.com/PR0M3TH3AN/SeedPass.git synced 2025-09-09 15:58:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add Argon2 key derivation option

Browse Source
This commit is contained in:
thePR0M3TH3AN
2025-07-13 12:24:10 -04:00
parent 37d4cc260d
commit f86067c1d8
9 changed files with 158 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/password_manager/config_manager.py
View File

@@ -45,6 +45,7 @@ class ConfigManager:
"password_hash": "",
"inactivity_timeout": INACTIVITY_TIMEOUT,
"kdf_iterations": 100_000,
"kdf_mode": "pbkdf2",
"additional_backup_path": "",
"backup_interval": 0,
"secret_mode_enabled": False,
@@ -60,6 +61,7 @@ class ConfigManager:
data.setdefault("password_hash", "")
data.setdefault("inactivity_timeout", INACTIVITY_TIMEOUT)
data.setdefault("kdf_iterations", 100_000)
data.setdefault("kdf_mode", "pbkdf2")
data.setdefault("additional_backup_path", "")
data.setdefault("backup_interval", 0)
data.setdefault("secret_mode_enabled", False)
@@ -155,6 +157,19 @@ class ConfigManager:
config = self.load_config(require_pin=False)
return int(config.get("kdf_iterations", 100_000))
def set_kdf_mode(self, mode: str) -> None:
"""Persist the key derivation function mode."""
if mode not in ("pbkdf2", "argon2"):
raise ValueError("kdf_mode must be 'pbkdf2' or 'argon2'")
config = self.load_config(require_pin=False)
config["kdf_mode"] = mode
self.save_config(config)
def get_kdf_mode(self) -> str:
"""Retrieve the configured key derivation function."""
config = self.load_config(require_pin=False)
return config.get("kdf_mode", "pbkdf2")
def set_additional_backup_path(self, path: Optional[str]) -> None:
"""Persist an optional additional backup path in the config."""
config = self.load_config(require_pin=False)

21
src/password_manager/manager.py
View File

@@ -35,6 +35,7 @@ from password_manager.entry_types import EntryType
from utils.key_derivation import (
derive_key_from_parent_seed,
derive_key_from_password,
derive_key_from_password_argon2,
derive_index_key,
EncryptionMode,
)
@@ -387,13 +388,21 @@ class PasswordManager:
if password is None:
password = prompt_existing_password("Enter your master password: ")
mode = (
self.config_manager.get_kdf_mode()
if getattr(self, "config_manager", None)
else "pbkdf2"
)
iterations = (
self.config_manager.get_kdf_iterations()
if getattr(self, "config_manager", None)
else 100_000
)
print("Deriving key...")
seed_key = derive_key_from_password(password, iterations=iterations)
if mode == "argon2":
seed_key = derive_key_from_password_argon2(password)
else:
seed_key = derive_key_from_password(password, iterations=iterations)
seed_mgr = EncryptionManager(seed_key, fingerprint_dir)
print("Decrypting seed...")
try:
@@ -448,12 +457,20 @@ class PasswordManager:
password = prompt_existing_password("Enter your master password: ")
try:
mode = (
self.config_manager.get_kdf_mode()
if getattr(self, "config_manager", None)
else "pbkdf2"
)
iterations = (
self.config_manager.get_kdf_iterations()
if getattr(self, "config_manager", None)
else 100_000
)
seed_key = derive_key_from_password(password, iterations=iterations)
if mode == "argon2":
seed_key = derive_key_from_password_argon2(password)
else:
seed_key = derive_key_from_password(password, iterations=iterations)
seed_mgr = EncryptionManager(seed_key, fingerprint_dir)
self.parent_seed = seed_mgr.decrypt_parent_seed()
seed_bytes = Bip39SeedGenerator(self.parent_seed).Generate()