Steganography password manager | Rust Programming Language Community | Page 1

devout prawn Aug 22, 2024, 9:04 AM

#

Hello! I was experimenting with steganography and stumbled into the idea of a password manager based on steganography.

If someone has any feedback or suggestions I would be happy to hear!

https://github.com/arsquid/shades/

GitHub

GitHub - Arsquid/shades: A simple and lightweight command-line steg...

A simple and lightweight command-line steganography-based password manager built in Rust. - Arsquid/shades

main hound Aug 22, 2024, 11:52 PM

#

Just on your choice of cryptography - sha256 is not really suitable for password hashing, rather choose argon2. Next for encryption you should avoid using raw AES-CBC as it's not authenticated (malleable) and so can be decrypted locally via padding oracle without knowing the key. You should instead use AES-GCM.

devout prawn Aug 23, 2024, 5:31 PM

#

Thank you for the feedback!
I have updated the code to use aes-gcm and argon2
🙂

#Steganography password manager