You are using an outdated browser. Please upgrade your browser to improve your experience.
ZeroStore - password storage, without the storage

Password storage, without the storage

Password storage, without the storage

ZeroStore - password storage, without the storage

by Kyle Bashour
ZeroStore - password storage, without the storage
ZeroStore - password storage, without the storage
ZeroStore - password storage, without the storage

What is it about?

Password storage, without the storage!

ZeroStore - password storage, without the storage

App Details

Version
1.0.1
Rating
NA
Size
14Mb
Genre
Utilities
Last updated
September 20, 2015
Release date
September 12, 2015
More info

App Screenshots

ZeroStore - password storage, without the storage screenshot-0
ZeroStore - password storage, without the storage screenshot-1
ZeroStore - password storage, without the storage screenshot-2
ZeroStore - password storage, without the storage screenshot-3

App Store Description

Password storage, without the storage!

ZeroStore is a new kind of password manager. Instead of storing all of your passwords on your device and in the cloud, ZeroStore generates them when you need them.

You can use TouchID to authenticate and generate your passwords, or type in your master password each time. ZeroStore has an app extension too, so you can easily access it inside all your favorite web browsers! Just open the extension, use your Master Password or TouchID, and your service password is copied to your clipboard.

---

How does it work?

Passwords are generated based on a service name and a master password. The service name is unique, and therefore unique passwords are generated for each service.

Using your master password, a master key is derived in such a way that increases the difficulty of brute-force attacks. The service name is used as a salt, which prevents a pre-computed table of values being used across different users or domains.

The master key is then used as the key for a SHA256-HMAC of the service name. This ensures that generated passwords should have no detectable relationship with each other, and cannot be computed without knowing the master key.

The HMAC is then base64-encoded, truncated to given length, and used as the per-service password. This is designed to be compatible with as many services password requirements as possible.

This app is based on zerostore by joseph346: github.com/joseph346/zerostore. This project is open source, and was made with approval.

---

DISCLAIMER:

This is a proof-of-concept. I'm not a cryptography expert, and I only made this for fun and education. It should generate fairly secure passwords, however, use at your own risk.

---

Known Issues:

It is currently difficult to use ZeroStore when a service require you to change your password. One option is to change your master password; however, this will change the passwords generated for all of your services. This is a known issue, and we are currently working on a solution.

Disclaimer:
AppAdvice does not own this application and only provides images and links contained in the iTunes Search API, to help our users find the best apps to download. If you are the developer of this app and would like your information removed, please send a request to takedown@appadvice.com and your information will be removed.