Password storage, without the storage!
ZeroStore is a new kind of password manager. Instead of storing all of your passwords on your device and in the cloud, ZeroStore generates them when you need them.
You can use TouchID to authenticate and generate your passwords, or type in your master password each time. ZeroStore has an app extension too, so you can easily access it inside all your favorite web browsers! Just open the extension, use your Master Password or TouchID, and your service password is copied to your clipboard.
How does it work?
Passwords are generated based on a service name and a master password. The service name is unique, and therefore unique passwords are generated for each service.
Using your master password, a master key is derived in such a way that increases the difficulty of brute-force attacks. The service name is used as a salt, which prevents a pre-computed table of values being used across different users or domains.
The master key is then used as the key for a SHA256-HMAC of the service name. This ensures that generated passwords should have no detectable relationship with each other, and cannot be computed without knowing the master key.
The HMAC is then base64-encoded, truncated to given length, and used as the per-service password. This is designed to be compatible with as many services password requirements as possible.
This app is based on zerostore by joseph346: github.com/joseph346/zerostore. This project is open source, and was made with approval.
This is a proof-of-concept. I'm not a cryptography expert, and I only made this for fun and education. It should generate fairly secure passwords, however, use at your own risk.
It is currently difficult to use ZeroStore when a service require you to change your password. One option is to change your master password; however, this will change the passwords generated for all of your services. This is a known issue, and we are currently working on a solution.
Minor bug fixes and improvements
JUST KIDDING! Here are some real release notes:
Rome may not have been built in a day, but believe it or not, ZeroStore 1.0 was! There was plenty to fix and add for this release.
• A tutorial showing how to set up the App Extension in your browser.
• An "About" page.
• Native iPad support.
• A much improved layout when asking for your Master Password in a browser — it's prettier and works better on smaller screens.
• Generating your password now happens in the background, so ZeroStore won't lag or become unresponsive while the password is created (especially nice on older devices).
• Better error messages and warnings throughout the app.
• ZeroStore 1.0.1 is built with Swift 2 — but let's be honest, who cares about the programming language. The cool part is that it now uses bitcode, which means the app takes up less space on your phone!
• You can now type your password length in, because who likes picker wheels?!
• There was a bug that let you generate a password longer than 44 characters, but this causes a crash. That's now fixed!
We're working on a bigger 1.1 update that includes version management and some other nice features. Thanks for using ZeroStore!
Ratings and Reviews
I've been using this in beta and it's been amazing! I'm looking forward to using the official release.
With Family Sharing set up, up to six family members can use this app.