TresorLib – a deterministic password generator library for .net
Tresor is a .net library (.net 4/netstandard 1.3 or newer) to generate passwords in a deterministic way, that is, the same inputs will yield the same outputs, but from simple inputs (Like the service name twitter
and the passphrase I'm the best 17-year old ever.
) you will get a strong password like c<q_!^~,'.KTbPV=9^mU
.
This helps with the behavior of using the same passphrase for multiple sites, but is also not reliant on a password vault that you don't always tend to have with you (e.g., because it's a file on your computer and you're on the road) or requires you to trust a cloud-service to securely keep your data.
Internet Websites get compromised all the time - so frequently that haveibeenpwned.com has been created for people to get notified whenever their email address shows up in a data breach. Troy Hunt has an amazing blog about web security issues and breaches, and explains why you should use a Password Manager.
Tresor is a port of Vault by James Coglan to .net. When I first discovered Vault, it immediately checked the boxes I was looking for: It works everywhere as long as I have internet access, but it doesn't store any data that can be compromised. All I need to do is remember the service name and settings, and voila, there's my password without having to store it in yet another online database that can be compromised.
For more information about Vault, check the FAQ on https://getvau.lt/faq.html.
Please note that this port is not endorsed or in any way associated with James Coglan.
TresorLib has been published to Nuget, and the source code is available on GitHub. It is licensed under the GNU General Public License Version 3 (GPLv3).
Example usage:
var service = "twitter"; var phrase = "I'm the best 17-year old ever."; var password = Tresor.GeneratePassword(service, phrase, TresorConfig.Default); // password => c;q- q}+&,KTbPVn9]mh
For more usage information and documentation, check the Readme in the GitHub repository.