Learning while building a basic password manager
(my goal and approach)
Recently, i started working on a password manager (which uses hybrid encryption).
The goal: Make a password manager in cpp which stores your password in an encrypted format in an executable file on your system but when you open the file, the contents should seem gibberish.
The approach: Use an irreversible hashing function to store a common passkey in the file. Encrypt the username and password (which is different from the common passkey) of an application (let's say github) using the common passkey and store it. So, the common passkey is not stored directly stored in the file.
Now every time you run the program, it will open the file, ask for the common passkey, hash it and match with the saved hash, if correct, decrypt the username and password stored and display it.
Let's begin building
When i started building it, i developed a logic with a pen and paper. It was supposed to be really simple and easy.
Few bugs and a feature?
(discovering a weird feature and reporting my first issue on github)
I recently learned about VIM and started using it as by go to IDE, so i needed to get accustomed to the shortcuts.
I use WSL2 with zsh and ohmyzsh! framework.
Now, if you don't know, all the terminals do not add a new line when a command execution ends. So if your code contains cout<<"bye"; at the end, it will print "bye" and the prompt for the next command will continue from the same line (which is annoying to be honest). And this is the case with most of the terminals (PowerShell, BASH, Cygwin terminal, etc.).
But not zsh. They add a new line to the output by default and move the prompt to a new line, but they add a % at the end of the output to indicate it.
At first, i thought it was due to a bug on my program. And when i was discussing this with someone they said, "Oh, its cause you didn't add the new line, try cout<<"bye"<<endl;". And it worked. Then on doing some research i found out that's a feature of zsh, thanks to an old ass reddit post.
When you are using something new, you tend to explore it right and observe every small thing related to them. Well that is exactly what was happened with me.
When my code base started to get big, and whenever i needed to refer a part of the code, it was very annoying to scroll things so stated using tmux with multiple panes.
Now with this beautiful set up, i fired up VIM and started working on the project but i noticed few bugs with VIM related to line wrapping. And when i searched if such issue has been reported in the past, i visited VIM's github page and searched for the keywords related to the bug. I did not find any issue reported regarding this. So i successfully reported an issue on github.
Uhg! Library's
Another problem which i faced was finding a suitable library for hashing. I tried many library's from github which promised to deliver the hashing i require, but either they were fake or the documentation was really shitty (even for popular libraries like cryptoPP).
(The following method is used only when i'm desperate) I even asked Gemini and ChatGPT 3.5.
But in vain.
And now, i will try bcrypt and see.
Also, the cpp file handling documentation is shitty everywhere. Which is really unfortunate. When i wanted to know how to move my cursor back to the start of the file didn't get many successful results from brave/google search engines. Or maybe i'm dumb and don't know how to search.
Time waste or investment?
To encrypt the data, i used a method in which i take a character from the common passkey and the username/password and perform a operation involving the ASCII code of the characters.
I realized that not all the characters corresponding to a number in the ASCII series can be simply printed.
So the printable ASCII codes are in the range (32-127). So, the value of whatever function i use for the characters of the common passkey and the username/password must give a number between 32-127. For which the best function i could think of was taking the average of the ASCII value.
This idea took a long time to come in my mind. You may think of some other idea but remember you need to know how to back-track also as you will be to decrypt the text while retrieving the data later.
Phew! Must have been one heck of a read
@San