Rust Cripto - Secure Password Manager

A secure, local, cross-platform password manager built in Rust with absolute focus on security, privacy, and resistance to sophisticated attacks. This application is designed to work completely offline, eliminating network-based risks and providing a robust solution for users handling sensitive information.

🔐 Security Features

Advanced Authentication

• Argon2id Algorithm: Uses the most secure key derivation function with random salt and multiple iterations
• Master Password Protection: Your master password derives a cryptographic key used for AES-GCM encryption
• Unique IV per Entry: Each password is protected with a unique initialization vector ensuring confidentiality and integrity

Anti-Social Engineering Protection

• Stealth Mode: Displays a generic interface until authentication is complete, making it difficult to identify the application's purpose in risky situations
• Fake Password: Unlocks a simulated environment with fictitious data, useful in cases of coercion or forced exposure
• Progressive Lockout: Imposes temporary penalties after multiple incorrect access attempts, hindering automated attacks

Data Integrity & Verification

• HMAC-SHA256 Digital Signatures: All files are digitally signed to detect any tampering immediately
• File Integrity Checks: Storage files are verified for integrity before loading
• Encrypted Access Logging: Logs access attempts with date, time, and login attempts without compromising user privacy

🏗️ Architecture

The project features a modular and extensible architecture, allowing for easy maintenance and evolution:

• Terminal Interface: Built with interactive menus using tui and crossterm crates
• Planned GUI Support: Future support for GUI with iced or egui
• Automatic Password Generation: Strong password generation with customizable parameters
• Smart Categorization: Organize passwords by service type (social media, banking, work, etc.)
• Intelligent Search: Search by name or category with fuzzy matching

🛡️ Security Auditing

The codebase is continuously audited with security tools:

• cargo-audit: Vulnerability scanning
• cargo-fuzz: Fuzz testing for edge cases
• clippy: Code quality and security best practices
• Automated Testing: Comprehensive test coverage for authentication, encryption, and persistence flows

🚀 Installation

Prerequisites

• Rust 1.70+ (latest stable recommended)
• Cargo package manager

Build from Source

git clone https://github.com/guicybercode/rust-cripto-manager
cd rust-cripto-manager
cargo build --release

Run the Application

cargo run --release

Command Line Options

# Stealth mode
cargo run --release -- --stealth

# With fake password
cargo run --release -- --fake-password "decoy_password"

📖 Usage

First Time Setup

1. Launch the application
2. Set your master password (minimum 8 characters with mixed case, numbers, and symbols)
3. Optionally set a fake password for decoy access
4. The application will create encrypted storage files in your home directory

Daily Usage

1. Enter your master password to unlock the vault
2. Use the interactive menu to:
   • Add new password entries
   • Search existing passwords
   • Generate strong passwords
   • Organize by categories
   • Export data (planned feature)

Security Best Practices

• Use a strong, unique master password
• Enable stealth mode in public environments
• Set up a fake password for high-risk situations
• Regularly backup your encrypted database
• Never share your master password

🔧 Configuration

The application stores configuration in ~/.rust_cripto/:

• config.json: Encrypted user configuration
• passwords.db: Encrypted password database
• access.log: Encrypted access logs

Environment Variables

• RUST_LOG: Set logging level (e.g., RUST_LOG=info)
• RUST_CRIPTO_DATA_DIR: Custom data directory path

🧪 Development

Running Tests

cargo test

Security Auditing

cargo audit
cargo fuzz run

Code Quality

cargo clippy
cargo fmt

Building Documentation

cargo doc --open

🔒 Security Considerations

What Makes This Secure

• Memory Safety: Rust's ownership system prevents common memory vulnerabilities
• Zero-Copy Operations: Sensitive data is handled with minimal memory exposure
• Automatic Cleanup: Memory is securely wiped when no longer needed
• Offline Operation: No network dependencies eliminate remote attack vectors
• Open Source: Full transparency allows security auditing

Threat Model

This password manager is designed to protect against:

• ✅ Brute force attacks on master password
• ✅ Rainbow table attacks
• ✅ Memory dumps and forensic analysis
• ✅ Social engineering and coercion
• ✅ File tampering and data corruption
• ✅ Automated password cracking tools

Limitations

• Requires physical access to the device for initial setup
• No cloud synchronization (by design)
• No multi-device access without manual transfer
• No password sharing features

🤝 Contributing

We welcome contributions! Please see our contributing guidelines:

1. Fork the repository
2. Create a feature branch
3. Make your changes with tests
4. Run security audits
5. Submit a pull request

Security Reporting

For security vulnerabilities, please email security@rustcripto.dev (replace with actual contact)

📄 License

This project is licensed under the MIT License - see the LICENSE file for details.

🙏 Acknowledgments

• Argon2 team for the secure key derivation algorithm
• Rust Cryptography community for excellent crypto crates
• Security researchers who have contributed to password manager security best practices

📚 Resources

• OWASP Password Storage Cheat Sheet
• NIST Password Guidelines
• Argon2 Specification
• AES-GCM Security

🆘 Support

• Documentation: Wiki
• Issues: GitHub Issues
• Discussions: GitHub Discussions

---

⚠️ Important Security Notice: This software is designed for security-conscious users. Always verify the integrity of downloaded binaries and consider building from source for maximum security assurance.

🔐 Remember: Your security is only as strong as your master password. Choose wisely and never reuse it elsewhere.