Hi, building on what a lot of other commenters have said, there are some major improvements you should consider:
* Do not use plain SHA-256. Use a KDF, like PBKDF, bcrypt or scrypt.
* There must be some efficient method by which I can re-issue compromised passwords.
* For convenience, allow me to have different character sets for different sites, and different lengths.
* Make the default to be going directly into my clipboard.
* A way to recover from the compromise of the master passphrase
The way I would do this is to have a small file, detailing, for each door_id:
* Random seed. The is effectively a version number. Change this, and get a new password for only that door_id.
* Character set
* Length
This file, although not advisable, is not enough to break the other passwords generated. Given a strong enough passphrase (I'd say... a 5 or 6 word diceware password), it can be synced to all sorts of places, kept on a USB stick, etc.
I cannot, off the top of my head see any way to re-issue the master passphrase effectively.
As it stands, I could not, in good conscience recommend anyone use pastor as it stands. Although a few, relatively minor, modifications, could make it quite an interesting tool.
Using a file on disk to keep track of version numbers, lengths, and character sets seems quite extreme, given the aim is to remove the need for files on disk!
Perhaps some other way of keeping track of these, without the user needing to remember them could be devised?
I cannot, off the top of my head see any way to re-issue the master passphrase effectively.
As it stands, I could not, in good conscience recommend anyone use pastor as it stands. Although a few, relatively minor, modifications, could make it quite an interesting tool.
Using a file on disk to keep track of version numbers, lengths, and character sets seems quite extreme, given the aim is to remove the need for files on disk!
Perhaps some other way of keeping track of these, without the user needing to remember them could be devised?