PALPAS
PasswordLess Password Synchronization

Properties

Password synchronization between devices is typically based on storing the encrypted passwords on a central server. Such a server may be subject to unauthorized access which can lead to the disclosure of all passwords by an offline brute-force attack.

PALPAS is a novel password tool that creates strong, service-specific passwords and synchronizes them between your devices via a central synchronization server. However, PALPAS does not store or use any passwords on the synchronization server and is therefore not vulnerable to phishing attacks or security breaches.

Secure Password Generation

PALPAS creates a strong password for each service that automatically complies with the password requirements of the service.

Passwordless Synchronization

PALPAS synchronizes all your passwords between your devices but does not store a single password on the synchronization server.

Passwordless Authentication

The PALPAS synchronization server uses public-key cryptography instead of username and password to authenticate users.

Documentation

The central idea of PALPAS is to generate a password from a high entropy secret which is shared by all user devices and a random salt value for each service. PALPAS only stores the salt values on the synchronization server but not the secret. The salt enables the user devices to generate the same password but is statistically independent of the password. In order to generate passwords in accordance with the different password requirements of the services, PALPAS uses password policies. PALPAS users need to only memorize a single password and the setup of PALPAS on a further device demands only a one-time transfer of few static data.

Research Paper

A detailed research paper presenting PALPAS is available at arXiv.

Presentation

Coming soon.

Sources

The sources of PALPAS are available soon.

THIS IS EXPERIMENTAL SOFTWARE. USE AT YOUR OWN RISK.

Desktop

Use PALPAS on your Windows, Linux, or Mac.

Mobile

Use PALPAS on your Android phone.

Server

Run your own PALPAS server or use ours.

Contact

Moritz Horsch

Technische Universit├Ąt Darmstadt

Hochschulstra├če 10

64289 Darmstadt

info@palpas.info