Motivation
I’m a software engineer with over 35 years of professional software development experience. SamuraiSafe was written to satisfy two goals: I was using a Java based password manager (Password Safe) which, whilst adequate, had some security issues, as the entire password file was decrypted and stored in memory whilst in use. It was also slightly slow and clunky being a non-native macOS application.
My second goal was to learn Objective-C, Cocoa, Appkit (macOS) and UIKit (iOS).
SamuraiSafe is the result of satisfying those goals, whilst being a practical tool.
I limited the scope to essential features, and maximised the use of standard frameworks: • Binary (Atomic) Core Data is used for storage. Passwords and password entry data is only decrypted when required, to limit exposure of cleartext in memory.
• Data stored in SamuraiSafe is encrypted using the AES algorithm with a 256 bit key. Each element (i.e. every group, password entry or password) is separately encrypted and includes a secure hash (HMAC), so corruption of encrypted data is detected, and any such corruption has limited effect. The core encryption code is published here: https://github.com/michaelrourke/EncryptedCoreData
• iCloud can be used to synchronise between macOS and iOS instances. Surprisingly Apple don’t make sharing of Core Data documents over iCloud between iOS and Mac easy (NSPersistentDocument on Mac doesn’t directly support iCloud unlike UIManagedDocument on iOS).
I have added some simple features based upon feedback and my own experience, however the keep it simple philosophy remains. See the design.samarama.net for discussion of some common convenience features of password managers (e.g. web browser plugins) and their problems.
Everyone needs a password manager. And it shouldn't be necessary to buy one. So I hope you find this useful. Any feedback or suggestions are appreciated.
—Michael