My Security Package, and Why it Matters

Image source here

As of Saturday June 24th, 2017 I have decided to create an open source security package that works to allow for people to have a more secure interaction on the web. Now for you steemians out there, you know your password is a randomly generated mess that would take millions of years to brute force with todays technology but the question comes to how many passwords of yours are like that? So my security package will contain a few things that will be beneficial to people.

PassGen

PassGen is my password generating software that will generate a random password between a set minimum length and a set maximum. Right now the functionality is limited but I have hopes for it. 

Plans for PassGen

1. Create a GUI for it in python so that the source code is portable, using default libraries.
2. Allow for more password generation options such as password seeds and even a password upgrader where it will take the old password and make it more secure, this still wont be as secure as a completely random password.
3. Custom character sets that you can choose to allow or disallow
4. Add a security slider to change the level of security (higher security means higher diversity meaning more random and harder to guess)
5. Potentially add a brute force estimation timer but this is something that may not get implemented.

One feature that will come with me creating a graphical interface for this would be the ability to add a dictionary and have a dictionary based password with higher or lower security settings.

At the moment, this project is on my github page and as of me posting this steemit post it is the only one but I have another one being made and planned at the moment that should be uploaded by tomorrow.

Password Encryptor

Password Encryptor is a program that will encrypt a entire textfile with OTP encryption. The encrypted file will have a new, and custom, file format extension based upon the user. An example of this would be if your computer name/profile name was Bob then the format could become .benc and this would prevent common malware/ransomware to even identify the files. Now the program would encrypt/decrypt a file using a algorithm that is seeded by the password itself meaning the decryption process would be invulnerable to generic brute force attacks (as it would not be the same if they tried to re-encrypt the data with the same string) and it would be invulnerable to buffer overflow exploits. 

This program will also have both a graphical and command line based version and would have a redundancy built in to the program to allow for multiple tries before corrupting the file then deleting it, if the user so wished. Another feature built in would be low security mode that will allow for simple passwords to be used and unlimited attempts to decrypt, this of coarse would have to be set up when a person encrypts the file.

The following are more planned features that I wont flush out too much.

1. Single password decryption (you can choose to decrypt the whole file or only a single password)
2. multi-password encryption (allowing you to encrypt a file with multiple passwords without fear of redundancy)
3. More to come as I haven't thought as much about this one.

What else is in this security package?

Right now those are the only things that I have programmed but I have plans for a few other things that could work well in it.

1. A wifi security checker: will do a few diagnostic tests to determine potential risks of accessing that wifi network (example is P2P)
2. A sniffer to determine if certain vulnerable machines exist on a network (windows xp)
3. More coming

Okay so what is the point of this? All of this has been done before and I do not see why it is important.

You are right, all of this has been done before but I have never programmed it. I have been interested in aspects of software security since I started programming and as such I decided to create a project where I can create a bunch of of these programs and learn how they were made so that I have the experience. I do not want to be the person that sits back with no understanding of how things work and just sit idly by, I like knowing how and why things work the way they do and in return I could learn a powerful lesson in security research. 

If you are interested in software security, then why is this programmed in python? Python 2.7 at that!

So my first language I learned was C++ (I know the standards of C++11 and am learning the C++14 standards) and with that I learned many things about memory management and low level exploitation but the problem with C++ is it has low portability as networking libraries are not standardized, nor are graphical libraries. Python has the advantage of the portability as these libraries are standardized and python is generally more widespread amongst younger programmers than C++. Now as for python 2.7 verses python 3.X, there is almost no reason for that except that there is still a lot of hesitation for people to move to python 3 from those that I talk to (even though its been out for years) and my goal is to have the project be as accessible as possible. The second big reason for python 2.7 versus python 3 is that I have started to learn python in the past 3 weeks and my book on python is for 2.7 so the entire time I do this project I am  actually learning python as well.

So if this project is for you then why post about it?

Because most software development positions that I have looked at locally require someone to have experience with programming solo and in a team. While group coding over github may not be the best 'teamwork' strategy that they may look for, it will still put it into perspective for what it will be like if I ever continue with software in the future. The other part is a lot of the penetration testing places nearby have a request that the person has an understanding of github and experience with multiple operating systems (primarily Mac OSX, Windows (XP through 10), Ubuntu 12.01+, Mint Betsy+) and even though I will have limited work with multiple OS here, it will still allow me to dip my toe into the waters and see what it is like. The biggest reason why this matters though is because this will be my raining, my portfolio, to becoming a white hat as security is something that you generally want more people in your corner with.

What I want from you?

Suggestions would be nice, as I said I am relatively new to python so some things are a little strange to me. Any tips on how to do things better or features to add would be cool, especially if you suggest a feature and give a tip on how to implement it. Something else would be if someone, aside from myself, could test out the software and attempt to find bugs. If you don't want to do any of that then there is another option and that is making the internet more secure by keeping yourself more secure. 

The project will remain open source on github and I may remake some of the projects in other languages if I can keep the portability up and increase the speed of the program. This project is for learning purposes and if you would like to learn with me then go ahead and check it out. the github repository link is here or copy and paste this link here: https://github.com/kryzsec/Kryzsec-Security-Package

Thank you for reading

Sincerely, 

Kryzsec

Brodie