Determino

once.REST

Download on the Mac App Store
MacOS DMG, ZIP

Completely stateless generator

For geeks and hackers

Determino is an attempt to create the simplest and most secure application capable of creating passwords using pure discrete mathematics. It is a stateless generator, meaning that for every given set of input options it will always generate exactly the same password collection. However, for additional security Determino supports private key files of an arbitrary type and size.

How does it work?

History

The idea of deterministic password generators dates back to the 80s of the last century and is related to computer games, where the user environment was created using a pseudo-random number generator initialized with a given identifier.

Nowadays, deterministic password managers are not very common due to their limited functionality and lack of user friendliness. However, for certain classes of tasks, these utilities are superior to classic managers and password generators.

Pros and cons

+

  1. Doesn't hold database of existing accounts.
  2. Leaves no usage trace or event log2.
  3. Requires no storage or a syncing process1.
  4. Requires no authentication, service account registration or Internet availability in general2.

-

  1. Doesn't hold database of existing accounts.
  2. User cannot define specific password policies1 or patterns.
  3. Complicated1 revocation procedure of exposed passwords.
  4. Revocation of master password or a private key requires update of all previously generated passwords.
  5. No ability to store existing passwords or secrets.
  6. Exposure of master password may have severe consequences.

1. Excluding the optional secure bookmark feature in Pro version of this application.
2. Even when secure bookmark feature is engaged.



Usage Examples

Despite the fact that the disadvantages of the presented scheme outweigh its advantages, Determino can still be used even by novice users.

Quick password

Determino can be useful if the user does not have access to his classic password manager at the moment, but wants to sign up for some service that he plans to use later.

If the user for some reason does not want to add specific records to his password manager or if he does not use it at all, having a small number of accounts or passwords.

Booster

This application can be used in conjunction with the classic password manager, when the stored password acts as a master password or a service name for further generation of the final resulting password set.

Offline

Determino is especially well suited for usage with machines without Internet or local area network, as well as with completely isolated machines.

Generator

It is also possible to generate random NIST compliant passwords. To do this, you need to seed a true random sequence as the master password, private key or a service name.



Master Password and Private Key

Master Password

The master password (along with the service name) is used to generate resulting passwords. Choose it with care, follow NIST recommendations, do not store it as plain text and best of all remember it.

Make sure your master password is at least 16 characters long, contains upper and lower case letters, numbers and special characters. Do not use common words.

Caution! If you forget or lose your master password there will be no way to recover already generated password sets.

Private Key

For greater security, in addition to the master password, you can use a private key. It is possible to use a file of an arbitrary type and size for this purpose, however, it is strongly recommended to use files containing a true random data.

For really important passwords, it is a good idea to keep this file encrypted or at least available only to the owner.

Caution! If you delete or modify your private key file there will be no way to recover already generated password sets.



Service Name

Description

The service name is analogous to the entry in classic password managers. It can be something as simple as "apple.com" or more advanced like "🔐📷Vacation". If you rely only on your memory, it is important to develop a naming system and follow it.

Simple

Names like "protonmail.com", "once.rest@protonmail.com" or "protonmail.com:once.rest" may be easy to remember, but should not be considered safe. Although this is still an acceptable way of naming.

Advance

More advanced naming methods can involve controversial techniques in which a word, symbol, or other decoy can be added to the service name. Security through obscurity may be a bad practice, but in general, the harder it is to guess which service names you are using, the better.



Options

Length

Length of resulting passwords is theoretically unlimited, by default Determino uses 18 symbols. Keep in mind that passwords of different lengths differ completely.

Pwned counter

If the password has been compromised, it is necessary to generate a new one. It is possible to do so using the same master password and service name, you just need to increment the pwned counter.



Password types

Determino provides four types of resulting passwords: from the most complex (type A) to the simplest (type D). By default, passwords are 18 characters long, which should be sufficient for most cases.

Type A

Uses all 95 ASCII printable characters. Determino checks that at least one digit, one character, one special character, uppercase and lowercase letters are present in password. This type is recommended for use in all cases.

Entropy (18): 118.2574 bits.

Type B

Determino uses 70 ASCII printable characters with this type and checks that at least one digit, one character, uppercase and lowercase letters are present in password. Recommended for use with services that do not allow special characters in passwords.

Entropy (18): 110.3271 bits.

Type C

Most compatible password type, uses 62 ASCII printable characters, includes at least one number, uppercase and lowercase letters. Can be used with services that implement legacy password policies.

Entropy (18): 107.1755 bits.

Type D

This type contains only digits and can be used to generate PIN numbers.

Entropy (18): 59.7947 bits.



Reset Timer

By default, Determino will reset all fields after five minutes of application inactivity. You can adjust reset timer value via application menu: Tools > Reset Timer and then choose 1, 3, 5, 10 or 15 minutes interval.

Select Tools > Reset Timer > Disabled to disable reset timer for current session.



Keyboard shortcuts

Here are Determino shortcuts you can use, in addition to those that are standard on macOS systems.

Action Shortcut
Generate resulting passwords Command–G
Load or unload Private Key Command–O
Copy type A password to clipboard Command–1
Copy type B password to clipboard Command–2
Copy type C password to clipboard Command–3
Copy type D password to clipboard Command–4
Reset all fields Option–Command–K
Disable reset timer Option–Command–0
Set reset timer to 1 minute Option–Command–1
Set reset timer to 3 minutes Option–Command–3
Set reset timer to 5 minutes Option–Command–5
Set reset timer to 10 minutes Option–Command–A
Set reset timer to 15 minutes Option–Command–F
Display Master Password Shift–Command–D
Display resulting passwords Shift–Command–R