employee
Russian Federation
student
Russian Federation
UDC 004.056.5
Russian Classification of Professions by Education 10.00.00
The study presents the development of a password manager with enhanced cryptographic protection for local storage of credentials. Purpose: to create a software solution that implements secure password generation, encryption, and storage using modern algorithms. Methods: modern cryptographic approaches were applied, including symmetric encryption (AES-GCM), hash functions (SHA-256), and the PBKDF2 algorithm for key generation based on a master password and salt. Results: the implementation of a Java-based software package that allows password policy configuration, protection against bruteforce and dictionary attacks, and data integrity verification. A cryptographic module compliant with NIST and GOST standards has been developed. Practical significance: the software can be used in organizations requiring local protection of confidential data without relying on cloud technologies. It will be suitable for improving information security in small businesses, educational institutions, and development environments. Discussion: the paper highlights the advantages of an autonomous architecture, open source code, and prospects for further development, including functionality expansion and adaptation for corporate use.
password manager, cryptographic protection, AES-GCM, PBKDF2, SHA-256, credential storage, encryption, information security, Java
1. Avezova Ya., Ryzhkov V. Utechki konfidentsialnykh dannykh iz organizatsiy: vtoroe polugodie 2024 goda [Leaks of confidential data from organizations: the second half of 2024], Positive Technologies. Published online at March 13, 2025. Available at: http://www.ptsecurity.com/ru-ru/research/analytics/utechki-dannyh-aktualnye-ugrozy-vtorogo-polugodiya-2024-dlya-organizaczij (accessed: July 05, 2025). (In Russian)
2. KeePass Password Safe. Available at: http://keepass.info (accessed: July 06, 2025).
3. Bitwarden Password Manager. Available at: http://bitwarden.com (accessed: July 06, 2025).
4. LastPass. Available at: http://lastpass.com (accessed: July 06, 2025).
5. Toubba K. 12-22-2022: Notice of Security Incident LastPass, LastPass Blog. Published online at December 22, 2022. Available at: http://blog.lastpass.com/posts/notice-of-security-incident (accessed: July 05, 2025).
6. Ivanov M. A., Chugunkov I. V. Kriptograficheskie metody zashchity informatsii v kompyuternykh sistemakh i setyakh: uchebnoe posobie [Cryptographic methods of information protection in computer systems and networks: tutorial]. Moscow, National Research Nuclear University MePhI, 2012, 400 p. (In Russian)
7. National Institute of Standards and Technology. Computer Security Resource Center. Publications Database. Available at: http://csrc.nist.gov/publications (accessed: July 05, 2025).
8. GOST R ISO/MEK 27002—2021. Informatsionnye tekhnologii. Metody i sredstva obespecheniya bezopasnosti. Svod norm i pravil primeneniya mer obespecheniya informatsionnoy bezopasnosti [GOST R ISO/IEC 27002—2021. Information technology. Security techniques. Code of practice for information security controls]. Effective from November 30, 2021. Moscow, StandartInform Publishing House, 2021, 74 p. (In Russian)
9. Moriarty K., Kaliski B., Rusch A. PKCS #5: Password-Based Cryptography Specification Version 2.1 (RFC 8018). 2017, 40 p. Available at: https://datatracker.ietf.org/doc/html/rfc8018 (accessed: July 05, 2025).
10. Moldovyan N. A., Moldovyan A. A., Eremeev M. A. Kriptografiya: ot primitivov k sintezu algoritmov [Cryptography: from primitives to the synthesis of algorithms]. Saint Petersburg, BHV-Peterburg Publishing House, 2004, 448 p. (In Russian)
11. Balanov A. N. Bekend-razrabotka veb-prilozheniy: arkhitektura, proektirovanie i upravlenie proektami: uchebnoe posobie dlya vuzov [Backend development of web applications: architecture, design and project management: a tutorial for universities]. Saint Petersburg, LAN Publishing House, 2025, 312 p. (In Russian)
12. Khlebnikov A. OpenSSL 3. Klyuch k taynam kriptografii. Luchshie sposoby povysit bezopasnost seti s primeneniem OpenSSL 3 [Demystifying Cryptography with OpenSSL 3.0. Discover the best techniques to enhance your network security with OpenSSL 3.0]. Moscow, DMK Press Publishing House, 2023, 300 p. (In Russian)
13. Kashirskaya E. N., Kushnir A. P. Kriptograficheskie sistemy: uchebnoe posobie [Cryptographic systems: a tutorial]. Moscow, MIREA — Russian Technological University, 2021, 66 p. (In Russian)
