Enigmatic Mouse app
The Enigmatic Mouse is a small password manager, the purpose is to be as small as possible while still providing a bearable user experience. By being small The Mouse is auditable by our user base. No need to trust a third party with the keys to the kingdom, you can fork the repository and add new features or even disable existing ones! For maximum security we recommend that you build and side-load the application yourself. This ensures that a rogue version published to the Play store won’t steal all your passwords.
Features:
- application is protected by fingerprint authentication.
- securely store passwords encrypted within Realm.
- shows icons for the sites you add from the internet.
- allows you to copy to clipboard or view passwords within the app.
- set a credential as favorite and sticky it to the top of the list.
- downloads the haveibeenpwned domain list and compares with your accounts.
Security:
The master password is combined with a key derivation function (Scrypt) to generate an AES key of 256 bits. Another key is then created within the Trusty TEE (HSM) and used to encrypt the AES key. The key stored in TEE is protected by your fingerprint and never leaves the HSM. We store the encrypted key, the salt used with the master password and the initialization vector used as shared preferences. This information is not a cryptographic secret. When the user authenticates with their fingerprint, we use the AES key stored in the HSM to decrypt the key derived from the master password. When the master key is recovered, we initialize the Realm encrypted database with it.