u/hexaon_

Offline deterministic password generator in Go — looking for security/UX feedback

Offline deterministic password generator in Go — looking for security/UX feedback

I built a lightweight offline deterministic password generator in Go.

The idea is simple: I wanted a way to generate strong account-specific passwords without storing the generated passwords themselves, and without needing a server, account, or cloud sync.

How it works:

  • You create one local encrypted vault seed
  • The seed is encrypted with a master password
  • Passwords are regenerated from:
    • master password
    • encrypted local seed
    • platform
    • email
    • counter/version
  • Generated account passwords are not saved

It uses Argon2id, XChaCha20-Poly1305, and HMAC-SHA256. It is cross-platform: macOS, Linux, and Windows.

GitHub:
https://github.com/Falcn8/acctpass

I’m not trying to claim this replaces audited password managers like Bitwarden, 1Password, or KeePass. It does not do browser autofill, sync, sharing, passkeys, recovery, secure notes, etc. It is more of a small offline CLI for people who like deterministic/local tools.

The project is MIT licensed and unaudited. I’d really appreciate feedback on:

  • the security model
  • cryptographic design
  • CLI UX
  • README clarity
  • release/download process
  • anything that looks risky or misleading

I’m especially interested in criticism before I polish it further.

u/hexaon_ — 3 days ago