A Chrome extension that generates secure, deterministic passwords for websites using your master passphrase. No storage of actual passwords - they're derived mathematically each time.

Kootlipi creates unique, strong passwords for each website based on:

• Your master passphrase
• The website's domain
• A counter (for password rotation)
• Your chosen password length

The same inputs always generate the same password, making it completely deterministic and eliminating the need to store passwords.

• Deterministic Generation: Same inputs always produce the same password
• No Password Storage: Passwords are computed on-demand using cryptographic derivation
• Automatic Form Filling: Generated passwords are automatically filled into login forms
• Manual Copy: Copy generated passwords to clipboard for manual entry
• Password History: Session-based history of generated passwords (cleared on browser restart)

• PBKDF2 Encryption: Uses PBKDF2 with SHA-256 and 200,000 iterations
• Unique Per Site: Each website gets a unique password derived from domain name
• Strong Character Set: Includes uppercase, lowercase, numbers, and symbols
• Configurable Length: Choose password length from 8-64 characters
• Counter System: Increment counter to generate new passwords for the same site

• Clean Design: Minimal, intuitive interface with custom typography
• Session History: View and manage recently generated passwords
• Easy Navigation: Seamless flow between main interface and history page
• Responsive Layout: Optimized for Chrome extension popup format

1. Download or clone this repository
2. Open Chrome and navigate to chrome://extensions/
3. Enable "Developer mode" in the top right
4. Click "Load unpacked" and select the project folder
5. The Kootlipi extension will appear in your Chrome toolbar

• Chrome browser (Manifest V3 compatible)
• No additional dependencies required

1. Navigate to any website with a login form
2. Click the Kootlipi extension icon
3. Enter your master passphrase
4. Adjust password length if needed (default: 24 characters)
5. Click "Generate Password"
6. The password will be automatically filled into the login form

1. Generate a password using the steps above
2. Click "Copy Generated Password" to copy to clipboard
3. Manually paste the password where needed

1. Click the "History" button in the extension popup
2. View all passwords generated in the current browser session
3. Copy any previous password by clicking the "Copy" button
4. Delete individual entries or clear all history
5. Use the back button to return to the main interface

If you need to change a password for a site:

1. Generate a password normally
2. Note the current counter value (starts at 1)
3. Use browser developer tools or contact developer for counter increment feature
4. Generate again with the new counter for a different password

• Algorithm: PBKDF2 (Password-Based Key Derivation Function 2)
• Hash Function: SHA-256
• Iterations: 200,000
• Salt: Combination of domain name and counter (domain:counter)
• Output: 256-bit derived key mapped to character set

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()_+-=[]{}|;:,.<>?

• Session Storage: Password history is stored in Chrome's session storage
• Automatic Cleanup: History is cleared when browser is closed
• No Persistent Data: Master passphrase and generated passwords are never permanently stored
• Privacy Focused: All data remains local to your device

• storage: For session-based password history
• activeTab: To detect current website domain
• scripting: To automatically fill passwords into forms
• <all_urls>: To work on all websites

kootlipi/
├── manifest.json          # Extension configuration
├── popup.html            # Main interface
├── popup.js              # Main interface logic
├── style.css             # Main interface styling
├── history.html          # Password history page
├── history.js            # History page logic
├── history.css           # History page styling
├── content_script.js     # Website interaction script
├── background.js         # Extension service worker
├── nothing-font.otf      # Custom font file
├── icons/
│   └── icon_1.png       # Extension icon
└── README.md            # This documentation

• No Password Storage: Impossible to leak stored passwords since none are stored
• Strong Derivation: PBKDF2 with 200K iterations resistant to brute force
• Unique Per Site: Compromise of one password doesn't affect others
• Local Processing: All cryptographic operations happen locally

• Master Passphrase Security: The security of all passwords depends on your master passphrase strength
• Deterministic Nature: Same inputs always produce same output - this is both a feature and a consideration
• Session History: Password history is stored in browser session (cleared on restart)
• Domain-Based: Subdomains may generate different passwords than main domains

1. Use a Strong Master Passphrase: Choose a long, unique passphrase you've never used elsewhere
2. Memorize Your Passphrase: Don't write it down or store it digitally
3. Consistent Usage: Always use the same master passphrase for consistency
4. Regular Review: Periodically review which sites you've used the extension with
5. Backup Strategy: Remember that password recovery requires your exact master passphrase

• Manifest V3: Modern Chrome extension architecture
• Service Worker: Background script for extension coordination
• Content Scripts: Injected scripts for webpage interaction
• Web Crypto API: Browser-native cryptographic functions

1. Fork the repository
2. Create a feature branch
3. Make your changes
4. Test thoroughly with various websites
5. Submit a pull request

• Test password generation on various websites
• Verify form auto-fill functionality
• Check history management features
• Validate cryptographic consistency

Kootlipi is designed with privacy as a core principle:

• No Data Collection: No user data is collected or transmitted
• Local Processing: All operations happen locally in your browser
• No Network Requests: Extension doesn't communicate with external servers
• Session-Only Storage: History is cleared when browser closes
• Open Source: All code is available for review

This project is open source. See the license file for details.

For issues, questions, or contributions:

• Review the code in this repository
• Check existing issues and documentation
• Test thoroughly before reporting bugs
• Provide detailed reproduction steps for any issues

• Initial release
• Basic password generation with PBKDF2
• Automatic form filling
• Session-based password history
• Clean user interface with custom styling