A Rust implementation of the Spectre password manager CLI, providing stateless password generation based on the Spectre algorithm.

This is a derivative work based on the original Spectre algorithm by Maarten Billemont.

• Project: https://spectrs.app

This Rust implementation is also licensed under GPL-3.0 in compliance with the original license terms.

Spectre is a stateless password management solution that generates site-specific passwords from:

• Your full name
• Your personal secret (master password)
• The site name

The same inputs always produce the same password, so you never need to store passwords - just remember your personal secret!

• Stateless: No database needed, passwords are generated on-demand
• Secure: Uses scrypt for key derivation with strong parameters
• Flexible: Multiple password templates (long, medium, short, PIN, phrase, etc.)
• Portable: Save user preferences to JSON format
• Cross-platform: Works on macOS, Linux, and other Unix-like systems

cargo build --release

The binary will be at target/release/spectre-cli.

Generate a password for a site:

spectre-cli -u "Your Full Name" example.com

You'll be prompted for your personal secret, and the password will be generated.

USAGE:
 spectre-cli [OPTIONS] [SITE_NAME]
ARGUMENTS:
 [SITE_NAME] Site name for which to generate a password
OPTIONS:
 -u, --user-name <USER_NAME>
 User name (or -U to allow updating personal secret)
 Environment: SPECTRE_USERNAME
 -U, --user-name-update <USER_NAME_UPDATE>
 Allow updating personal secret
 -s, --secret-fd <SECRET_FD>
 Read personal secret from file descriptor
 -S, --secret <SECRET>
 Personal secret (UNSAFE - for testing only)
 -t, --result-type <RESULT_TYPE>
 Password template type [default: long]
 Options:
 x, max, maximum | 20 characters, contains symbols
 l, long | 14 characters, symbols (default)
 m, medium | 8 characters, symbols
 b, basic | 8 characters, no symbols
 s, short | 4 characters, no symbols
 i, pin | 4 numbers
 n, name | 9 letter name
 p, phrase | 20 character sentence
 K, key | encryption key
 P, personal | saved personal password
 -P, --result-param <RESULT_PARAM>
 Parameter value (login name, key bits, or personal password)
 -c, --counter <COUNTER>
 Counter value [default: 1]
 -a, --algorithm <ALGORITHM>
 Algorithm version (0-3, default: 3)
 Environment: SPECTRE_ALGORITHM
 -p, --purpose <PURPOSE>
 Key purpose [default: auth]
 Options:
 a, auth | Authentication (password)
 i, ident | Identification (username)
 r, rec | Recovery (security answer)
 -C, --context <CONTEXT>
 Purpose-specific context (e.g., security question)
 -f, --format <FORMAT>
 File format (with fallback)
 Environment: SPECTRE_FORMAT
 Options:
 n, none | No file
 f, flat | Flat format
 j, json | JSON format (default)
 -F, --format-fixed <FORMAT_FIXED>
 File format (fixed, no fallback)
 -R, --redacted <REDACTED>
 Save file in redacted format [default: 1]
 -v, --verbose...
 Increase verbosity (can be repeated)
 -q, --quiet...
 Decrease verbosity (can be repeated)
 -n, --no-newline
 Omit trailing newline
 -h, --help
 Print help
 -V, --version
 Print version

spectre-cli -u "John Doe" example.com

spectre-cli -u "John Doe" -t medium example.com

spectre-cli -u "John Doe" -t pin example.com

spectre-cli -u "John Doe" -c 2 example.com

spectre-cli -u "John Doe" -p ident example.com

spectre-cli -u "John Doe" -p rec -C "maiden name" example.com

spectre-cli -u "John Doe" -f none example.com

spectre-cli -S "my secret" -u "John Doe" example.com

User preferences are stored in ~/.spectre.d/username.json by default.

The JSON format includes:

• User information (name, identicon, key ID)
• Site configurations (result type, counter, usage stats)
• Login information
• Security questions

• SPECTRE_USERNAME: Default user name
• SPECTRE_ALGORITHM: Default algorithm version (0-3)
• SPECTRE_FORMAT: Default file format (none/flat/json)

1. Never use -S flag in production: It's only for testing. Always use interactive password prompt or pipe from secure source.
2. Personal secret: Choose a strong, memorable personal secret. This is your master password.
3. Site names: Use consistent site names (e.g., always use "example.com", not "www.example.com" sometimes).
4. Redacted mode: By default, files are saved in redacted format (secrets encrypted). Keep it that way!

Spectre uses:

• scrypt for user key derivation with parameters N=32768, r=8, p=2
• HMAC-SHA256 for site-specific key derivation
• Template-based generation for human-friendly passwords

This implementation aims to be compatible with the original Spectre/MasterPassword algorithm (version 3). Passwords generated with the same inputs should match other Spectre implementations.

This project is licensed under the GNU General Public License v3.0 (GPL-3.0) or later.

This is a derivative work based on the original Spectre implementation by Maarten Billemont.

• See LICENSE for the full GPL-3.0 license text
• See COPYRIGHT.md for detailed attribution and copyright information

Original Algorithm and Implementation:

• Created by: Maarten Billemont
• Project: https://spectre.app
• Repository: https://gitlab.com/spectre.app/api
• Copyright: © 2011-2017 Maarten Billemont
• License: GPL-3.0

Rust Implementation:

• Developed by: Abdulrhman Alkhodiry
• Copyright: © 2025
• License: GPL-3.0-or-later

This Rust implementation maintains full compatibility with the original Spectre algorithm while providing the benefits of Rust's memory safety and performance.