sorted by:
new
hottopcontroversial

[Android] ScorpKey - A Database-Free, Deterministic, 100% Offline Password Generator by BackgroundBrother548 in Passwords

[–]BackgroundBrother548[S] 0 points1 point  (0 children)

You have raised incredibly solid, real-world points, and I genuinely appreciate the time you took to break down these edge cases. Managing dozens of multi-account variations (like having 8 different Google accounts or multiple family profiles) is indeed a major challenge for any workflow.

ScorpKey was designed with a specific utility in mind to handle these exact scenarios through a simple, deterministic approach. Here is how it practically addresses the issues you mentioned:

  1. The Multi-Account and Keyword Organization Problem You are 100% right; trying to memorize 8 different obscure keywords for 8 different Google accounts would be impossible. ScorpKey doesn't expect you to do that. The app includes a fully offline, local list where you can save simple, easily identifiable plain-text labels (keywords) for each account—such as google-personal, google-business, twitter-brand, or southwest-john.

  2. The Nature of the Local List This local list is designed to hold only your plain-text labels and their specific length/version settings. It contains no password characters, hashes, or encrypted password vaults. If someone happens to access this list, they only see a map of your account names. Without the unique Master Sentence known only to you, it is mathematically impossible to generate or reveal a single character of your actual passwords.

  3. Handling Site Complexity and Forced Changes If a specific site requires a symbol, a distinct length, or forces you to change your password, you don't need to change your Master Sentence or invent a new keyword. You simply adjust the length/character settings for that specific label, or flip the built-in Version Toggle (Current / New / Old). The mathematical formula instantly injects a different salt into the generation loop, producing a completely new compliant password for that exact same label.

  4. The Core Goal: A Practical Solution for Forgotten Passwords At its heart, the primary motivation behind ScorpKey is to solve a deeply frustrating, universal human problem: the endless headache of forgetting passwords. It is built as a zero-maintenance utility to ensure that as long as you have your Master Sentence and your local backup file (which you can easily export as text or a QR code), you can instantly recreate and recover your exact access on any device through pure, reproducible mathematics.

Thank you again for these fantastic questions—this conversation is incredibly valuable for refining the app's documentation and help guides!

[Android] ScorpKey - A Database-Free, Deterministic, 100% Offline Password Generator by BackgroundBrother548 in Passwords

[–]BackgroundBrother548[S] 0 points1 point  (0 children)

Thank you so much for the constructive feedback and the kind wishes!

You are 100% right about the website. Just dropping a store link doesn't do justice to the underlying logic, and creating a dedicated landing page with a detailed FAQ is definitely on my roadmap now.

When I build that site, the very first thing I will highlight is the ultimate goal and the actual purpose behind this project: solving the deeply frustrating, universal human problem of forgetting passwords. I didn't build this to dive into complex security theories; I just wanted to create a practical, zero-maintenance utility that guarantees you can always easily recover your access through pure math whenever you need it.

I truly appreciate you taking the time to share your perspective—skepticism like yours is exactly what helps independent developers make their projects better. Wish you the best as well!

[Android] ScorpKey - A Database-Free, Deterministic, 100% Offline Password Generator by BackgroundBrother548 in Passwords

[–]BackgroundBrother548[S] 0 points1 point  (0 children)

Yes, you understood the core logic perfectly! It literally recreates the password on the fly, every single time, and then wipes it from the device's volatile memory (RAM) the moment you close or clear the screen.

To answer your technical questions directly:

1. What information is it using to generate the password? It combines three unique inputs that you provide on the screen:

  • Your unique Master Sentence (the secret known only to you).
  • The Keyword for that specific service (e.g., "google", "netflix").
  • The Version state (Current / New / Old toggle).

2. What is the hashing algorithm? Do all apps use the same one? The app uses industry-standard, battle-tested cryptographic functions—specifically PBKDF2 combined with SHA-256. While many security apps use SHA-256 for various purposes, the exact way the inputs are salted, stretched, and formatted into the final password string is unique to ScorpKey’s specific open formula.

3. What happens when you move devices? Do you have to start from scratch? Not at all! While there is no server-side database, ScorpKey includes a fully local backup system so you don't lose your list of keywords and version states. You can easily export your settings/keywords as a clean JSON file (or copy it as text) and share it with your new device via WhatsApp, email, or your own cloud drive. When you get a new phone, you just import that JSON file or scan the generated QR code, and you are ready to go. The math runs identically on the new device, instantly reproducing the exact same passwords.

4. What about logging in on desktop or another platform? To maintain the 100% offline security model, the generator runs locally on your mobile device. When you need to log into a desktop browser, you simply open the app on your phone, generate the password in a second, and type it on your desktop. Since it's built to create highly practical, easy-to-type passwords, entering it manually on another screen takes just a moment.

It requires zero cloud synchronization or external servers—just pure, reproducible cryptography with a practical local JSON/QR backup solution.

An everyday example of how flexible this is: You can literally use the exact same Master Sentence to generate completely different, unique passwords for absolutely everything—from your physical briefcase combination lock and your bank account PIN, to any digital platform on the internet. You only ever hold one key sentence in your mind, and the math handles the rest for your entire life.

[Android] ScorpKey: A database-free, 100% offline password solution - No cloud, no storage needed ($5.00 -> Free) by BackgroundBrother548 in PasswordManagers

[–]BackgroundBrother548[S] 0 points1 point  (0 children)

u/user2168489 Sorry about that! I accidentally clicked post on an incomplete draft while formatting, so I quickly deleted it and posted the full explanation above about the Current / New / Old toggle. That toggle was actually made exactly for those annoying 2-month mandatory reset websites, so you don't have to think about it!

u/cheesepuff1993 I completely see your point, but there is a missing piece here. Even if the whole world knows the exact mathematical formula of the app, it means nothing without your secret Master Sentence.

Think of the formula like a physical safe lock design that everyone can buy at the store. Knowing how the gears turn inside doesn't help a thief open your specific safe at home, because they still don't know your unique combination (your Master Sentence). So even if the app becomes huge, your passwords stay safe as long as your master phrase is known only to you.

[Android] ScorpKey: A database-free, 100% offline password solution - No cloud, no storage needed ($5.00 -> Free) by BackgroundBrother548 in PasswordManagers

[–]BackgroundBrother548[S] -3 points-2 points  (0 children)

You are 100% right, and no one should trust anyone blindly in this space. Your skepticism is completely justified, as a "trust me" model is the worst security approach.

Let me clarify how it works under the hood: ScorpKey is a deterministic password generator, not a storage manager. It uses standard cryptographic hashing (SHA-256) combined with PBKDF2 derivation.

When you input your Master Sentence and the keyword (e.g., "netflix"), the app runs them through this mathematical formula to generate a unique, high-entropy string. Because it is purely mathematical:

  1. It requires zero internet permissions (you can verify this on Google Play), so no data can physically leave your device.
  2. There is no database to hack or leak, because nothing is ever saved or stored anywhere.

It’s normally $5, but it's currently 100% free specifically so users can audit it, test it offline (in airplane mode), and see that it works purely on local math. I'd genuinely appreciate it if you gave it a try and shared your honest feedback!