Musical Passwords
Musical Passwords
I built a browser-based encryption tool where you use a melody played on a piano as your encryption key.
Can musical memory replace textual passwords? It turns out that a tune with timing is quite high-entropy.
It uses Argon2id (a “memory-hard” key derivation function). The melody is fed into Argon2id and this generates a key stream. The key stream is the XOR’d with the message. The entire thing runs 100% in the browser with Rust compiled to WASM. No servers are involved and no data leaves your machine.
The notes map to a keyboard too. Using a QWERTY layout; the A key is middle C, the K key is high C and the keys in between are the major and minor keys (eg the T key is F#). They’re also pressure sensitive and mapped to a timing, so one note could be an 16th, 8th or whole note depending on how long you hold down the key for.
Argon2id requires a lot of RAM to break and is pretty resilient to brute force attacks. However this is definitely not production ready as this app hasn’t been formally auditted.