Use music to create a secure password

Musical Passwords


Musical Passwords

I built a browser-based encryption tool where you use a melody played on a piano as your encryption key.

Can musical memory replace textual passwords? It turns out that a tune with timing is quite high-entropy.

It uses Argon2id (a “memory-hard” key derivation function). The melody is fed into Argon2id and this generates a key stream. The key stream is the XOR’d with the message. The entire thing runs 100% in the browser with Rust compiled to WASM. No servers are involved and no data leaves your machine.

The notes map to a keyboard too. Using a QWERTY layout; the A key is middle C, the K key is high C and the keys in between are the major and minor keys (eg the T key is F#). They’re also pressure sensitive and mapped to a timing, so one note could be an 16th, 8th or whole note depending on how long you hold down the key for.

Argon2id requires a lot of RAM to break and is pretty resilient to brute force attacks. However this is definitely not production ready as this app hasn’t been formally auditted.

Check it out

https://musical-passwords-a9c9bfb6.netlify.app/