Madmax Pass
A fast, local-first password & token generator with cryptographically secure entropy.
Madmax Pass is a desktop application built with Tauri that generates ultra-secure passwords and
random tokens entirely on your machine. All cryptographic operations are performed in Rust using the OS's secure random
number generator (OsRng). No network calls, no telemetry, no data leaves your device.
The app features a clean, minimal dashboard with three tools:
- Password Generator โ Customizable length and character sets, with a quantum-safe mode.
- Token Generator โ Cryptographically secure random tokens in multiple formats and sizes.
- Password Analyzer โ Real-time strength analysis, entropy calculation, and crack-time estimates (classical & quantum).
Features
| Description | |
|---|---|
| ๐ Local-Only | Zero network access. Everything happens on your machine. |
| โก Secure Randomness | Uses Rust's OsRng for cryptographically secure random number generation. |
| ๐ง Password Analysis | Real-time entropy calculation, character pool analysis, and classical vs. quantum crack-time estimates. |
| ๐ก๏ธ Quantum-Safe Mode | Enforces all character sets and a minimum length of 40 to resist quantum computing attacks (โฅ128 bits of entropy). |
| ๐งน Memory Safe | Intermediate password buffers are securely zeroed from memory after use (zeroize). |
| ๐ Clipboard Integration | One-click copy to clipboard with visual feedback. |
| ๐ Dark & Light Themes | Toggle between dark and light modes; preference is persisted locally. |
Architecture
flowchart TB
subgraph Frontend["Frontend โ Vite + TypeScript + Tailwind CSS v4"]
direction LR
UI["UI Layer"]
TS["TypeScript Logic"]
end
subgraph Backend["Backend โ Tauri v2 + Rust"]
direction LR
PW["Password Generator"]
TK["Token Generator"]
AN["Password Analyzer"]
CR["Crack-Time Estimator"]
end
Frontend <-->|" IPC Commands "| Backend
- Frontend: Vanilla TypeScript with Vite and Tailwind CSS v4. No heavy framework โ just fast, lightweight DOM manipulation.
- Backend: Rust-powered Tauri v2 application exposing three main commands via IPC.
Security Model
| Concern | Implementation |
|---|---|
| Randomness Source | rand::rng() backed by OsRng, seeded from the operating system's CSPRNG. |
| Uniform Distribution | Rejection sampling ensures every selected character set is represented, followed by a cryptographically secure Fisher-Yates shuffle. |
| Memory Hygiene | The zeroize crate securely clears intermediate password buffers from heap memory after generation. |
| Length Enforcement | Hard limits between 4 and 4,096 characters. |
| Quantum Resistance | A dedicated "Quantum Safe" mode enforces the full character pool (lowercase, uppercase, digits, symbols) and a minimum length of 40, yielding โฅ128 bits of entropy. |
Tech Stack
- Desktop Framework: Tauri v2
- Backend Language: Rust (edition 2024)
- Frontend Build Tool: Vite
- Frontend Language: TypeScript
- Styling: Tailwind CSS v4
- Package Manager: Bun
Key Rust Dependencies
| Crate | Purpose |
|---|---|
tauri |
Desktop application framework |
rand |
CSPRNG and secure shuffling |
zeroize |
Secure memory wiping |
base64 |
Token encoding |
Prerequisites
- Bun (v1.0+)
- Rust toolchain (stable)
- Tauri system dependencies for your OS
Getting Started
1. Clone & Install
bun install
2. Development Modes
Web UI only (hot-reload, no Rust backend):
bun dev
Full Tauri application (Rust + Web UI):
bun tauri dev
3. Build for Production
bun tauri build
The compiled application will be available in src-tauri/target/release/bundle/.
Testing & Benchmarks
Rust Unit Tests
cd src-tauri
cargo test
Benchmarks
cd src-tauri
cargo bench
The benchmark suite (password_bench) measures password generation throughput using Criterion.
Password Generation Algorithm
- Validation: Enforces length bounds (4โ4096) and ensures at least one character category is selected.
- Pool Construction: Builds a unified character pool from the selected categories (lowercase, uppercase, digits, symbols).
- Rejection Sampling: Generates candidate passwords from the pool and validates that every selected category is represented. In practice, this converges in ~1 iteration for lengths โฅ 8.
- Secure Shuffling: Applies a cryptographically secure Fisher-Yates shuffle to eliminate positional bias.
- Memory Zeroing: The intermediate byte buffer is securely zeroed from heap memory before returning the final
String.
License
MIT
Generate and analyze secure credentials with confidence.
