20 hours / week
Password generators are client-based systems which automatically generate passwords for user authentication to websites. They are analogous to password managers, except that the passwords are never actually stored anywhere. A number of proposals for such schemes exist – perhaps the best known is called PwdHash (see https://www.pwdhash.com/). Some of these schemes have been implemented – including PwdHash.
In a recent paper written by Fatma Al Maqbali (a research student of mine) and myself – see http://www.chrismitchell.net/Papers/pgoian.pdf and http://arxiv.org/abs/1607.04421 – we gave the first general model for such schemes, and reconsidered the existing proposals in the light of this model. We also identified a number of features that would be desirable in a password generator, and which are absent from all previously proposed schemes. This led us to outline the design of a new password generator scheme we call AutoPass (this outline is given in the paper mentioned above).
Obviously an interest in security and the relevant programming skills are prerequisites, but expertise in cryptography or other security algorithms is not necessary. Any implementations of algorithms can either be borrowed from publicly available libraries or simply replaced with shims (since the use of cryptography is straightforward).
It is intended that once the implementation is working it can be used for practical trials (to be led by Fatma Al Maqbali), and I would anticipate a paper being submitted for publication based on the implementation and subsequent trials; the author of the code would be a co-author of this paper.