bjk's blog

August 8, 2015

libpurple-pwmd plugin repository created

Filed under: libpwmd, projects — bjk @ 9:11 pm

I’ve created a git repository libpurple-pwmd on GitLab. This is a plugin for libpurple (which is bundled with Pidgin) to retrieve account details from pwmd for any instant messaging protocol supported by libpurple. It requires the development version 3.x of Pidgin/libpurple but older and deprecated patches for Pidgin can be found here.

Update git repository paths

Filed under: projects — bjk @ 9:04 pm

I kinda messed up when importing projects from Gitorious to GitLab. Each project was in it’s own group rather than my username. So I’ve moved them to the bjk group. I’ve updated the git repository and ticket/issue links here on WordPress and also on SourceForge.

August 1, 2015

Pwmd version 3.0.16 released

Filed under: projects, pwmd — bjk @ 3:46 pm

This version fixes a nasty bug that prevented opening a saved data file when the key was cached and adds a couple of features and fixes a couple of other minor bugs. See NEWS for details.

Download it here.

April 22, 2015

Pwmd version 3.0.15 released

Filed under: projects, pwmd, security — bjk @ 6:39 pm

This version fixes a couple important security issues. Please change your passphrase for all non-gpg-agent data files. Note that after doing this the data file will not be compatible with previous versions of pwmd.

Download it here.

April 18, 2015

Pwmd and cipher iterations

Filed under: projects, pwmd — bjk @ 7:56 pm

I’m going to change how pwmd 3.0.x handles the “SAVE --cipher-iterations” command. Rather than make the parameter a count of the number of times to encrypt the XML data, it will be more like OpenPGP and to use it as the number of times to re-hash the passphrase that is used to encrypt the XML data.

Since the XML data is always encrypted using a 256-bit cipher key derived from the hash function, no matter the cipher, then it makes sense to spend time hashing the passphrase rather than encrypting the XML data.

The way it is now in pwmd 3.0.x is that an attacker could brute force the passphrase by taking the salt which is stored in the data file header and rehash a dictionary word the default number of times (1000 as it is) then test the hash against the generated hash at attack runtime. An attack like this is unlikely as far as I understand, but this attack may be much quicker than brute forcing the (hashed) 256-bit cipher key used to encrypt the XML even when there are no XML cipher iterations.

April 6, 2015

Pwmd OpenPGP status update

Filed under: projects, pwmd — bjk @ 9:48 pm

OpenPGP support in pwmd is working but there are a few things to do before making a release. For details please see this pwmd-devel post.

April 5, 2015

QPwmc version 0.3.2 released

Filed under: projects, qpwmc — bjk @ 10:38 am

This version requires Pwmd 3.0.14 do to ACL changes and LIST command updates. It also contains a couple DnD validation fixes.

Note that the git repository has changed to

Download it here.

Pwmd version 3.0.14 released

Filed under: projects, pwmd — bjk @ 10:34 am

This version contains additional ACL features and fixes, requires GnuTLS >= 3.0.0 when –enable-gnutls is passed to configure, fixes a couple LIST command bugs and fixes bulding for Android. Read the NEWS for details.

Download it here.

March 12, 2015

Update git repository from gitorious to gitlab

Filed under: projects — bjk @ 6:10 pm

Since Gitorious has been bought by GitLab the project repository links needed to be updated. Projects hosted by will remain there for hopefully a long time. Thanks to all for their repository hosting services!

January 18, 2015

CBoard version 0.7.3 released

Filed under: cboard, projects — bjk @ 12:48 pm

This version fixes a few bugs found by Coverity.

Download it here.

Older Posts »

The Silver is the New Black Theme. Blog at


Get every new post delivered to your Inbox.