bjk's blog

October 6, 2015

QPwmc save dialog

Filed under: projects, qpwmc — bjk @ 11:50 pm

Here’s a screenshot of the “Extended Save” dialog. The same dialog is shown for new files with the exception that the Symmetric checkbox is enabled and selectable (can’t change encryption schemes for existing data files). These latest features require the development version of pwmd and libpwmd located in their git repositories.

September 24, 2015

QPwmc work

Filed under: projects, qpwmc — bjk @ 2:24 am

Here’s a screenshot of QPwmc progress. Is has more of an application feel with menus and toolbars and supports OpenPGP key selection during Save. It also does pwmd server IO in a separated thread to prevent blocking the UI.

Menus and toolbars!

Menus and toolbars!

August 30, 2015

Pwmd and OpenPGP status update

Filed under: projects, pwmd — bjk @ 10:54 am

Work continues making pwmd work with libgpgme. There are a couple of things remaining to do before a release. Mainly, deciding whether to make a tool to import v3.0.x data files then export to OpenPGP. Should the version then be 3.1 or 4.0? Another possibility is to rename the executable to pwmd2 with a version of 1.0 or to fork the project entirely to something new. Also, should there be any beta releases?

The tickets on the SourceForge project page contain other things needing to be done, too.

Pwmd version 3.0.17 released

Filed under: projects, pwmd — bjk @ 10:40 am

This version adds advisory locking for data files via flock(2). Now two instances of pwmd can share the same data file without risk of corruption. This version also reimplements data file ACL support and releases the data file mutex before beginning a data transfer during a command to let other clients aquire the mutex (unless locked explicitly). And a couple bug fixes.

Download it here.

Libpwmd version 7.2.2 released

Filed under: libpwmd, projects — bjk @ 10:35 am

This version fixes key file usage and expands a tilde ~ in the UDS socket parameter of pwmd_connect().

Download it here.

August 8, 2015

libpurple-pwmd plugin repository created

Filed under: libpwmd, projects — bjk @ 9:11 pm

I’ve created a git repository libpurple-pwmd on GitLab. This is a plugin for libpurple (which is bundled with Pidgin) to retrieve account details from pwmd for any instant messaging protocol supported by libpurple. It requires the development version 3.x of Pidgin/libpurple but older and deprecated patches for Pidgin can be found here.

Update git repository paths

Filed under: projects — bjk @ 9:04 pm

I kinda messed up when importing projects from Gitorious to GitLab. Each project was in it’s own group rather than my username. So I’ve moved them to the bjk group. I’ve updated the git repository and ticket/issue links here on WordPress and also on SourceForge.

August 1, 2015

Pwmd version 3.0.16 released

Filed under: projects, pwmd — bjk @ 3:46 pm

This version fixes a nasty bug that prevented opening a saved data file when the key was cached and adds a couple of features and fixes a couple of other minor bugs. See NEWS for details.

Download it here.

April 22, 2015

Pwmd version 3.0.15 released

Filed under: projects, pwmd, security — bjk @ 6:39 pm

This version fixes a couple important security issues. Please change your passphrase for all non-gpg-agent data files. Note that after doing this the data file will not be compatible with previous versions of pwmd.

Download it here.

April 18, 2015

Pwmd and cipher iterations

Filed under: projects, pwmd — bjk @ 7:56 pm

I’m going to change how pwmd 3.0.x handles the “SAVE --cipher-iterations” command. Rather than make the parameter a count of the number of times to encrypt the XML data, it will be more like OpenPGP and to use it as the number of times to re-hash the passphrase that is used to encrypt the XML data.

Since the XML data is always encrypted using a 256-bit cipher key derived from the hash function, no matter the cipher, then it makes sense to spend time hashing the passphrase rather than encrypting the XML data.

The way it is now in pwmd 3.0.x is that an attacker could brute force the passphrase by taking the salt which is stored in the data file header and rehash a dictionary word the default number of times (1000 as it is) then test the hash against the generated hash at attack runtime. An attack like this is unlikely as far as I understand, but this attack may be much quicker than brute forcing the (hashed) 256-bit cipher key used to encrypt the XML even when there are no XML cipher iterations.

« Newer PostsOlder Posts »

Create a free website or blog at