Author Topic: Edition Request with its own Feature Requests  (Read 11653 times)

Offline thibros

  • Full Member
  • ***
  • Posts: 107
Edition Request with its own Feature Requests
« on: May 07, 2006, 06:25:03 PM »
I would like editions as stand alone product for PocketPC and also for the Symbian operating systems, most common are Series 60 (third edition coming now) and Series 80 (the communicator). I don't mind if someone wants to do Palm as well, of course.  

These editions should have following features:
- it keeps a list of frequently used URLs
- it keeps its master password in memory (and stored encrypted in a file) but to use the program, one must unlock it with movements of the cursor (stuff like: UP UP DOWN LEFT RIGHT UP UP ENTER), wich are set up like a local password. Entering this three times wrong will also open the program, but clear the master password. (All this is for easy of use, because the master password is usually hard to input on such a small device.)
- import of settings through rdf file
- import of settings from ftp-server

There's probably more that could be done, but this would be nice for a start.  

Of course, I'm not expecting anyone to actually do this now, this will probably go directly to the bottom in any priority list. But if something like this would exist, especially for smart phones, in my opinion PasswordMaker would get many more users (and contributors).

BTW, so far I didn't yet get any browser on PocketPC WME2003 SE to work with the JavaScript version. Are there any known workarounds?

I really love PasswordMaker, it makes me feels good. Thank you everyone.



Offline morguns

  • Moderator
  • *****
  • Posts: 145
Edition Request with its own Feature Requests
« Reply #1 on: May 07, 2006, 11:16:21 PM »
Quote
BTW, so far I didn't yet get any browser on PocketPC WME2003 SE to work with the JavaScript version. Are there any known workarounds?
i got the online version to work on a couple of blackberries and palm treos. my memory isn't so good, however, so i don't remember the exact models.

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Edition Request with its own Feature Requests
« Reply #2 on: May 07, 2006, 11:44:44 PM »
The Mobile Edition works on almost every modern mobile platform. It doesn't have the niceties you requested, though.

Offline thibros

  • Full Member
  • ***
  • Posts: 107
Edition Request with its own Feature Requests
« Reply #3 on: May 08, 2006, 07:15:02 PM »
Quote from: Eric H. Jung
The Mobile Edition works on almost every modern mobile platform. It doesn't have the niceties you requested, though.
PLUS that mobile edition needs an internet connection, and it calculates the password on the server and sends it to the device, so it would be best to use a SSL connection and my own server. Else I'd also have to trust everyone with access to the server, that nothing is logged.    Not an ideal situation.

I've always wanted to do some programming again, especially for PocketPC and Symbian S60. Just a basic interface would be enough, for the beginning, I suppose. (Like the widget). Is there any C++ code available? On the other hand, I'll probably have a busy summerm so I can't promise anything.

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Edition Request with its own Feature Requests
« Reply #4 on: May 08, 2006, 07:22:26 PM »
Quote
it calculates the password on the server and sends it to the device, so it would be best to use a SSL connection and my own server.
For what it's worth, you can download the mobile edition and run on your own server (with or without SSL). Check the download section.

Quote
Is there any C++ code available?
Yes, and Java, too. The CLI edition is written in C++, and there is a Java stand-alone edition which is 90-95% complete.

Offline Miquel 'Fire' Burns

  • Administrator
  • *****
  • Posts: 1157
  • Programmer
Edition Request with its own Feature Requests
« Reply #5 on: May 08, 2006, 07:26:09 PM »
Not sure if the code base is small enough when you consider using either SpiderMonkey or mHash on those devices, but the Command-Line edition is C++.

BTW, please come back and report something if you make any progress in getting the C++ code to work, or just need some help.

BTW, I really wish we had access to a SSL server for the mobile edition.
"I'm not drunk, just sleep deprived."

Offline thibros

  • Full Member
  • ***
  • Posts: 107
Edition Request with its own Feature Requests
« Reply #6 on: May 09, 2006, 10:38:11 PM »
Quote from: miquelfire
BTW, please come back and report something if you make any progress in getting the C++ code to work, or just need some help.
Don't worry, I will. But before I would start any actual coding, I'd first have to set up the environment, read up about Symbian developement (my last bigger work was for the EPOC OS on a PSION, probably unknown to everyone here, but great device.  ), and get a "Hello World" working. Then I can worry about implementing any algorithms (btw, MD5 and SHA-1 are implemented in Symbian, I wonder if it'd be efficient to use them.)

Quote
BTW, I really wish we had access to a SSL server for the mobile edition.
I have my own server, and I uploaded the mobile edition: https://h5071.serverkompetenz.net/passwordmaker/mobile.xhtml and I don't mind anyone using it, but the certificate is not generally trusted (self-issued), and you cannot be sure that I don't log the activity there, so I can't advertise it and it really is at everyone's own risk. Btw, my shortcut is m.thibros.com

If there'd be a way to proof that the script is untempered, I'm willing to cooperate, of course, and everyone may use that page. But opening all the relevant locations to the public would be too big a security risk, I suppose. There just isn't a perfect way to handling passwords over the net.

If you ever need other uses of a server, feel free to contact me.

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Edition Request with its own Feature Requests
« Reply #7 on: May 10, 2006, 02:09:00 AM »
Quote
If there'd be a way to proof that the script is untempered, I'm willing to cooperate, of course, and everyone may use that page. But opening all the relevant locations to the public would be too big a security risk, I suppose. There just isn't a perfect way to handling passwords over the net.
We used to have our own trusted SSL certificate. Then we moved to SourceForge.net and they don't support SSL certificates

Quote
If you ever need other uses of a server, feel free to contact me.
Many thanks. Please hang out in the IRC channel if you get a chance. I've not been there lately because of IRC client problems, but it has been an active place in the past. Is it still? Anyone?

Offline Miquel 'Fire' Burns

  • Administrator
  • *****
  • Posts: 1157
  • Programmer
Edition Request with its own Feature Requests
« Reply #8 on: May 10, 2006, 03:00:29 AM »
I'm the only one in there right now
"I'm not drunk, just sleep deprived."

Offline thibros

  • Full Member
  • ***
  • Posts: 107
Edition Request with its own Feature Requests
« Reply #9 on: May 10, 2006, 08:50:14 PM »
Quote from: Eric H. Jung
We used to have our own trusted SSL certificate. Then we moved to SourceForge.net and they don't support SSL certificates
SSL is only half the deal, you also have to trust everyone with access to the server. The best deal is to have your own server, and hope it doesn't get hacked.
Quote
Many thanks. Please hang out in the IRC channel if you get a chance. I've not been there lately because of IRC client problems, but it has been an active place in the past. Is it still? Anyone?
I used to chat with IRC and IM when I was younger, nowadays I rather take my time to formulate my thoughts. I don't mind if it's for a reason, though, so I'll try to drop by from time to time. Also, I'm ahead of your time, sitting in a Finnish forest, so we may not always meet.
Quote
...but the Command-Line edition is C++
I took a look at the source code, and the hashing code is either in javascript, depending on spidermonkey (js32.dll), and I'm not sure that's easily portable. Or it uses mhash, whose source code I got from source forge (it's written in C), but what about the incompability with HMAC-SHA256? Is it because of version 0.9.6???

I feel like I know nothing yet.

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Edition Request with its own Feature Requests
« Reply #10 on: May 10, 2006, 10:47:03 PM »
Quote
I took a look at the source code, and the hashing code is either in javascript, depending on spidermonkey (js32.dll), and I'm not sure that's easily portable. Or it uses mhash, whose source code I got from source forge (it's written in C)
Yes, but you can use any library which has hashing algorithms because the algorithms are standard. For instance, BouncyCastle makes such a library for Java and .NET (C#). Some languages even come with hashing support natively or in a cryptography extension/add-on.

Quote
but what about the incompability with HMAC-SHA256? Is it because of version 0.9.6???
No, this is because of a bug in the PasswordMaker Firefox edition's implementation of the HMAC-SHA256 algorithm. It's easy to fix, but fixing it will change the password of everyone who uses HMAC-SHA256. So I need to provide backwards support for the "buggy" version in addition to the fixed version. This is what has been keeping me from doing it so far, although it shouldn't take more than a couple days. I wouldn't worry about supporting the buggy version of HMAC-SHA256 since it will eventually disappear anyway.
« Last Edit: May 10, 2006, 10:47:47 PM by Eric H. Jung »

PasswordMaker Forums

Edition Request with its own Feature Requests
« Reply #10 on: May 10, 2006, 10:47:03 PM »