HackerTrans
TopNewTrendsCommentsPastAskShowJobs

firepacket

no profile record

comments

firepacket
·vor 4 Jahren·discuss
Why do you think they say that? Because they really want to help you? You believe that crap if you want, I'll do my own research. SOMEONE has to write it, otherwise where does it come from?
firepacket
·vor 4 Jahren·discuss
It's a real conspiracy. Simple as that.

Google proved they could beat spam around year 2000, but now suddenly they are now letting messages through with headers that a toddler could tell you are fake.

They know it' spam, we all do. But they let it in anyway because there's some secret economic or political dynamic we aren't privy to.
firepacket
·vor 5 Jahren·discuss
My password manager works just like this! It just monitors shared folders and keeps everything in a compressed/32k encoded XML file that you can open with a text editor.

It's 1 file per vault, but multiple people can use the same vault and all are update simultaneously.
firepacket
·vor 5 Jahren·discuss
I believe the most popular password managers have been cracked already, that is why I did a LOT of research and built my own.

It was not easy, but it was fun, and if anyone wants to decrypt my files they have a lot of difficult hurdles to jump through.

Of course, keylogging is easier, but then they still have to run my software or at least seriously read the source code.
firepacket
·vor 5 Jahren·discuss
This is a huge problem.

How do we reliably be sure we are entering credentials in the right place?

I am thinking we need to look at a bunch of different factors, but what?
firepacket
·vor 5 Jahren·discuss
I wrote my own with ridiculous Argon2 requirements (Takes 18 secs to open) combined with PKDF hybrid hashing system. (not chained) and strong AES256 CBC implementation with proper random IVs for each field and correct padding. You can encrypt any kind of data and files, it's encoded as 32k UTF-16 + sig XML losing only 1.3% over binary, but I like text files. Of course, some files come out smaller due to the Gzip compression.

It is Dropbox friendly meaning any change or addition in another person using the same vault in the same directory is automatically updated in all open vaults. This was originally for collaboration. You can have your own private vault too with a unique password, as many as you like. They just end up as XML files. It runs fast as uses databinding, can generate strong passwords, and makes copying/pasting easy. I am having trouble encrypting files over 1GB though.

I take great lengths to protect the key. If the file is open too long, it minimizes and locks, when you open it, it decrypts everything again. As soon as decryption is done, the key is stashed away using ProtectMemory function in the framework. I have done memory dumps to ensure the key is not visible when the app is idle.

Files works differently, Their meta data is encrypted but you are able to checksum then and preview them in memory without the key ever being exposed and the content never touches the disk and is zeroed afterward. You can currently play sound, view pictures, execute files (in memory!) and soon video.

I plan on browser integration by a cross-browser userscript and loopback routing (127.0.0.1) that recognizes when the cursor is in a field specified in the login's metadata. But I am am running into trouble because sites like to randomize the name of the login fields, so I a have to use some reliable heuristic approach.

Does anyone have any ideas on how to deal with that? If I can figure that out, and get video previews working I will open source it.

EDIT: Here's a preview of the app: https://imgur.com/a/rZGPCPZ