[Passwordsafe-devel] Willing to put Password Safe on Palm OS
Popular easy-to-use and secure password manager
Brought to you by:
ronys
From: olan <ol...@fr...> - 2004-12-23 20:20:34
|
Hello I'm new to PWS and to this list, but I needed a password safe and this one seemed nice, so I'm using it now. Now I need to take my passwords with me on my Palm. I am prepared to write a Palm OS version of PWS, complete with desktop= synchronisation. To be more precise, a Palm OS version without synchronization seems pretty= useless to me. I am a Palm OS developer, but not a crytoanalyst, so correct me if I make= any mistakes regarding that area. The development as I see it would involve writing two modules: a) a Conduit which is a DLL responsible for copying the PWS records from= the PC to the Palm, and from the Palm to the PC, as needed. This DLL is called by= HotSync. The records of course would be stored encrypted on the Palm, and they would also be encrypted during the transport to reduce the risk of sniffing. b) a Palm OS application allowing the user to enter his password and display the records, with a timeout just like in the desktop version. I have taken a look at the existing application and it looks like some changes would be necessary in order for the sync to function. 1) You cannot open a file and search the records without having the file's= main password This is a problem because the conduit has to be able to read the records in= order to send them to the Palm; reading them encrypted would be enough though. The conduit should not display a GUI. The filename would be a config= option, and the records would be left encrypted. 2) In order to perform a true mirror sync, we will need to identify which= records have been modified on both sides. This means in every record there has to= be a unique key and a "dirty" flag. I was thinking of using the UUID for the unique key, but the UUID is also= encrypted, so we need something else. The "dirty" flag has to be added. Ideally it would look like : +-----------+------------+------------------+ | dirty 1/0 | UniqueKey1 | encrypted record | | dirty 1/0 | UniqueKey2 | encrypted record | | dirty 1/0 | UniqueKey3 | encrypted record | <=3D best viewed with= fixed-pitch... sorry +-----------+------------+------------------+ So the conduit would know that if the UniqueKey2 record is dirty on the PC, and not dirty on the PDA, it has to be copied from PC to= PDA. On the contrary, if a record say UniqueKey3 is marked dirty on the PDA, and= not on the PC, the user changer it on the PDA and the PC side must be updated. So this looks like pretty extensive changes. Do you all think this is reasonable, the right time for it, etc? Opinions welcome... Olivier Lancelot |