I changed a single bit in the database file, basically to see if there is any authentication. After entering the password PasswordSafe then proceeds to use all the memory and hog the processor. I had to reboot the PC!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
So obviously there is authentication, but the reaction to authentication failure is perhaps a bit too drastic...
Seriously:
1. One of the features added to the 3.x database format is integrity verification of the data. This is done, however, on the plaintext, not the encrypted data.
2. Therefore, a single bit flip on the encrypted data has a good chance of causing a crash. What most likely happened is that you've caused the field containing the size of a record to change into a random (and probably huge) value. The application tried to allocate the Megabytes of memory that would be needed to read such a field, resulting in the "freeze" you saw.
3. Future versions will have more sanity checks on the input, making such crashes less likely.
Thanks,
Rony
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I changed a single bit in the database file, basically to see if there is any authentication. After entering the password PasswordSafe then proceeds to use all the memory and hog the processor. I had to reboot the PC!
So obviously there is authentication, but the reaction to authentication failure is perhaps a bit too drastic...
Seriously:
1. One of the features added to the 3.x database format is integrity verification of the data. This is done, however, on the plaintext, not the encrypted data.
2. Therefore, a single bit flip on the encrypted data has a good chance of causing a crash. What most likely happened is that you've caused the field containing the size of a record to change into a random (and probably huge) value. The application tried to allocate the Megabytes of memory that would be needed to read such a field, resulting in the "freeze" you saw.
3. Future versions will have more sanity checks on the input, making such crashes less likely.
Thanks,