RE: [Passwordsafe-devel] why binary format for v2?
Popular easy-to-use and secure password manager
Brought to you by:
ronys
From: Graham U. <gr...@fl...> - 2003-07-31 04:45:03
|
Quite likely I'm missing something here, but my opinion is that XML won't work for our data storage unless the XML schema is in cleartext for the XML parser. I'll leave the discussion of whether or not that is desirable to others. When I implemented a private XML version of PWSafe some time ago I discovered several things. First, XML doubled the size of the database. Second, as expected, XML eliminated any problems with changing records, fields, etc. Third, all data searches took significantly longer than without XML. Fourth, when exploring a totally-encrypted database (including XML schema) I could not prevent the entire database from existing in memory in the clear in certain situations. The nature of my XML parser was such that if the desired record was at the end of the database all previously parsed data was in the clear. One idea I had for our project was exposing blocks of the database (including XML schema) one at a time to the Expat stream parser. However, I believe that anything it has already seen remains (and must remain) visible. I am hoping someone can show me that I am mistaken. Graham > -----Original Message----- > From: pas...@li... > [mailto:pas...@li...]On Behalf Of Rony > Shapiro > Sent: Wednesday, July 30, 2003 11:10 PM > To: PasswordSafe Developers > Subject: RE: [Passwordsafe-devel] why binary format for v2? > > > Hm. > > Expat certainly seems worth a look! I'll probably download it over the > weekend to play with. > > Anyone else care to look into this? > > A key requirement for any XML-based implementation would be to keep the > encryption properties of the current version. Specifically, at no time > should the entire database be present in unencrypted form in memory. > > I would also think that the entire database should be encrypted. That is, > the XML schema should not be in cleartext, with only the feild values > encrypted, but I'm open to arguments on this. > > Comments, anyone? > > Rony > > > From: Maurice Aubrey [mailto:ma...@re...] > > Sent: Wed, 30 Jul 2003 10:16 > > To: ro...@us... > > Cc: pas...@li... > > Subject: Re: [Passwordsafe-devel] why binary format for v2? > > > > > > Hi Rony. > > > > Rony Shapiro wrote: > > > Thanks for your comments. Indeed, XML has some very attractive > > features as > > a > > > basis for an extensible database such as PasswordSafe's. We've > > considered > > it > > > and even played with a working version at one stage. > > > > > > The showstopper was the unavailability of an XML parser that could be > > > incorporated in an Open Source project. The working version was > > based on a > > > product that explicitly prohibited republishing the source, and > > a request > > to > > > the company providing the code was politely but firmly refused. > > > > > > For the details, see Graham Ullrich's post to this list dated > 2003-04-30 > > > https://sourceforge.net/mailarchive/message.php?msg_id=4458975 and the > > > thread that follows. > > > > Thanks. > > > > > If you can find an open source XML parser that we can icorporate in > > > PasswordSafe's code base, I'd be happy to open the issue for > > consideration > > > (there were a couple of other points with the specific > > implementation, but > > I > > > think they could've been resolved). > > > > I didn't see Expat mentioned in that thread. > > > > http://expat.sourceforge.net/ > > > > It's in C but there are C++ wrappers for it > > and it seems to be very portable. > > > > Maurice > > > > > > > > ------------------------------------------------------- > This SF.Net email sponsored by: Free pre-built ASP.NET sites including > Data Reports, E-commerce, Portals, and Forums are available now. > Download today and enter to win an XBOX or Visual Studio .NET. > http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072 > 303_01/01 > _______________________________________________ > Passwordsafe-devel mailing list > Pas...@li... > https://lists.sourceforge.net/lists/listinfo/passwordsafe-devel > > |