Re: [Passwordsafe-devel] PasswordSafe format 0x0302 description

[Wolfgang K. <91...@gm...>]

I have seen through 3.02 definition and made editions to some points 
which I offer in attachment. Please  make use of it as you find worth 
(you may have to see it in a compare-text tool).

dk wrote:
> I have at least 2 problems with this:
>
> 1. The "Who performed last save" (0x05) and "Last saved by user" (0x07) +
> "Last saved on host" (0x08)
>
> Maintaining consistency between field 5 and fields 7 + 8 is impossible.
> Take this scenario:
>
>   
I agree and have edited some changes. Basically the requirement to 
maintain the old field should be dropped for the new format (and 
recommended for format 3.01). Instead, the new format should erase this 
field on encounter.
> 2. The "Timestamp of last save" (0x04)
>
> [...]  My concern is what V3.08 and prior versions will do
> when they come across a time_t field which is too short.  Will they be well
> behaved?  It needs testing. It may not be a problem.  Also, by using the
> length field for the decision on how to process, then this field cannot be
> migrated to 64-bit time sometime in the future without introducing 0x0400.
>
>   
The very correct procedure would be to deprecate this field as well, but 
I don't suggest it. - Instead my word is: Ignore the problem! This is 
because this field can be expected to be purely informative and has no 
bearing on algorithms. Second, any application has to be prepared for 
invalid field contents without going berserk or crashing. Given that, 
the worst outcome is a false time value in this place. I could live with 
it (actually my programs never used format 3.01).

Regards
- Wolfgang
>
>
>
>