passwordsafe-devel — For developers of Password Safe

[Passwordsafe-devel] Announcing PasswordSafe 3.11

[ronys <ro...@gm...>]

Hi,

This is to announce the release of PasswordSafe version 3.11.

This is a minor release - some annoying bugs have been fixed, some minor
features have been added or improved upon.  
Thanks to DK his work on this release, and to all the folks who reported
bugs and tested pre-release versions.

New Features for 3.11

[1765240] Add "Clear clipboard" item to tray icon context menu.
[1727768] Copy URL to clipboard added to menus (Ctrl+Alt+L).
[1526169] Add more shortcut keys to add/edit dialog.
[] Give user access to Reports from View menu (only in the same directory as
current open database), since more information is being written there.
[] Give user access to the Compare report from the Compare results dialog.
[] New email action allowed in URL field. To be treated as email, the data
must be prefixed by the characters "mailto:". The data following this
corresponds to the '[mailto:]' standard RFC2368.
For example: "in...@ex...?subject=PasswordSafe".
[] Main toolbar can be customized via MS's standard dialog via right click
on this toolbar.
[] Several entries may be "aliased" to a single entry, sharing its password.
See online help for details.

Changes to Existing Features in 3.11

[1815192] The Find function has been re-implemented as a toolbar at bottom
of application.
Button shortcuts: Ctrl+Alt+A = Advanced find,
Ctrl+Alt+S = toggle case Sensitivity, Ctrl+Alt+C = Clear find text
[1790342] Replaced additional key shortcuts for ExpandAll and CollapseAll by
toolbar buttons.  Now there is only one set (the original) of key shortcuts
+ toolbar buttons.
[1756385] The color of the application's system tray icon (when the
application is started and when there's no open database) is now user
configurable, fixing a visibility problem under Vista.
[] Saved string preferences within the database header will not be delimited
by a doublequote if this character is part of the string variable.  An
arbitrary
symbol type character will be used in this case.  If one cannot be found,
the string preference will not be saved in the database.

Bugs fixed in 3.11
==================
[1806201] Non-unique uuids in database now handled correctly.
[1799523] Fix PWS taking a long time saving after XML Import into new DB.
Users who have imported XML into a new database should export again and
re-import after deleting the
<NumberHashIterations>...</NumberHashIterations> entry from the XML file.
[1798588] Users can now change an entry's password with passwords hidden.
[1793224] Copy for expired passwords no longer causes PWS crashes.
[1791482] All preferences stored within the database are now
exported/imported via XML.
[1790286] All String preferences stored within the database are now
correctly read during database open.
[1789983] List View now correct after Group removed.
[1726181] Save of a new database is no longer required to export entries.
[1664219] Autotype now works correctly with '@' in German keyboards, and
non-English keyboards in general.
[1313440] Can new add/edit entries with long group names.
[] Prevent mixed Unicode/ASCII report files and ensure Unicode reports have
BOM as some text editors insist!
[] Disable Rename menu item in List View (only appropriate in Tree View).
[] Disable Tray Minimize/Restore menu items if already Minimized/Visible.
[] Ignore mouse right click not in Tree/List view area.
[] Use the Confirm Delete message even when there is only one child.

The U3 version will be available soon from
http://software.u3.com/Product_Details.aspx?productId=294&Selection=7
(Owners of previous releases of the U3 version are invited to contact me for
an update)

The release may be downloaded from
https://sourceforge.net/project/showfiles.php?group_id=41019&package_id=3316
9&release_id=556357
(http://preview.tinyurl.com/3y66f6)

SHA-1 checksums:  
61f16dd23af46d612d040640539de5c513411fe4 pwsafe-3.11.exe
dd7422c7b729975380056e1147505b7fbec2af11 pwsafe-3.11.msi
18ce457f904076e3cb478bbbbc1df33032a39ca4 pwsafe-3.11-bin.zip
fce505a75f5d207c375ef115215219018031bd82 pwsafe-3.11-src.zip

Note that this release also includes PGP/GPG signature files of the
respective packages. These were signed with my SourceForge account key,
keyid FA175557, key fingerprint = FF77 379D D46D DAA6 6182   B452 1D79 5A91
FA17 5557, available from a PGP keyserver near you (such as
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xFA175557).
 
         Enjoy,
 
                 Rony

[Passwordsafe-devel] Upgrading PasswordSafe license to Artistic License 2.0

[ronys <ro...@gm...>]

Hi,

I'm considering upgrading the license that Passwordsafe is distributed =
under, from the original Artisitc License =
(http://www.opensource.org/licenses/artistic-license.php) to the newer =
version 2.0 of same =
(http://www.opensource.org/licenses/artistic-license-2.0.php).

The main difference, as far as I can tell, is a new provision aimed at =
deterring the use of the package in patent infringement litigation ("If =
you institute patent litigation (including a cross-claim or =
counterclaim) against any party alleging that the Package constitutes =
direct or contributory patent infringement, then this Artistic License =
to you shall terminate on the date that such litigation is filed.").

If anyone has any objections to this change, please let me know.

	Thanks,

		Rony

Re: [Passwordsafe-devel] Semi-automatic update option?

[Karl S. <kar...@ho...>]

Along those lines...

I use sourceforge's built in File Release RSS feed:
http://sourceforge.net/export/rss2_projfiles.php?group_id=41019

or the news feed:
http://sourceforge.net/export/rss2_projnews.php?group_id=41019

It would be pretty easy to add an "Alert me" for new files or news.
My vote would be for "Alert me" off by default.
And have the Alert be configurable "Check once every X days"

You'd have to store locally...Wwhen the last alert was read, and when the 
last (RSS) check occurred.

The only risk is, if the RSS feed changes location.

-Karl



>From: "dk" <dk...@gm...>
>To: <ro...@ac...>, <pas...@li...>
>Subject: Re: [Passwordsafe-devel] Semi-automatic update option?
>Date: Sun, 16 Sep 2007 08:07:53 +0100
>MIME-Version: 1.0
>Received: from lists-outbound.sourceforge.net ([66.35.250.225]) by 
>bay0-mc3-f16.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Sun, 
>16 Sep 2007 00:06:52 -0700
>Received: from sc8-sf-list2-new.sourceforge.net 
>(sc8-sf-list2-new-b.sourceforge.net [10.3.1.94])by 
>sc8-sf-spam2.sourceforge.net (Postfix) with ESMTPid 203D2FCFD; Sun, 16 Sep 
>2007 00:06:52 -0700 (PDT)
>Received: from sc8-sf-mx1-b.sourceforge.net 
>([10.3.1.91]helo=mail.sourceforge.net)by sc8-sf-list2-new.sourceforge.net 
>with esmtp (Exim 4.43)id 1IWoDN-0008FG-3s for 
>pas...@li...;Sun, 16 Sep 2007 00:06:45 -0700
>Received: from ug-out-1314.google.com ([66.249.92.175])by 
>mail.sourceforge.net with esmtp (Exim 4.44) id 1IWoDO-00064r-EKfor 
>pas...@li...;Sun, 16 Sep 2007 00:06:50 -0700
>Received: by ug-out-1314.google.com with SMTP id m2so668168ugefor 
><pas...@li...>;Sun, 16 Sep 2007 00:06:45 -0700 
>(PDT)
>Received: by 10.66.219.2 with SMTP id r2mr5639338ugg.1189926404961;Sun, 16 
>Sep 2007 00:06:44 -0700 (PDT)
>Received: from kelvinhome ( [81.86.114.146])by mx.google.com with ESMTPS id 
>y7sm5899537ugc.2007.09.16.00.06.42(version=SSLv3 cipher=RC4-MD5); Sun, 16 
>Sep 2007 00:06:42 -0700 (PDT)
>X-Message-Delivery: Vj0zLjQuMDt1cz0wO2k9MDtsPTA7YT0w
>X-Message-Info: 
>veEQNzk+IXs3oPcNYI0hjfC2egG0gOhQlnGLSsq3iZ/79V+up8DEX564ejy+7epZXPgi4dXPeAjGMV245k9YLg==
>References: <001e01c7f78d$b84c5c50$0d00640a@LYDIA>
>X-Mailer: Microsoft Office Outlook 11
>Thread-Index: Acf3jQtlyxvFzKV4Sr659p3XzfirMQAoUe4g
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138
>X-Spam-Score: 0.0 (/)
>X-Spam-Report: Spam Filtering performed by sourceforge.net.See 
>http://spamassassin.org/tag/ for more details.Report problems 
>tohttp://sf.net/tracker/?func=add&group_id=1&atid=2000010.0 RCVD_BY_IP      
>        Received by mail server with no name
>X-BeenThere: pas...@li...
>X-Mailman-Version: 2.1.8
>Precedence: list
>List-Id: Develpoment-related issues for the PasswordSafe OS 
>project<passwordsafe-devel.lists.sourceforge.net>
>List-Unsubscribe: 
><https://lists.sourceforge.net/lists/listinfo/passwordsafe-devel>,<mailto:pas...@li...?subject=unsubscribe>
>List-Archive: 
><http://sourceforge.net/mailarchive/forum.php?forum_name=passwordsafe-devel>
>List-Post: <mailto:pas...@li...>
>List-Help: 
><mailto:pas...@li...?subject=help>
>List-Subscribe: 
><https://lists.sourceforge.net/lists/listinfo/passwordsafe-devel>,<mailto:pas...@li...?subject=subscribe>
>Errors-To: pas...@li...
>Return-Path: pas...@li...
>X-OriginalArrivalTime: 16 Sep 2007 07:06:52.0804 (UTC) 
>FILETIME=[28AF3C40:01C7F830]
>
>Actually, I would prefer this wasn't implemented (see PS below) but if it
>were, I am OK with Rony's restrictions and Greg's addition:
>
>".... with an option (disabled by default) to automatically check for
>updates once a week" - although I would make the time period a user
>configurable number of days, weeks or even an option of whenever first
>started on a day.
>
>However, I don't think PWS should either display the URL to be able to
>download it or offer to do so!  The user should just be informed that there
>is a new version and then they can download it as they would normally using
>whatever precautions they want/would normally use.
>
>David
>
>PS.  Personally, I use a free utility from the web called Webmon
>(http://www.btinternet.com/~markwell/webmon/), where I set it up to go 
>check
>for changes at all the sites I am interested it.  I can use it to check
>single sites or all and to specify the exact start & end strings of the
>content to check i.e. latest version number of PWS!
>
>
>-----Original Message-----
>From: pas...@li...
>[mailto:pas...@li...] On Behalf Of 
>ronys
>Sent: 15 September 2007 12:44
>To: pas...@li...
>Subject: [Passwordsafe-devel] Semi-automatic update option?
>
>Hi,
>
>Users have been asking for an automatic update mechanism for PasswordSafe,
>so I've begun thinking on how to implement it:
>
>I've never liked applications that take the liberty of connecting a server
>without asking me, to check for updates and who knows what else. So here's
>how I'd go about it for PasswordSafe:
>
>- The Help->About dialog would have a "check for update" button. This 
>button
>will initiate a connection (described in a minute) IF AND ONLY IF there's 
>no
>"open" database, that is, there's no sensitive data in the application's
>memory. My main worry here is that an attacker can do a man-in-the-middle
>attack and find some kind of exploit (e.g., buffer overflow) to access and
>download sensitive data.
>
>- The update button will open a hardcoded URL, something like
>"https://passwordsafe.sf.net/latest.txt" This will have the version
>information for the latest & greatest, and a URL for downloading it.
>
>- I'm wondering if it's worth adding signature verification capability, so
>that the downloaded version can be verified as authentic. On one hand, this
>is easily subverted if the attacker replaces the victim's original version
>with one that fakes the validity check, on the other hand, if the attacker
>can do this, then the attacker can already do what he wants with the user's
>data, so the validity check is the least of his worries...
>
>I'd be very happy to get comments/criticism/suggestions on the above.
>
>	Cheers,
>
>		Rony
>
>
>-------------------------------------------------------------------------
>This SF.net email is sponsored by: Microsoft Defy all challenges.
>Microsoft(R) Visual Studio 2005.
>http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
>_______________________________________________
>Passwordsafe-devel mailing list
>Pas...@li...
>https://lists.sourceforge.net/lists/listinfo/passwordsafe-devel
>
>
>-------------------------------------------------------------------------
>This SF.net email is sponsored by: Microsoft
>Defy all challenges. Microsoft(R) Visual Studio 2005.
>http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
>_______________________________________________
>Passwordsafe-devel mailing list
>Pas...@li...
>https://lists.sourceforge.net/lists/listinfo/passwordsafe-devel

_________________________________________________________________
A place for moms to take a break! 
http://www.reallivemoms.com?ocid=TXT_TAGHM&loc=us

Re: [Passwordsafe-devel] Semi-automatic update option?

[dk <dk...@gm...>]

Actually, I would prefer this wasn't implemented (see PS below) but if it
were, I am OK with Rony's restrictions and Greg's addition:

".... with an option (disabled by default) to automatically check for
updates once a week" - although I would make the time period a user
configurable number of days, weeks or even an option of whenever first
started on a day.

However, I don't think PWS should either display the URL to be able to
download it or offer to do so!  The user should just be informed that there
is a new version and then they can download it as they would normally using
whatever precautions they want/would normally use.

David

PS.  Personally, I use a free utility from the web called Webmon
(http://www.btinternet.com/~markwell/webmon/), where I set it up to go check
for changes at all the sites I am interested it.  I can use it to check
single sites or all and to specify the exact start & end strings of the
content to check i.e. latest version number of PWS!


-----Original Message-----
From: pas...@li...
[mailto:pas...@li...] On Behalf Of ronys
Sent: 15 September 2007 12:44
To: pas...@li...
Subject: [Passwordsafe-devel] Semi-automatic update option?

Hi,

Users have been asking for an automatic update mechanism for PasswordSafe,
so I've begun thinking on how to implement it:

I've never liked applications that take the liberty of connecting a server
without asking me, to check for updates and who knows what else. So here's
how I'd go about it for PasswordSafe:

- The Help->About dialog would have a "check for update" button. This button
will initiate a connection (described in a minute) IF AND ONLY IF there's no
"open" database, that is, there's no sensitive data in the application's
memory. My main worry here is that an attacker can do a man-in-the-middle
attack and find some kind of exploit (e.g., buffer overflow) to access and
download sensitive data.

- The update button will open a hardcoded URL, something like
"https://passwordsafe.sf.net/latest.txt" This will have the version
information for the latest & greatest, and a URL for downloading it.

- I'm wondering if it's worth adding signature verification capability, so
that the downloaded version can be verified as authentic. On one hand, this
is easily subverted if the attacker replaces the victim's original version
with one that fakes the validity check, on the other hand, if the attacker
can do this, then the attacker can already do what he wants with the user's
data, so the validity check is the least of his worries...

I'd be very happy to get comments/criticism/suggestions on the above.

	Cheers,

		Rony


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft Defy all challenges.
Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Passwordsafe-devel mailing list
Pas...@li...
https://lists.sourceforge.net/lists/listinfo/passwordsafe-devel

Re: [Passwordsafe-devel] Semi-automatic update option?

[Greg T. <Gr...@Th...>]

> Users have been asking for an automatic update mechanism for PasswordSafe, so I've begun thinking on how to implement it:
...
> - The update button will open a hardcoded URL, something like "https://passwordsafe.sf.net/latest.txt" This will have the version information for the latest & greatest, and a URL for downloading it.

a) I'd be happy with an option (disabled by default) to automatically
check for updates once a week.
b) It may be worth adding a signature file located on a completely
independent server somewhere. That way, an attacker has to compromise
two completely different servers (one hosting the compromised
'upgrade', one hosting the signature for it) before they can infect
people

A couple of thoughts, anyway,

Greg

[Passwordsafe-devel] Semi-automatic update option?

[ronys <ro...@gm...>]

Hi,

Users have been asking for an automatic update mechanism for =
PasswordSafe, so I've begun thinking on how to implement it:

I've never liked applications that take the liberty of connecting a =
server without asking me, to check for updates and who knows what else. =
So here's how I'd go about it for PasswordSafe:

- The Help->About dialog would have a "check for update" button. This =
button will initiate a connection (described in a minute) IF AND ONLY IF =
there's no "open" database, that is, there's no sensitive data in the =
application's memory. My main worry here is that an attacker can do a =
man-in-the-middle attack and find some kind of exploit (e.g., buffer =
overflow) to access and download sensitive data.

- The update button will open a hardcoded URL, something like =
"https://passwordsafe.sf.net/latest.txt" This will have the version =
information for the latest & greatest, and a URL for downloading it.

- I'm wondering if it's worth adding signature verification capability, =
so that the downloaded version can be verified as authentic. On one =
hand, this is easily subverted if the attacker replaces the victim's =
original version with one that fakes the validity check, on the other =
hand, if the attacker can do this, then the attacker can already do what =
he wants with the user's data, so the validity check is the least of his =
worries...

I'd be very happy to get comments/criticism/suggestions on the above.

	Cheers,

		Rony

[Passwordsafe-devel] Announcing PasswordSafe 3.10

[ronys <ro...@gm...>]

Hi,

This is to announce the release of PasswordSafe version 3.10.

This is a minor release - some annoying bugs have been fixed, some minor
features have been added or improved upon.  
Thanks to DK his work on this release, and to xenophonf for making the msi
package possible.

Bugs fixed in 3.10

[1757110] Toolbar now correctly disables images according to type of entry
selected and if URL is populated
[1758025, 1759364] '-s' option now works correctly
[] Window's position and size now updated correctly
[1768822] Manage->Options->Password History 'apply' works again.
[] Lock timeout after manual lock no longer saves empty database.
[1754566] State of tree view is now persistent across minimize, lock & save.
[1771357] Timeout timer now reset in all dialog boxes - PasswordSafe will no
longer minimize in the middle of work with an open dialog box.
[1754054, 1754611, 1740704] Items are now fully sorted when "put groups
first in display tree" selected.
[1757298, 1774428, 1609474] Merge no longer loses data
[] Ensure group/title/user combination is unique during text import.
[] During Add/Edit, fields containing only whitespace characters (space,
horzontal tab, vertical tab, carriage return, new line and form feed) are
considered empty fields.
[1751465] Fields containing only whitespace or whitespace between double
quotes are now treated as empty during plain text import.
[1783905] Read-only status maintained after unlocking a database.
[1782407] Export to text file now includes "title", if selected.
[1734220] XML Export line of Notes fields containing CRLF now works
correctly. The default delimeter has been made the same as for Export to a
Text file
[1632634] Compare no longer changes database settings when the databases are
identical.

New Features for 3.10

[1752896] Add ability to edit an entry's notes field using user's default
text editor via right click on Notes field.
[1750010] Drag&Drop between databases now supported.
[1517048] PasswordSafe can now be installed as an msi package (Windows
installer). This allows site administrators to 'push' PasswordSafe to client
machines with group policy. Thanks to xenophonf.
[1751484] Errors detected while merging or importing a text file are now
described in detail in a log file.

The U3 version will be available soon from
http://software.u3.com/Product_Details.aspx?productId=294&Selection=7
(Owners of previous releases of the U3 version are invited to contact me for
an update)

The release may be downloaded from
https://sourceforge.net/project/showfiles.php?group_id=41019&package_id=3316
9&release_id=536612
(http://preview.tinyurl.com/2fvhuf)
 
SHA-1 checksums:  
f2fbe5423fc8b406b7add64a790758a2cd38c872 *pwsafe-3.10.exe
b83b90a3fb0b03c0bc03e4c012cbf4e049bb8e0d *pwsafe-3.10.msi
c9c98e2cb9aa0c916cb70cde86a0962a13683802 *pwsafe-3.10-bin.zip
ed731da0e5b1658b123e22466ace8719e6bbb477 *pwsafe-3.10-src.zip

Note that this release also includes PGP/GPG signature files of the
respective packages. These were signed with my SourceForge account key,
keyid FA175557, key fingerprint = FF77 379D D46D DAA6 6182   B452 1D79 5A91
FA17 5557, available from a PGP keyserver near you (such as
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xFA175557).
 
         Enjoy,
 
                 Rony

Re: [Passwordsafe-devel] enhanced find

[ronys <ro...@gm...>]

Hi Nigel,

This is definitely a case where "et al" deserves all the credit,
specifically c-273 (a.k.a. dk).

	Cheers,

		Rony

-----Original Message-----
From: pas...@li...
[mailto:pas...@li...] On Behalf Of Nigel
Pentland
Sent: Thursday, August 09, 2007 9:38 PM
To: pas...@li...
Subject: [Passwordsafe-devel] enhanced find

Rony et al,

Just wanted to say well done for the new advanced find.  At first I thought
this looked good, but the more I use it the more I realise just how good. 
One of those little, 'I don't know how I managed without it' little
features.

So many thanks,  Nigel... 


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
Passwordsafe-devel mailing list
Pas...@li...
https://lists.sourceforge.net/lists/listinfo/passwordsafe-devel

[Passwordsafe-devel] enhanced find

[Nigel P. <ni...@ni...>]

Rony et al,

Just wanted to say well done for the new advanced find.  At first I thought 
this looked good, but the more I use it the more I realise just how good. 
One of those little, 'I don't know how I managed without it' little 
features.

So many thanks,  Nigel... 

[Passwordsafe-devel] Announcing PasswordSafe 3.09

[ronys <ro...@gm...>]

Hi,

This is to announce the release of PasswordSafe version 3.09.

This is a minor release - some annoying bugs have been fixed, some minor
features have been added or improved upon.  
Thanks to DK his work on this release, zcecil for his fix, and to the folks
who tested pre-release versions, especially mycroft237.

Bugs fixed in 3.09

[1748665] Number of passwords to remember (password history) can now be set
to more than 99 by typing rather than only by spinbox.
[] A note on possible problems with the autotype functionality and some 3rd
party popup-blockers. Thanks to mrttoo for the heads-up.
[] Protect user from losing entries in case of non-unique uuids in read
database. 
[] Compare fixed so that 'X' indicating differences are in the correct
columns and data copied to clipboard ends in CRLF not just LF
[1739364] Window location issue fixed
[1620423, 1754189] Focus on search text in Find Dialog - thank to zcecil for
the fix for this one. 
[1738477, 1630400] A version for Windows98 is now installed by the installer
on machines running Windows98. This version is NOT part of
the binaries in the zip file.
[] The installer will detect and notify the user if attempts to install on
an unsupported version of Windows (95 & ME).
[1735290] Configuration file works with non-ASCII user and host names.
[1733911] File mode encryption/decryption (-d/-e) works again
[1743706] Fix random showing of user and passwords if started in silent
mode.
[] Fix Edit and View in main menu not being reset after open after close
[1727871] Found items remain highlighted if another entry selected - note
that found items now ddisplayed in bold font rather than highlighted.
[1728612] Column sort arrows, in Flattened List mode, correctly removed
[1728945] Importing a subset of text data now fixed
[1728945, 1741787] Version 2.x databases now read correctly
[1733740] '-s' option no longer causes sporadic display of passwords in tree
view.
[1752318] Fixed duplicate/mislabeled columns problem in list view

New Features for 3.09

[1739979] Add URL column to flattened list
[1732198] It's now possible to override the username and hostname used to
load and store preferences, as well as specify an alternate preferences
file, via new command line options.
[] Implement "Advanced" option for Find
[1751451] Add extra warning when deleting entire group, including the number
of entries that will be deleted.

Changes to Existing Features in 3.09

[1732163] Date/time displayed throughout in the users "Short Date" format.

The U3 version will be available soon from
http://software.u3.com/Product_Details.aspx?productId=294&Selection=7
(Owners of the U3 version are invited to contact me for an update)

The release may be downloaded from
https://sourceforge.net/project/showfiles.php?group_id=41019&package_id=3316
9&release_id=523268
(http://preview.tinyurl.com/2zg9gt)
 
SHA-1 checksums:  
4ee448c758d5608acc0803fc1c9ef029acdddf25 pwsafe-3.09.exe
8f136947a83273cf3f014ec99bfe28878a27282e pwsafe-3.09-bin.zip
c28b44c7fca2e5ff4b8b5297ee4925b7cec5b791 pwsafe-3.09-src.zip


Note that this release also includes PGP/GPG signature files of the
respective packages. These were signed with my SourceForge account key,
keyid FA175557, key fingerprint = FF77 379D D46D DAA6 6182   B452 1D79 5A91
FA17 5557, available from a PGP keyserver near you (such as
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xFA175557).
 
         Enjoy,
 
                 Rony

Re: [Passwordsafe-devel] PasswordSafe format 0x0302 description

[Wolfgang K. <91...@gm...>]

I have seen through 3.02 definition and made editions to some points 
which I offer in attachment. Please  make use of it as you find worth 
(you may have to see it in a compare-text tool).

dk wrote:
> I have at least 2 problems with this:
>
> 1. The "Who performed last save" (0x05) and "Last saved by user" (0x07) +
> "Last saved on host" (0x08)
>
> Maintaining consistency between field 5 and fields 7 + 8 is impossible.
> Take this scenario:
>
>   
I agree and have edited some changes. Basically the requirement to 
maintain the old field should be dropped for the new format (and 
recommended for format 3.01). Instead, the new format should erase this 
field on encounter.
> 2. The "Timestamp of last save" (0x04)
>
> [...]  My concern is what V3.08 and prior versions will do
> when they come across a time_t field which is too short.  Will they be well
> behaved?  It needs testing. It may not be a problem.  Also, by using the
> length field for the decision on how to process, then this field cannot be
> migrated to 64-bit time sometime in the future without introducing 0x0400.
>
>   
The very correct procedure would be to deprecate this field as well, but 
I don't suggest it. - Instead my word is: Ignore the problem! This is 
because this field can be expected to be purely informative and has no 
bearing on algorithms. Second, any application has to be prepared for 
invalid field contents without going berserk or crashing. Given that, 
the worst outcome is a false time value in this place. I could live with 
it (actually my programs never used format 3.01).

Regards
- Wolfgang
>
>
>
>   

Re: [Passwordsafe-devel] PasswordSafe format 0x0302 description

[dk <dk...@gm...>]

I have at least 2 problems with this:

1. The "Who performed last save" (0x05) and "Last saved by user" (0x07) +
"Last saved on host" (0x08)

Maintaining consistency between field 5 and fields 7 + 8 is impossible.
Take this scenario:
a. UserA/HostA creates and saves a database using 3.08 and format 0x0301.
Only field 5 is in the header.
b. UserB/HostB opens this database using 3.09 and saves it using format
0x0302.  It writes fields 7 & 8 and could write field 5 should it want -
assume it does.
c. UserA/HostA re-opens and re-saves this database again using 3.08 and
format 0x0301.  It ignores, but re-writes, fields 7 & 8 as being "unknown"
and only updates field 5 is in the header.

Now field 5 = UserA/HostA; field 7 =UserB and field 8 = HostB.

These are inconsistent and will be so when read using format 0x0302.

2. The "Timestamp of last save" (0x04)

It is correct that PWS V3.08 and earlier do not conform to format 0x0301 in
that they store this value as 8 hexadecimal characters rather than time_t (4
bytes).  I hope it will be true that V3.09, and later, using format 0x0302
will process this field correctly - it ,suggested that this is based on the
length field (8 or 4).  My concern is what V3.08 and prior versions will do
when they come across a time_t field which is too short.  Will they be well
behaved?  It needs testing. It may not be a problem.  Also, by using the
length field for the decision on how to process, then this field cannot be
migrated to 64-bit time sometime in the future without introducing 0x0400.

David


-----Original Message-----
From: pas...@li...
[mailto:pas...@li...] On Behalf Of ronys
Sent: 09 July 2007 14:32
To: pas...@li...
Subject: [Passwordsafe-devel] PasswordSafe format 0x0302 description

Hi,

Please find in
http://passwordsafe.svn.sourceforge.net/viewvc/passwordsafe/trunk/pwsafe/pws
afe/docs/formatV3.txt?revision=1551&view=markup

(http://tinyurl.com/38pckm)

A new version of the file format description, based on discussions on this
list.

Main changes:

- Introduction rewritten.
- Clarification regarding field order (only constraint is that last field is
of type END).
- Clarification regarding Text representation (UTF-8 unless explicitly
stated otherwise).
- Note regarding misrepresentation of header timestamp as an 8 byte ASCII
string.
- Deprecation of header field "Who performed last save" (0x05), replaced by
"last saved by user" and "last saved on host" (0x07, 0x08).
- Addition of database name and database description header fields
- Added a section on extensibility, (a) recommended handling of unknown
fields, (b) defining application-specific range of type identifiers,
guaranteed to be unassigned by the "official" format description.

I believe I've addressed all the issues that have been discussed on this
list regarding the format. Please let me know if you find any error, or if
you see any major difficulty in implementing the format as specified.

	Cheers,

		Rony


-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express Download DB2 Express C - the
FREE version of DB2 express and take control of your XML. No limits. Just
data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Passwordsafe-devel mailing list
Pas...@li...
https://lists.sourceforge.net/lists/listinfo/passwordsafe-devel

[Passwordsafe-devel] PasswordSafe format 0x0302 description

[ronys <ro...@gm...>]

Hi,

Please find in
http://passwordsafe.svn.sourceforge.net/viewvc/passwordsafe/trunk/pwsafe/pws
afe/docs/formatV3.txt?revision=1551&view=markup

(http://tinyurl.com/38pckm)

A new version of the file format description, based on discussions on this
list.

Main changes:

- Introduction rewritten.
- Clarification regarding field order (only constraint is that last field is
of type END).
- Clarification regarding Text representation (UTF-8 unless explicitly
stated otherwise).
- Note regarding misrepresentation of header timestamp as an 8 byte ASCII
string.
- Deprecation of header field "Who performed last save" (0x05), replaced by
"last saved by user" and "last saved on host" (0x07, 0x08).
- Addition of database name and database description header fields
- Added a section on extensibility, (a) recommended handling of unknown
fields, (b) defining application-specific range of type identifiers,
guaranteed to be unassigned by the "official" format description.

I believe I've addressed all the issues that have been discussed on this
list regarding the format. Please let me know if you find any error, or if
you see any major difficulty in implementing the format as specified.

	Cheers,

		Rony

Re: [Passwordsafe-devel] PWSafe for Symbian

[Steffen R. <ste...@st...>]

Hi all,

Jammu Kekkonen wrote:
> I'm looking into porting password safe into Symbian platform.

I'm afraid your chances with this effort won't be particularly good...

Trying to port pwsafe v3 to PocketPC (again), I discovered that there
are a lot of MS-specifics in the sources. This starts with certain
macros, "proprietary" data types and functions and culminates in using
Microsoft's MFC. This is more or less ok for PocketPC, but I doubt that
it can be ported to Symbian with reasonable effort.

Probably you're better off when you look for other implementation of the
pwsafe file format - there are some in Java and one or two scripting
languages.

Well, I hope you haven't lost you motivation entirely now. Maybe it's
better than running against a wall later on...

> I'd be happy to get some discussion going about which Symbian version should 
> I start to work with, what features would people perhaps like to see and so 
> forth.

Hmm, I never had a Symbian device - no opinion from me.

Cheers,

Steffen

[Passwordsafe-devel] Format 3.02 ?

[Wolfgang K. <91...@gm...>]

Hello

Could we get done with the definition of format 3.02? At least I'ld like 
to have those points fixed which were brought up already, in particular 
the new header fields. I am preparing a next release of JPasswords and 
have to decide what format I am addressing and where to place the new 
header fields.

Regards
- Wolfgang

[Passwordsafe-devel] [ 1728906 ] Migrating 2.11 to 3.08

[Dudley F. <gr...@us...>]

All,
I am having the same issues as the people described in this support 
issue: 
https://sourceforge.net/tracker/index.php?func=detail&aid=1728906&group_id=41019&atid=429580

I looked for a way to upload a sample file to the website, but was 
unable to figure it out. I am attaching a dummy password file created 
with version 2.07.	

The password is dummy.

I hope it is ok that I sent it to this list. If you have any follow 
up questions or need me to create another sample database, then 
please don't to hesitate to ask. Also for a faster response you can 
email me at my gmail account, the user name is dudley.fox.

Sincerely,
Dudley Fox

[Passwordsafe-devel] PWSafe for Symbian

[Jammu K. <jam...@ho...>]

Hi

I'm looking into porting password safe into Symbian platform.

I'd be happy to get some discussion going about which Symbian version should 
I start to work with, what features would people perhaps like to see and so 
forth.

Of course, I'd be more than happy to get some help too! Specially I'll need 
help in testing on different phones and freeware application signing, but 
those won't be really needed any time soon :)

In addition to this list, you can reach me with messenger using this 
address.

- Jammu

_________________________________________________________________
Juttuja, vinkkejä, löytöjä. VISA auttaa löytämään nautinnon jokaisesta 
päivästä. http://loveeveryday.msn.com/?mkt=fi

[Passwordsafe-devel] Announcing PasswordSafe 3.08

[ronys <ro...@gm...>]

Hi,

This is to announce the release of PasswordSafe version 3.08.

This is a minor release - some annoying bugs have been fixed, some minor
features have been added or improved upon.  
Thanks to DK his work on this release, and to the folks who tested the
pre-release version.  
 
The U3 version will be available soon from
http://software.u3.com/Product_Details.aspx?productId=294&Selection=7 
(Owners of the U3 version are invited to contact me for an update)

Bugs fixed in 3.08
==================
[1709992, 1692662, 1678711, 1651392, 1626671, 1604806] Non-English text in
databases fully supported.
[1691048] Import text file with blank lines or missing fields will no longer
crash application.
[1688994] Although rename is not possible in read-only mode, this change
prevents F2 giving the user the feel that they can.
[1693395] Now Minimize takes precedence over "Always on Top" during Autotype
[1695991] File type Compare now has .bak & .ibak suffixes
[] Fix issue if PWS is maximized/minimized/then restored
[1701508] Entry times no longer written out if not set
[1702623] Compare now shows correct filenames
[] Fix problem with remembering Tree state on restore after minimize
[1678527] Line delimiter now works during import of plain text
[1708099] Default saved username, now shows in new entry
[1709418] Cancel after Lock Safe from system tray now does Right Thing
[] More stringent checking during tree "edit in-place" to prevent DB
corruption
[1721031] Notes field with lots of text now stays in position when focus
lost
[] Allow Notes field to be Imported from text file even if it is not
enclosed in double quotes
[1721009] Can now Import into a new database after closing previous database
[1723936] Expiry date format is now in the user's Short Date format

New Features for 3.08
=====================
[1695446] It's possible to specify command line parameters for Alternate
Browser; e.g. "-new-tab" for Firefox. This allows fine control of whether or
not to open a new browser or not.
[] Implement "Advanced" option for Exporting in XML format (as per Export in
Text format) and for when comparing databases.
[1695968] "Advanced" option now available to improve Merge operation
[1711524] "Show username in display tree" display option
[] Maintain unknown fields in the database header and records when saving
database, for compatability with future versions as well as clones.

The release may be downloaded from
https://sourceforge.net/project/showfiles.php?group_id=41019&package_id=3316
9&release_id=512116
(http://preview.tinyurl.com/2fspza)
 
SHA-1 checksums:  
f91d485c6f50c60532ea0ec8673e3e8c6e60ee62 pwsafe-3.08.exe
8e0a204a23037c845f4f14d2ca1097399a89349a pwsafe-3.08-bin.zip
d5d521288aa99d20599b858bdc72d60906012b53 pwsafe-3.08-src.zip

Note that this release also includes PGP/GPG signature files of the
respective packages. These were signed with my SourceForge account key,
keyid FA175557, key fingerprint = FF77 379D D46D DAA6 6182   B452 1D79 5A91
FA17 5557, available from a PGP keyserver near you (such as
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xFA175557).
 
         Enjoy,
 
                 Rony

Re: [Passwordsafe-devel] [wcelibcex-devel] Compatibility of MIT License and ArtisticLicense

[Mateusz L. <ma...@lo...>]

ronys wrote:
> Hi,
> 
> As I understand the MIT license it should be possible to incorporate this
> project into the PasswordSafe source tree, providing:
> 1. The code is in a directory of it's own
> 2. PasswordSafe's README.txt file & credits.html states that the PPC version
> incorporates code from this projext, along with the license terms
> 3. Files with modifications to the original be clearly marked as modified.
> 
> Of course, it would be best to get the project owner's explicit permission.

Rony,

I think your understanding is correct but it needs a few comments.

Here is IMO one of best and short explanation of what MIT license
allows to do with the project:

http://www.crystalclearsoftware.com/cgi-bin/boost_wiki/wiki.pl?Boost_License/MIT_License

Summarizing:
- you are allowed copy, use and modify the WCELIBCEX for any use
- you're required to preserve license/copyright notice in all copies of
WCELIBCEX files


Cheers
-- 
Mateusz Loskot
http://mateusz.loskot.net

[Passwordsafe-devel] PasswordSafe 3.08 pre-release

[ronys <ro...@gm...>]

Hi,

I've just uploaded a pre-release of the next version of PasswordSafe, and
would appreciate any inputs from the PasswordSafe user and developer
community, before I "officially" release it, hopefully in a few days. This
version has fixes and new features implemented by DK and myself.

This release is a full unicode build, meaning that non-English data should
be stored and displayed correctly.

3.08 (1461) may be downloaded from
http://passwordsafe.sf.net/tmp/pwsafe-3.08-1461-bin.zip (zip file with
executable and related files) or
http://passwordsafe.sf.net/tmp/pwsafe-3.08-1461.exe (self-extracting
installation)


SHA1 hashes:
e305dfae13ad2980f0674889009b8af3a3c0b8a8 *pwsafe-3.08-1461-bin.zip
501b106187fe76ef9e9481e7ca85ccdc4602fdd3 *pwsafe-3.08-1461.exe

(gpg signature files are also available from the same url - just add ".sig"
to the above urls.)


Thanks for your help,

	Rony

Release Notes for 3.08 (1461):

Bugs fixed in 3.08
==================
[1709992, 1692662, 1678711, 1651392, 1626671] Non-English text in databases
fully supported.
[1691048] Import text file with blank lines or missing fields will no longer
crash application.
[1688994] Although rename is not possible in read-only mode, this change
prevents F2 giving the user the feel that they can.
[1693395] Now Minimize takes precedence over "Always on Top" during Autotype
[1695991] File type Compare now has .bak & .ibak suffixes
[Open Discussion] Fix issue if PWS is maximized/minimized/then restored
[1701508] Entry times no longer written out if not set
[1702623] Compare now shows correct filenames
[] Fix problem with remembering Tree state on restore after minimize
[1678527] Line delimiter now works during import of plain text
[1708099] Default saved username, now shows in new entry
[1709418] Cancel after Lock Safe from system tray now does Right Thing
[] More stringent checking during tree "edit in-place" to prevent DB
corruption
[1721031] Notes field with lots of text now stays in position when focus
lost
[Open Discussion] Allow Notes field to be Imported from text file even if it
is not enclosed in double quotes
[1721009] Can now Import into a new database after closing previous database
[1723936] Expiry date format is now in the user's Short Date format

New Features for 3.08
=====================
[1695446] It's possible to specify command line parameters for Alternate
Browser; e.g. "-new-tab" for Firefox. This allows fine control of whether or
not to open a new browser or not.
[] Implement "Advanced" option for Exporting in XML format (as per Export in
Text format) and for when comparing databases.
[1695968] "Advanced" option now available to improve Merge operation
[1711524] "Show username in display tree" display option
[] Maintain unknown fields in the database header and records when saving
database, for compatability with future versions as well as clones.

Re: [Passwordsafe-devel] Format Tests

[dk <dk...@gm...>]

Wolfgang,

Re: "Simplicity I" - say header field 0x05 (currently "nnnnu....uh....h") in
V3.01 is changed to "u...u" in V3.02 as we have previously seemed to agree,
then if I already know that we are at version 3.02 I won't try and use the
first 4 characters as the user length field.  I know that length checking
etc/ would catch this - but why make it difficult for ourselves?

The alternative is that, in V3.02, header 0x05 is not used and two new
fields are used for user and host respectively.  The only personal objection
I have is that I don't like gaps in the range of used fields (i.e. in V3.02,
and later, header 0x05 will never be used).

David

PS. I quite like the concept of "Private", "Approved", "World" - although I
would use "Assigned" rather than "Approved" as "Approved" means that PWS
approves of another applications usage/ownership.

PPS.  Whilst a hash table is good, (IMO) it is not necessary with the small
number of fields we have.  A simple switch/case construct is sufficient.



-----Original Message-----
From: pas...@li...
[mailto:pas...@li...] On Behalf Of
Wolfgang Keller
Sent: 24 May 2007 07:39
To: pas...@li...
Subject: Re: [Passwordsafe-devel] Format Tests

Thanks for the clearifying words, David!

Something about your further points:

(Simplicity I)
I don't see a point in having any specific field first because of the
following context. The most "natural" data structure used to hold the list
during runtime is a hashtable. Hashtables have random ordering when they are
made to serialize. (The end-marker 0xff is not part of the content but just
a meta-tag on the file!) a) There is no necessity to demand extra program
logic to bring out the 0x00 field first and the rest trailing. b) The "sound
and simple" algorithm dealing with field lists would take two steps: 1 -
reading in the entire list (purely
formal) and 2 - interpreting fields. This advocates to forget all about
field ordering.

(Tolerance II)
My idea was to create 3 realms of field types which mean 3 levels of "formal
and semantical jurisdication", so to say. I fully agree there must be a
range which is completely secluded for the PWS project. I have seen 0x00 -
0x3f fitting. These are 64 fields and should do the job for a while. (I
don't mind if it is some numbers larger.) Let's call it the PWS-HOME (or
pws-private) range.

Then there is a second range from 0x40 to 0x7f (or some other range), let's
call it PWS-APPROVED (or  pws-protected). The fields there are formally
administered by the PWS project but they are given away to approved pws-like
other projects for their own and private purposes. 
This means PWS is just holding a list of reservations but does not control
any semantical aspects of those fields. The advantage for "approved"
projects is that they enjoy a level of protection against random destruction
if any "rest-of-the-world" project should be  using extra fields.

The third level is WORLD and ranges 0x80 to 0xfe (or some other range). 
It is meant for projects and experiments which never perk a head in the
discussion lists. This range is not controlled by PWS at all, but a
recommendation can be given out for applications to perform data-marking  in
order to verify the property of any read fields.

Regards
- Wolfgang

dk wrote:
> Wolfgang,
>
> Honest - I am really not intending to cause any "unnecessary 
> obstacles".  I apologise if my posts appear so - that was not the 
> intent - probably my use of the English Language.  I value other people's
contributions and ideas.
> The more the better.
>
> Nothing I have said in these posts is fixed - they are only my current 
> opinion and could easily change.  Rony is the final arbiter and there 
> is no guarantee that he will pick my view, your view or anyone else's; 
> that is why I have asked for a "draft specification" for the next and 
> future formats so they can be discussed more widely.
>
> I have put my answers in the body of your message below prefixed by ">>>".
>
> Regards,
>
> David
>
>
>   
>   

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express Download DB2 Express C - the
FREE version of DB2 express and take control of your XML. No limits. Just
data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Passwordsafe-devel mailing list
Pas...@li...
https://lists.sourceforge.net/lists/listinfo/passwordsafe-devel

Re: [Passwordsafe-devel] Format Tests

[Wolfgang K. <91...@gm...>]

Thanks for the clearifying words, David!

Something about your further points:

(Simplicity I) 
I don't see a point in having any specific field first because of the 
following context. The most "natural" data structure used to hold the 
list during runtime is a hashtable. Hashtables have random ordering when 
they are made to serialize. (The end-marker 0xff is not part of the 
content but just a meta-tag on the file!) a) There is no necessity to 
demand extra program logic to bring out the 0x00 field first and the 
rest trailing. b) The "sound and simple" algorithm dealing with field 
lists would take two steps: 1 - reading in the entire list (purely 
formal) and 2 - interpreting fields. This advocates to forget all about 
field ordering.

(Tolerance II)
My idea was to create 3 realms of field types which mean 3 levels of 
"formal and semantical jurisdication", so to say. I fully agree there 
must be a range which is completely secluded for the PWS project. I have 
seen 0x00 - 0x3f fitting. These are 64 fields and should do the job for 
a while. (I don't mind if it is some numbers larger.) Let's call it the 
PWS-HOME (or pws-private) range.

Then there is a second range from 0x40 to 0x7f (or some other range), 
let's call it PWS-APPROVED (or  pws-protected). The fields there are 
formally administered by the PWS project but they are given away to 
approved pws-like other projects for their own and private purposes. 
This means PWS is just holding a list of reservations but does not 
control any semantical aspects of those fields. The advantage for 
"approved" projects is that they enjoy a level of protection against 
random destruction if any "rest-of-the-world" project should be  using 
extra fields.

The third level is WORLD and ranges 0x80 to 0xfe (or some other range). 
It is meant for projects and experiments which never perk a head in the 
discussion lists. This range is not controlled by PWS at all, but a 
recommendation can be given out for applications to perform 
data-marking  in order to verify the property of any read fields.

Regards
- Wolfgang

dk wrote:
> Wolfgang,
>
> Honest - I am really not intending to cause any "unnecessary obstacles".  I
> apologise if my posts appear so - that was not the intent - probably my use
> of the English Language.  I value other people's contributions and ideas.
> The more the better.
>
> Nothing I have said in these posts is fixed - they are only my current
> opinion and could easily change.  Rony is the final arbiter and there is no
> guarantee that he will pick my view, your view or anyone else's; that is why
> I have asked for a "draft specification" for the next and future formats so
> they can be discussed more widely.
>
> I have put my answers in the body of your message below prefixed by ">>>".
>
> Regards,
>
> David
>
>
>   
>   

Re: [Passwordsafe-devel] Format Tests

[dk <dk...@gm...>]

Wolfgang,

Honest - I am really not intending to cause any "unnecessary obstacles".  I
apologise if my posts appear so - that was not the intent - probably my use
of the English Language.  I value other people's contributions and ideas.
The more the better.

Nothing I have said in these posts is fixed - they are only my current
opinion and could easily change.  Rony is the final arbiter and there is no
guarantee that he will pick my view, your view or anyone else's; that is why
I have asked for a "draft specification" for the next and future formats so
they can be discussed more widely.

I have put my answers in the body of your message below prefixed by ">>>".

Regards,

David


-----Original Message-----
From: pas...@li...
[mailto:pas...@li...] On Behalf Of
Wolfgang Keller
Sent: 21 May 2007 20:24
To: pas...@li...
Subject: Re: [Passwordsafe-devel] Format Tests

David,

from some of your recent posts I have been wondering whether you are causing
unnecessary obstacles, but then again I'm not sure. Let me say that if you
don't like the idea of cooperation, just say a word and I'm backing off. - I
regard my contributions here as offers to the benefit of the PWS file
format. I'm not doing this to please the PWS project or its people but for
the sake of a community, whether big or small, who might be using this file
format under various applications and possibly various purposes. - It is my
believe that all users and all PWS applications will benefit from an open
and effective file format regulation, providing the means for as little
loss/friction as possible when files are cross-used among several PWS
applications or various historical software versions.

>>> I agree in open discussion and sharing of views to the betterment of
PWS.

It is my believe, hence, that the format definition should be a) as simple
as possible, b) as tolerant as possible. In this light I'ld comment on some
of your recent points:

i)  (Simplicity I) no sequence prescriptions in any field arrays! The format
definition should make it explicit that both header field list and record
field list must be fully apprehended in random type sequence of its fields.
Any ordering prescriptions might cause problems in applications and is a
superfluous source of errors. There is no algorithmic necessity for any
ordering (with the exception of the list terminating field 0xff).

>>> I agree in most cases except the Version, which I think should come
first, and the EOF, which must come last.  Whilst there is no "algorithmic
necessity for any ordering", from a coding perspective, it is much nicer if
you know the header version before you start processing the header fields
than half way through.

ii)  (Simplicity II) no complex field structures where possible; so I
support suggestion to create 2 fields for "Last operator" and "Last host
(computer)"

>>> At least we can agree on this! ;-)

iii) (Tolerance I) the most simple and effective rule here is that a PWS
application should preserve unknown fields when saving a file, regardless of
their place and value, i.e. no two-class support depending on type ranges or
the record/header distiction. Anything else I regard as over-protective
(protect what exactly?) and again forseeably - but hopefully not
deliberately - causing problems.

>>> Again I agree and have coded this in the latest revision of PWS for both
unknown saving header and record fields (the latter being stored encrypted
in memory whereas the header fields are considered OK as clear text).  One
point here, you say your current application is Format V3.01 compliant and
yet the record time fields are 8 bytes long when the format specifies only
4.  It may well be the case, as I have explained, that it works OK today
with the release version of PWS but it may not in future and isn't
compliant.  That is not to say that a future version (V3.02?) might specify
that this field can be either 4 or 8 bytes long - it just doesn't in V3.01.

iv)  (Tolerance II) as a compensation for openness there must exist a
regulation to devide usage of field types. The simple 0x7f boundary does the
job as already described and secures a wide range of fields for the world of
PWS only. I personally have seen a second boundary at 0x3f; above it and
below 0x7f could be a range for "approved PWS applications" 
(well, I don't like the word "clones" any more because mutual feature copy
is already in full swing). Specific type values would be given out to these
application once they need them. This has the advantage that these approved
applications share a protected zone and could refer to the "rest of the
world" as "using above 0x7f types". I walk from the assumption here that 64
field types will provide for many more decades of development of the
(native) PWS program. - (The second boundary is an add-on and the system
also works without it.)

>>> I am not sure I understand this paragraph.  The 0x7f was a 'suggestion'
for the boundary in both the Header and individual records.  I don't mind if
it is 0x3f or 0xcf or any other 'nice' boundary.  Personally, I would not
like it less than 0x3f, although I can't think of what other fields we could
want in the header or records - but I am sure someone can!

That's how I've seen it,
- Wolfgang

dk wrote:
> Wolfgang,
>
> I have replied to your Support Request as I had some difficulties with 
> the time fields in the records and header.
>
> However, on further tracing, I see that the order in which you write 
> the header records seems to be in the inverse of their type value.  
> There is nothing in the "FormatVn.txt" file to say this is wrong.  
> However, I would like the format changed to mandate that the version 
> number (record type
> 0x00) is *always* the first field in the header.
>
> Regards,
>
> David
>
>
>
>   

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express Download DB2 Express C - the
FREE version of DB2 express and take control of your XML. No limits. Just
data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Passwordsafe-devel mailing list
Pas...@li...
https://lists.sourceforge.net/lists/listinfo/passwordsafe-devel

Re: [Passwordsafe-devel] Format Tests

[Wolfgang K. <91...@gm...>]

David,

from some of your recent posts I have been wondering whether you are 
causing unnecessary obstacles, but then again I'm not sure. Let me say 
that if you don't like the idea of cooperation, just say a word and I'm 
backing off. - I regard my contributions here as offers to the benefit 
of the PWS file format. I'm not doing this to please the PWS project or 
its people but for the sake of a community, whether big or small, who 
might be using this file format under various applications and possibly 
various purposes. - It is my believe that all users and all PWS 
applications will benefit from an open and effective file format 
regulation, providing the means for as little loss/friction as possible 
when files are cross-used among several PWS applications or various 
historical software versions.

It is my believe, hence, that the format definition should be a) as 
simple as possible, b) as tolerant as possible. In this light I'ld 
comment on some of your recent points:

i)  (Simplicity I) no sequence prescriptions in any field arrays! The 
format definition should make it explicit that both header field list 
and record field list must be fully apprehended in random type sequence 
of its fields. Any ordering prescriptions might cause problems in 
applications and is a superfluous source of errors. There is no 
algorithmic necessity for any ordering (with the exception of the list 
terminating field 0xff).

ii)  (Simplicity II) no complex field structures where possible; so I 
support suggestion to create 2 fields for "Last operator" and "Last host 
(computer)"

iii) (Tolerance I) the most simple and effective rule here is that a PWS 
application should preserve unknown fields when saving a file, 
regardless of their place and value, i.e. no two-class support depending 
on type ranges or the record/header distiction. Anything else I regard 
as over-protective (protect what exactly?) and again forseeably - but 
hopefully not deliberately - causing problems.

iv)  (Tolerance II) as a compensation for openness there must exist a  
regulation to devide usage of field types. The simple 0x7f boundary does 
the job as already described and secures a wide range of fields for the 
world of PWS only. I personally have seen a second boundary at 0x3f; 
above it and below 0x7f could be a range for "approved PWS applications" 
(well, I don't like the word "clones" any more because mutual feature 
copy is already in full swing). Specific type values would be given out 
to these application once they need them. This has the advantage that 
these approved applications share a protected zone and could refer to 
the "rest of the world" as "using above 0x7f types". I walk from the 
assumption here that 64 field types will provide for many more decades 
of development of the (native) PWS program. - (The second boundary is an 
add-on and the system also works without it.)

That's how I've seen it,
- Wolfgang

dk wrote:
> Wolfgang,
>
> I have replied to your Support Request as I had some difficulties with the
> time fields in the records and header.
>
> However, on further tracing, I see that the order in which you write the
> header records seems to be in the inverse of their type value.  There is
> nothing in the "FormatVn.txt" file to say this is wrong.  However, I would
> like the format changed to mandate that the version number (record type
> 0x00) is *always* the first field in the header.
>
> Regards,
>
> David
>
>
>
>   

Re: [Passwordsafe-devel] Format Tests

[dk <dk...@gm...>]

Wolfgang,

I have replied to your Support Request as I had some difficulties with the
time fields in the records and header.

However, on further tracing, I see that the order in which you write the
header records seems to be in the inverse of their type value.  There is
nothing in the "FormatVn.txt" file to say this is wrong.  However, I would
like the format changed to mandate that the version number (record type
0x00) is *always* the first field in the header.

Regards,

David


-----Original Message-----
From: dk 
Sent: 19 May 2007 09:09
To: Wolfgang Keller; pas...@li...
Cc: dk
Subject: RE: [Passwordsafe-devel] Format Tests

Oh and I forgot to mention...

I think the range (header and entry) 0x00-0x7f [and 0xff = end of record]
should be reserved for PWS.  Any not currently used should be "reserved for
future use".  PWS should maintain (but otherwise not modify) any in the
range 0x80-0xfe. It is the responsibility of any application that uses any
fields in this range to determine if it is theirs or another application's
and process accordingly.

The "Golden Source" for any field on PWS's range of 0x00-0x7f is the PWS
project (currently a document named "FormatVnn.txt").

David

-----Original Message-----
From: dk
Sent: 18 May 2007 23:07
To: Wolfgang Keller; pas...@li...
Subject: RE: [Passwordsafe-devel] Format Tests

Wolfgang,

You knew that "d" would not get fixed until V3.02 - so it should be no
surprise that it is as said before = 8 hex digits.

Same goes for "e" since they are not in the V3.01 definition.

It is my view that in V3.02 (when/if it is released):
a. Header 05 (currently nnnnu....uh....h) becomes only u....u (standard text
format) b. Header 07 becomes the h....h from current 05 (standard text
format) c. Either 04 gets re-used as binary time_t or it is ignored and
Header 08 become time_t d. Your "07" and "08" then get implemented as
"08/09" or "09/0a" (hex)

I have suggested to Rony that a draft specification is released for
discussion.  There is no urgency to change the format this minute.  A full
discussion should be had and those interested in the format given a
reasonable period to respond.

Regards,

David


-----Original Message-----
From: pas...@li...
[mailto:pas...@li...] On Behalf Of
Wolfgang Keller
Sent: 18 May 2007 10:50
To: pas...@li...
Subject: [Passwordsafe-devel] Format Tests

Hello

I have tested Rony's 03.07.03 test file of 15 May  and found:
(Not tested header 05 (user) as I'm not supporting it.)

a) text format ok
b) UUID preservation ok
c) ITER preservation ok
-->> d) header 04 (save time) still not as binary integer!
-->> e) header 07 and 08 not supported (preserved)

What is more, I have posted a file into "Support Requests" created by JPWS
in the intended format version 3.02. You might find it useful for testing.
The password to open it is "123456" (excellent!).

- Wolfgang



-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express Download DB2 Express C - the
FREE version of DB2 express and take control of your XML. No limits. Just
data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Passwordsafe-devel mailing list
Pas...@li...
https://lists.sourceforge.net/lists/listinfo/passwordsafe-devel