webOS Nation Forums >  Homebrew >  webOS Homebrew Apps > Keyring - Easy password management
Keyring - Easy password management
  Reply
Like Tree4Likes

 
Thread Tools Display Modes
Old 09/28/2009, 07:10 PM   #41 (permalink)
Member
 
krid's Avatar
 
Posts: 117
I've gotten some reports of problems with version 0.0.3, with webOS 1.1 and 1.2. Hold off on installing it until I can try to reproduce them.
__________________
Author of Keyring for webOS - Easy password management on your phone

Get Keyring :: Keyring website :: Keyring desktop client :: Keyring bugs :: Desktop client bugs

Like what I've done with Keyring? Hire me!
krid is offline   Reply With Quote
Old 09/29/2009, 03:17 AM   #42 (permalink)
Member
 
krid's Avatar
 
Posts: 117
Version 0.0.4 uploaded. Get it now.

There were a few unpleasant bugs in 0.0.3. I knew I hadn't done enough testing, but I went ahead with the release anyways. Stupid. Well, they're fixed now, and I tested this one a lot more thoroughly.

All kinds of thanks to John Ferraro, who sent me three separate emails about the problems he had. All of them were pleasant and informative, despite the fact that he lost data because of my mistakes. His patience and good information really helped me solve the problems quickly.
__________________
Author of Keyring for webOS - Easy password management on your phone

Get Keyring :: Keyring website :: Keyring desktop client :: Keyring bugs :: Desktop client bugs

Like what I've done with Keyring? Hire me!
krid is offline   Reply With Quote
Thanked By: StarDestroyer
Old 09/29/2009, 09:28 AM   #43 (permalink)
Member
 
Posts: 41
Having the password prompt at startup and a way to get data from KeyPass and I think this would be one awesome app. Unlike others here, I especially like the fact that this is open source.

Perhaps the KeyPass export can somehow be handled in a similar method to the simple-cgi.py ... if I understand that correctly. KeyPass could just dump a file to a location where this CGI (or some other script) feeds it to the phone OTA. Or something like that.
StarDestroyer is offline   Reply With Quote
Old 10/01/2009, 08:59 AM   #44 (permalink)
Member
 
voltageROCK's Avatar
 
Posts: 795
I have a couple concerns with this app:

First of all, I think the concept of this is wonderful. I started to use this app and loved how it asked for a password at a preset time just to enter or access the prgram. Mine was 30 seconds.

As I started to enter my info, I realized that although this app requires a password, I can't continue to use it. It is awesome to have all of your info in your phone.

But, what happens if your phone is lost or stolen? I certainly do not feel comfortable in the security of this app to keep that info from someone who can hack right into it. Then, every bit of private info of mine would be compromised.

Also, what if this info can be transmitted without us knowing right back to anyone else who can figure out how to do that?

So after loving this app and beginning to enter my info, I then decided to delete it without hesitation.

My question now is, as I really want to use this app again!, what does happen if we lose our Pre's? Is there a way to remotely wipe out all of the info?
__________________
I am equivalent to a man dammit.
voltageROCK is offline   Reply With Quote
Old 10/01/2009, 09:18 AM   #45 (permalink)
Member
 
Posts: 8
This morning I attempted to enter a new bit of info into Keyring and it keeps telling me my password is incorrect? I KNOW it's the correct password, b/c I also use it for most of my other apps. It's a four-letter password. Why would it suddenly not be working? How to get around this? Is there a "password reminder" option?
awhiteprevis is offline   Reply With Quote
Old 10/01/2009, 11:26 AM   #46 (permalink)
Member
 
kuoirad's Avatar
 
Posts: 204
Krid:

Very intrigued by this app, and wanted to run a couple feature requests by you - one which has already been aired here, and one which hasn't.

I currently use Secret! on my 700P, and love the paradigm of it basically being an encrypted memo pad. It's excellent for allowing me to keep password lists for the systems I'm responsible for at work (sysadmin for an academic department at a major state university). Is keyring able to expand to include that sort of idea? I would love to not have to rely on running Secret! in Classic until Linkesoft gets their hands on some WebOS hardware and figures out whether or not they can port to WebOS.

Additionally, please let me put in another "vote" for having to enter a "master password" on app launch - better security, IMO.

Thanks for your attention.
kuoirad is offline   Reply With Quote
Old 10/01/2009, 11:45 PM   #47 (permalink)
Member
 
Posts: 41
Quote:
Originally Posted by awhiteprevis View Post
This morning I attempted to enter a new bit of info into Keyring and it keeps telling me my password is incorrect? I KNOW it's the correct password, b/c I also use it for most of my other apps. It's a four-letter password. Why would it suddenly not be working? How to get around this? Is there a "password reminder" option?
I just noticed I'm having the same problem. I'm not sure when the last time I used Keyring was, but it was probably before one of the updates.

Interestingly, at first after closing the program while the password entry area was still open it would sometimes give me the Welcome screen on next program run and ask me to enter a new master password, and sometimes it wouldn't. Now it consistently asks me to enter a new master password, but it always (early on and now) just sits there after I enter a password (twice) and hit the Ok button, and doesn't do anything else after that.

Any ideas?
edhkim is offline   Reply With Quote
Old 10/02/2009, 08:35 AM   #48 (permalink)
Member
 
Posts: 8
Quote:
Originally Posted by edhkim View Post
I just noticed I'm having the same problem. I'm not sure when the last time I used Keyring was, but it was probably before one of the updates.

Interestingly, at first after closing the program while the password entry area was still open it would sometimes give me the Welcome screen on next program run and ask me to enter a new master password, and sometimes it wouldn't. Now it consistently asks me to enter a new master password, but it always (early on and now) just sits there after I enter a password (twice) and hit the Ok button, and doesn't do anything else after that.

Any ideas?
EDHKIM, I just tried this as well, closing the program while the password entry screen was still on, and I had the exact same error as you. I was prompted to enter a new Master Password, then, after doing so, the program froze up. I have closed and reopened now numerous times, and the same thing happens. I have even less entry to my information than before. I am tempted to delete Keyring and reinstall, but now I am nervous that any future webOS updates will cause a freeze in the program; the purpose of inputting my info is so that I *don't* have to write it down somewhere else as well in case of a freeze. I am out of ideas too.
awhiteprevis is offline   Reply With Quote
Old 10/03/2009, 12:15 AM   #49 (permalink)
Member
 
krid's Avatar
 
Posts: 117
I think I know why Keyring is popping up the "Welcome" dialog -- it looks like there's a timing issue. It works fine every time on the emulator, but only some of the time on the phone -- and since I keep Keyring running all the time, I didn't hit the bug on my phone. I tried dismissing the app and restarting it repeatedly, and I got the welcome screen about 1 out of 3 times. It should be an easy fix, and I'll have a go at it this weekend.

In the mean time, if you get the welcome screen when you don't expect it, just dismiss the app and restart it. It may work better with fewer apps open, or with more, I haven't had time to really delve into it.

Sorry I didn't reply sooner, but I'd set my preferences to email me whenever there was a post to the forum, and it emailed me once, and then ignored the next five posts. I started a new job in September, so I was concentrating on work and not checking the forum.
__________________
Author of Keyring for webOS - Easy password management on your phone

Get Keyring :: Keyring website :: Keyring desktop client :: Keyring bugs :: Desktop client bugs

Like what I've done with Keyring? Hire me!
krid is offline   Reply With Quote
Old 10/03/2009, 12:22 AM   #50 (permalink)
Member
 
krid's Avatar
 
Posts: 117
Quote:
Originally Posted by voltageROCK View Post
I have a couple concerns with this app:
... what happens if your phone is lost or stolen? I certainly do not feel comfortable in the security of this app to keep that info from someone who can hack right into it.
Keyring stores the data in a securely encrypted format. The title and date attributes of each item are plaintext, but the username, password and url fields are encrypted (using the well-regarded Blowfish algorithm). Furthermore, it only decrypts a single item at a time, and it doesn't store your master password anywhere (in fact, I don't keep it in memory either).

If someone steals your phone, all they will have access to is a blob of encrypted data that looks like this:

...0HhToNDV6EAfG+JOphDZslgZFEeNPWdCvqlVKfY3G9OhjJF5PpsV7um4E7UnyfL
lLh2PltDPo9miV3f80s8G/w+zsaTIChGjVRL7RXmGLHDE+vDxUxMDjZZtiEzUYm1nZ
Tv2+Au7qY6JPYjxSsZ1mbZiqv11Mu+1bWFcbujou4ZFzuxxwv5dhnfGNbmWBAHk
Od9vDOySJjPX8Awk+e9tvKj6c...

So long as they don't have your master password, that's all they'll get.
__________________
Author of Keyring for webOS - Easy password management on your phone

Get Keyring :: Keyring website :: Keyring desktop client :: Keyring bugs :: Desktop client bugs

Like what I've done with Keyring? Hire me!
krid is offline   Reply With Quote
Old 10/03/2009, 12:32 AM   #51 (permalink)
Member
 
krid's Avatar
 
Posts: 117
Quote:
Originally Posted by kuoirad View Post
I currently use Secret! on my 700P, and love the paradigm of it basically being an encrypted memo pad.
Secure memo (notes-only items) is on my list of upcoming features. Categories will come first, since more folks have been asking for that.

Quote:
Additionally, please let me put in another "vote" for having to enter a "master password" on app launch - better security, IMO.
I guess I'm going to have to implement this. The easy way would be to just pop up a password dialog when the app starts. The better way would be to actually encrypt the entire db (titles, dates, category names, etc.). However, that would require a bunch of extra work.

Would it be "good enough" to leave the stuff that's currently stored in plaintext as is, and have the app-launch password just deny UI access to the data, or do y'all want it to be really and truly secure (and thus slower and more susceptible to bugs and the like)? In the former, someone who stole your phone or hacked in over the network could read the titles of the items. In the latter, they'd get nothing but an encrypted blob (well, that and the salt).
__________________
Author of Keyring for webOS - Easy password management on your phone

Get Keyring :: Keyring website :: Keyring desktop client :: Keyring bugs :: Desktop client bugs

Like what I've done with Keyring? Hire me!
krid is offline   Reply With Quote
Old 10/04/2009, 10:07 PM   #52 (permalink)
Member
 
Posts: 46
Any update on the repeated saying "invalid password" when you are certain the password you are entering is correct...?
Cohens is offline   Reply With Quote
Old 10/05/2009, 01:05 AM   #53 (permalink)
Member
 
krid's Avatar
 
Posts: 117
Version 0.0.5 hot off the IDE. Fixes the "enter a new Master Password" bug, adds the option to require password at launch (it fell out of the fix for the big bug), along with various other bug fixes and features. Get it now from the Homebrew Gallery.

Hopefully I can get to categories next weekend. This whole "paying job during the week" thing is really cramping my style.
__________________
Author of Keyring for webOS - Easy password management on your phone

Get Keyring :: Keyring website :: Keyring desktop client :: Keyring bugs :: Desktop client bugs

Like what I've done with Keyring? Hire me!
krid is offline   Reply With Quote
Old 10/05/2009, 01:08 AM   #54 (permalink)
Member
 
krid's Avatar
 
Posts: 117
Quote:
Originally Posted by Cohens View Post
Any update on the repeated saying "invalid password" when you are certain the password you are entering is correct...?
I hope that 0.0.5 will fix it. If it doesn't, uhh, PM me and I'll see if I can think of anything. If you can get to the help scene, check and see if there's a link at the top that says "Show Errors". If there is, click it, and let me know what it says.
__________________
Author of Keyring for webOS - Easy password management on your phone

Get Keyring :: Keyring website :: Keyring desktop client :: Keyring bugs :: Desktop client bugs

Like what I've done with Keyring? Hire me!
krid is offline   Reply With Quote
Thanked By: Cohens
Old 10/05/2009, 11:01 AM   #55 (permalink)
Member
 
kuoirad's Avatar
 
Posts: 204
Quote:
Originally Posted by krid View Post
Secure memo (notes-only items) is on my list of upcoming features. Categories will come first, since more folks have been asking for that.
Fair enough, but immensely good to know that it's on your list.


Quote:
I guess I'm going to have to implement this. The easy way would be to just pop up a password dialog when the app starts. The better way would be to actually encrypt the entire db (titles, dates, category names, etc.). However, that would require a bunch of extra work.

Would it be "good enough" to leave the stuff that's currently stored in plaintext as is, and have the app-launch password just deny UI access to the data, or do y'all want it to be really and truly secure (and thus slower and more susceptible to bugs and the like)? In the former, someone who stole your phone or hacked in over the network could read the titles of the items. In the latter, they'd get nothing but an encrypted blob (well, that and the salt).
It's your time, but I would opine that at least for now put a "input password on launch" and work towards a fully-encrypted db, which it seems that you've done.

I would definitely vote for this program to be fully secure if it can be done well. But I'm a paranoid one - especially since I'd be putting password lists for work into the database once secure memo is implemented.

Thanks for the responses, krid - they're much appreciated.

Cheers,
Dario
kuoirad is offline   Reply With Quote
Old 10/05/2009, 12:08 PM   #56 (permalink)
Member
 
jaytee's Avatar
 
Posts: 1,388
downloaded 0.5 and can't start it up. I get :

template load failed: loading/new-password-dialog.html
jaytee is offline   Reply With Quote
Old 10/05/2009, 12:19 PM   #57 (permalink)
Member
 
krid's Avatar
 
Posts: 117
Quote:
Originally Posted by jaytee View Post
downloaded 0.5 and can't start it up. I get :
template load failed: loading/new-password-dialog.html
Wow, that was sure a dumb bug. Thanks for reporting it.

I just rolled an 0.0.6 release. It's uploaded already; it should show up on File Coaster later today, but you can d/l it directly from the URL.

I guess the next "feature" is going have to be a test suite. it's getting too hard to test all the nooks and crannies of the app manually.
__________________
Author of Keyring for webOS - Easy password management on your phone

Get Keyring :: Keyring website :: Keyring desktop client :: Keyring bugs :: Desktop client bugs

Like what I've done with Keyring? Hire me!
krid is offline   Reply With Quote
Old 10/06/2009, 04:33 AM   #58 (permalink)
Member
 
Posts: 46
It was still saying invalid password after updating. I deleted and re-installed it and it works fine now... If it happens again I'll PM you.
Cohens is offline   Reply With Quote
Old 10/06/2009, 08:02 AM   #59 (permalink)
Member
 
jaytee's Avatar
 
Posts: 1,388
any hope of importing in a format that gnukeyring can export? (I'm thinking a flat csv type file)
jaytee is offline   Reply With Quote
Old 10/06/2009, 12:41 PM   #60 (permalink)
Member
 
voltageROCK's Avatar
 
Posts: 795
Quote:
Originally Posted by krid View Post
Keyring stores the data in a securely encrypted format. The title and date attributes of each item are plaintext, but the username, password and url fields are encrypted (using the well-regarded Blowfish algorithm). Furthermore, it only decrypts a single item at a time, and it doesn't store your master password anywhere (in fact, I don't keep it in memory either).

If someone steals your phone, all they will have access to is a blob of encrypted data that looks like this:

...0HhToNDV6EAfG+JOphDZslgZFEeNPWdCvqlVKfY3G9OhjJF5PpsV7um4E7UnyfL
lLh2PltDPo9miV3f80s8G/w+zsaTIChGjVRL7RXmGLHDE+vDxUxMDjZZtiEzUYm1nZ
Tv2+Au7qY6JPYjxSsZ1mbZiqv11Mu+1bWFcbujou4ZFzuxxwv5dhnfGNbmWBAHk
Od9vDOySJjPX8Awk+e9tvKj6c...

So long as they don't have your master password, that's all they'll get.
Well, that is very nice to know! Thanks!
I think I will give it a shot again...

thanks
voltageROCK is offline   Reply With Quote
Reply

 

Thread Tools
Display Modes



 


Content Relevant URLs by vBSEO 3.6.0