My password manager with chess and poetess. And sync
Hello!
I want to tell you about my small project, which has been done on the sly the last couple of months.
Once upon a time, about a year ago, I needed to somehow remember or write down a rather large amount of confidential information: logins, passwords, all sorts of keys, and so on. Of the available solutions, keepass will satisfy me more or less, but he had one big disadvantage - he cannot synchronize the bases between installations. And I needed the opportunity to reset passwords on the phone and watch them from there.
In the end, it all came just to the text file with passwords :)
But you can do something and your own ...
And then I got the idea of the program with the ability to synchronize with the server. Without further ado, I studied the Internet for the possibility of paranoid encryption of everything and everyone in an identical way for linux, windows and windows mobile (at least) and eventually chose.
Paroler uses:
')
And now we have reached, I hope, the most interesting feature, for the sake of which, in fact, everything was started - synchronization.
Synchronization of the local database with the remote takes place via https, which gives traffic encryption, which is already encrypted. Having the base itself and not knowing the password (we will not take brute force into account, since the responsibility for the password lies with the user) you can only find out the structure, everything else: names, comments, logins, passwords, data, icons - everything is encrypted.
Those. I'm not trying to steal your passwords - they are still encrypted in the database :)
Also, a synchronization algorithm is implemented that allows you to synchronize and not just download the database from a remote server: all changes made on one machine will be made to the database, and only after that changes made from another place will be downloaded. I’ll say right away that I was thinking about collisions, and they should not be, since identifiers are generated rather unique.
As already mentioned, the Paroler is made on Qt, which gives cross-platform. Openssl is used as a tool for encryption, respectively, and all ciphers implemented there. Namely:
Because using modular QCA for encryption, then, theoretically, it will be possible to add more ciphers.
The base itself is made on sqlite, because it gives both acceptable performance and convenience of SQL queries.
Paroler distributed under license GNU GPL v2.
For synchronization, the following properties must match:
I think if the reader has reached this point, he is interested in the interface of Parolera.
First, because I initially did with an emphasis on cross-platform, including on mobile platforms, I tried to reduce the number of interface elements, which led to the almost complete rejection of the buttons :)
Here are the screenshots:
Once again I want to note that this version is not final, there are still quite a lot of bugs in it and from time to time it falls due to not quite good MVC implementation. The version under Windows Mobile generally works one time, since besides my mistakes, there are a lot of bugs in Qt itself.
Obviously, you can not just give the opportunity to synchronize everything and everyone in one database, so the division into accounts is done. But in view of the fact that Paroler is not yet properly debugged (this version is nothing more than beta) and I am a small specialist in the security of web applications, account creation will be manual for the time being.
To get an account, write to me in a personal or jabber and there we will agree.
If someone wants to just test, here are the properties for a demo account:
Actually, links:
Paroler's website is the main website of Parolera, while something like a not quite empty stub.
Paroler for win32
Parler for Windows Mobile (compiled for version WM5.0).
Parolera sources are laid out for everyone to see in order not to be unfounded about the security of your data.
I want to tell you about my small project, which has been done on the sly the last couple of months.
Prehistory
Once upon a time, about a year ago, I needed to somehow remember or write down a rather large amount of confidential information: logins, passwords, all sorts of keys, and so on. Of the available solutions, keepass will satisfy me more or less, but he had one big disadvantage - he cannot synchronize the bases between installations. And I needed the opportunity to reset passwords on the phone and watch them from there.
In the end, it all came just to the text file with passwords :)
But you can do something and your own ...
Let's start
And then I got the idea of the program with the ability to synchronize with the server. Without further ado, I studied the Internet for the possibility of paranoid encryption of everything and everyone in an identical way for linux, windows and windows mobile (at least) and eventually chose.
Paroler uses:
- Qt as a base tool. What version of the minimum - I have no idea, because compiled only with Qt-4.5
- OpenSSL as the main encryption tool.
- QCA as an interlayer for encryption.
- wcecompat for the ability to compile openssl and qca-ossl under windows mobile
')
Synchronization
And now we have reached, I hope, the most interesting feature, for the sake of which, in fact, everything was started - synchronization.
Synchronization of the local database with the remote takes place via https, which gives traffic encryption, which is already encrypted. Having the base itself and not knowing the password (we will not take brute force into account, since the responsibility for the password lies with the user) you can only find out the structure, everything else: names, comments, logins, passwords, data, icons - everything is encrypted.
Those. I'm not trying to steal your passwords - they are still encrypted in the database :)
Also, a synchronization algorithm is implemented that allows you to synchronize and not just download the database from a remote server: all changes made on one machine will be made to the database, and only after that changes made from another place will be downloaded. I’ll say right away that I was thinking about collisions, and they should not be, since identifiers are generated rather unique.
Technical details
As already mentioned, the Paroler is made on Qt, which gives cross-platform. Openssl is used as a tool for encryption, respectively, and all ciphers implemented there. Namely:
Because using modular QCA for encryption, then, theoretically, it will be possible to add more ciphers.
The base itself is made on sqlite, because it gives both acceptable performance and convenience of SQL queries.
Paroler distributed under license GNU GPL v2.
For synchronization, the following properties must match:
- Algorithm, since while it is impossible to distinguish one algorithm from another, this is done so that there is no confusion.
- The encryption password is like an algorithm so that there is no confusion.
- Login to synchronization so that no one gets access to your encrypted data :)
- Sync Password
Screenshots
I think if the reader has reached this point, he is interested in the interface of Parolera.
First, because I initially did with an emphasis on cross-platform, including on mobile platforms, I tried to reduce the number of interface elements, which led to the almost complete rejection of the buttons :)
Here are the screenshots:
For Windows version
For comparison - the Linux version
And the Windows Mobile version
Once again I want to note that this version is not final, there are still quite a lot of bugs in it and from time to time it falls due to not quite good MVC implementation. The version under Windows Mobile generally works one time, since besides my mistakes, there are a lot of bugs in Qt itself.
Accounts
Obviously, you can not just give the opportunity to synchronize everything and everyone in one database, so the division into accounts is done. But in view of the fact that Paroler is not yet properly debugged (this version is nothing more than beta) and I am a small specialist in the security of web applications, account creation will be manual for the time being.
To get an account, write to me in a personal or jabber and there we will agree.
If someone wants to just test, here are the properties for a demo account:
- Algorithm - aes192
- Password - demo
- Login to sync - demo
- Sync password - demo
Actually, links:
Paroler's website is the main website of Parolera, while something like a not quite empty stub.
Paroler for win32
Parler for Windows Mobile (compiled for version WM5.0).
Parolera sources are laid out for everyone to see in order not to be unfounded about the security of your data.
Source: https://habr.com/ru/post/67244/
All Articles