Update README.md

This commit is contained in:
Grégory Soutadé 2013-10-16 18:50:12 +02:00
parent a994074db0
commit 8901d0083a

View File

@ -9,7 +9,7 @@ Everyday we have a lot of passwords to manage corresponding to a lot of accounts
* Password are not very strong
* We use them for multiple accounts
The best way to avoid these errors is to have a unique strong password for each account. gPass helps to reach this goal : you keep a subset of passwords and for each login/password tuple you chose, gPass returns the real password by querying a password server.
The best way to avoid these errors is to have a unique strong password for each account. gPass helps to reach this goal : you keep a subset of passwords (called masterkey) and for each login/password tuple you chose, gPass returns the real password by querying a password server.
To have a high level of security, all information is stored encrypted (server side). Nothing is stored on client. The decryption is done on the fly when it's needed and only with user input. So, a hacker can get your password database, it will not be able to see any information (except if it bruteforce your masterkey) !
@ -20,9 +20,9 @@ Usage
-----
The first thing to do is to populate your database (from your/a password server) with login/password/master key values. If you want to make strong password, there is a password generator. After that, configure your addon in "addons -> gPass -> preferences" to point to your password server (+ username).
The first thing to do is to populate your database (from your/a password server) with login/password/master key values. If you want to make strong password, there is a password generator. After that, configure your addon in "tools -> addons -> gPass -> preferences" to point to your password server (+ username).
When you're in a login form and you want to use gPass. Type your login and fill "@@masterkey" in password field. Then, submit and password will automatically be replaced by the one in the database (after addon decrypt it).
When you're in a login form and you want to use gPass, type your login and fill "@@masterkey" in password field. Then submit and password will automatically be replaced by the one in the database (after addon decrypt it).
Technical details
@ -32,7 +32,7 @@ The two columns in database are "login" and "password".
login is compounded by "@@domain;login" encrypted with AES 256
password is salted and encrypted with AES 256
The key that encrypt these fields is sha256(masterkey)
The key that encrypt these fields is PKBDF2(hmac-sha256, masterkey, password_server_url, 1000, 256)
For now the only addons made is for firefox. Server side is written in PHP (with SQLite3 for database component).
@ -40,11 +40,12 @@ For now the only addons made is for firefox. Server side is written in PHP (with
Server
------
You just have to copy server files in a directory read/write for www-data. A sample apache2 configuration file is available in ressources.
To host a password server, you need a webserver. Just copy server files in a directory read/write for web server user (www-data). A sample apache2 configuration file is available in ressources.
You can activate/deactivate view of ciphered passwords by setting $VIEW_CIPHERED_PASSWORDS in index.php
You can activate/deactivate view of ciphered passwords by setting $VIEW_CIPHERED_PASSWORDS in index.php.
You can activate/deactivate user creation by setting $ADMIN_MODE in index.php.
A demonstration server is available [here](http://gpass-demo.soutade.fr). It's the default server of XPI package.
A demonstration server is available [here](http://gpass-demo.soutade.fr). It's the default server of XPI package (user demo).
Client