New protocol v3 : include pkdbf2 level

Remove hashtable from firefox addon
Rework firefox addon
Add pkdbf2_level as a preference (hidden)

server/_user

@@ -1,6 +1,6 @@
 <?php
 /*
-  Copyright (C) 2013 Grégory Soutadé
+  Copyright (C) 2013-2014 Grégory Soutadé
   
   This file is part of gPass.
   
@@ -18,6 +18,8 @@
   along with gPass.  If not, see <http://www.gnu.org/licenses/>.
 */
 
+include("conf.php");
+
 function load_database()
 {
     try {
@@ -31,7 +33,7 @@ function load_database()
     return $db;
 }
 
-$PROTOCOL_VERSION = 2;
+$PROTOCOL_VERSION = 3;
 
 $db = load_database();
 
@@ -40,6 +42,8 @@ $res = "";
 $statement = $db->prepare("SELECT password FROM gpass WHERE login=:login");
 
 echo "protocol=gpass-$PROTOCOL_VERSION\n";
+if ($PKDBF2_LEVEL != 1000)
+    echo "pkdbf2_level=$PKDBF2_LEVEL\n";
 
 for ($i=0; isset($_POST["k$i"]); $i++)
 {

server/conf.php

@@ -0,0 +1,41 @@
+/*
+  Copyright (C) 2013-2014 Grégory Soutadé
+  
+  This file is part of gPass.
+  
+  gPass is free software: you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation, either version 3 of the License, or
+  (at your option) any later version.
+  
+  gPass is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+  
+  You should have received a copy of the GNU General Public License
+  along with gPass.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+<?php
+/*
+  User interface display or not ciphered passwords. Set to false avoid database leakage by user interface (but not by raw HTTP request).
+ */
+$VIEW_CIPHERED_PASSWORDS=true;
+
+/*
+  Allows user creation
+ */
+$ADMIN_MODE=true;
+
+/*
+  Number of iterations for PKDBF2 algorithm.
+  Minimum recommended level is 1000, but you can increase
+  this value to have a better security (need more computation
+  power).
+
+  !! Warning !! This impact master keys. So if you change
+  this value with existings masterkeys, they will unusable !
+ */
+$PKDBF2_LEVEL=1000;
+?>

server/index.php

@@ -1,6 +1,6 @@
 <?php
 /*
-  Copyright (C) 2013 Grégory Soutadé
+  Copyright (C) 2013-2014 Grégory Soutadé
   
   This file is part of gPass.
   
@@ -20,10 +20,10 @@
 
 include('functions.php');
 
+include('conf.php');
+
 session_start();
 
-$VIEW_CIPHERED_PASSWORDS=true;
-$ADMIN_MODE=true;
 $user = "";
 
 if ($ADMIN_MODE && isset($_POST['create_user']))
@@ -51,6 +51,11 @@ else
   <head>
     <meta http-equiv="Content-Type" content="text/html;charset=utf-8" >
     <link rel="stylesheet" type="text/css" href="ressources/gpass.css" />
+    <script language="javascript">
+    <?php
+    echo "pkdbf2_level=$PKDBF2_LEVEL;\n";
+    ?>
+    </script>
     <script src="ressources/jsaes.js"></script>
     <script src="ressources/jssha256.js"></script>
     <script src="ressources/hmac.js"></script>

server/ressources/gpass.js

@@ -103,7 +103,7 @@ function a2hex(str) {
 function derive_mkey(user, mkey)
 {
     url = url_domain(document.URL) + "/" + user;
-    mkey = a2hex(pkdbf2(mkey, url, 1000, 256/8));
+    mkey = a2hex(pkdbf2(mkey, url, pkdbf2_level, 256/8));
     return mkey;
 }