Update README
This commit is contained in:
parent
8eee0060f6
commit
a83354e592
|
@ -11,15 +11,14 @@ Everyday we have a lot of passwords to manage corresponding to a lot of accounts
|
||||||
|
|
||||||
The best way to avoid these errors is to have a unique strong password for each account. gPass helps to reach this goal : you keep a subset of passwords (called master key) and for each login/password tuple you chose, gPass returns the real password by querying a password server.
|
The best way to avoid these errors is to have a unique strong password for each account. gPass helps to reach this goal : you keep a subset of passwords (called master key) and for each login/password tuple you chose, gPass returns the real password by querying a password server.
|
||||||
|
|
||||||
To have a high level of security, all information is stored encrypted (server side). Nothing is stored on client. The decryption is done on the fly when it's needed and only with user input. So, a hacker can get your password database, it will not be able to see any information (except if it bruteforce your masterkey) ! So it's important to choose to strong masterkey !
|
To have a high level of security, all stored information (server side) is encrypted. Nothing is stored on client. The decryption is done on the fly when it's needed and only with user input. So, a hacker can get your password database, it will not be able to see any information (except if it bruteforce your masterkey) ! So it's important to choose to strong masterkey !
|
||||||
|
|
||||||
This addon is like [last pass](https://lastpass.com/) one, but I wanted it to be open source and home hostable (be careful on server down !). Moreover, with gPass, you can have multiple master key !
|
This addon is like [last pass](https://lastpass.com/) one, but I wanted it to be open source and home hostable (be careful on server down !). Moreover, with gPass, you can have multiple master keys !
|
||||||
|
|
||||||
|
|
||||||
Usage
|
Usage
|
||||||
-----
|
-----
|
||||||
|
|
||||||
|
|
||||||
The first thing to do is to populate your database (from your/a password server) with website/login/password/master key values. You can use * character to access to all subdomains of a specific website. If you want to make strong password, there is a password generator. After that, configure your addon in "tools -> addons -> gPass -> preferences" to point to your password server (+ username). Be careful, login and password are case sensitive.
|
The first thing to do is to populate your database (from your/a password server) with website/login/password/master key values. You can use * character to access to all subdomains of a specific website. If you want to make strong password, there is a password generator. After that, configure your addon in "tools -> addons -> gPass -> preferences" to point to your password server (+ username). Be careful, login and password are case sensitive.
|
||||||
|
|
||||||
When you're in a login form and you want to use gPass, type your login and fill "@@masterkey" in password field. Then submit and password will automatically be replaced by the one in the database (after addon decrypt it).
|
When you're in a login form and you want to use gPass, type your login and fill "@@masterkey" in password field. Then submit and password will automatically be replaced by the one in the database (after addon decrypt it).
|
||||||
|
@ -34,19 +33,19 @@ password is salted and encrypted with AES 256
|
||||||
|
|
||||||
The key that encrypt these fields is PBKDF2(hmac-sha256, masterkey, password_server_url, 1000, 256)
|
The key that encrypt these fields is PBKDF2(hmac-sha256, masterkey, password_server_url, 1000, 256)
|
||||||
|
|
||||||
For now the only addons made is for firefox. Server side is written in PHP (with SQLite3 for database component).
|
For now, the only addons made is for firefox. Server side is written in PHP (with SQLite3 for database component).
|
||||||
|
|
||||||
|
|
||||||
Server
|
Server
|
||||||
------
|
------
|
||||||
|
|
||||||
To host a password server, you need a webserver. Just copy server files in a directory read/write for web server user (www-data). A sample apache2 configuration file is available in ressources. For enhanced security, it's better to put the password server under https.
|
To host a password server, you need a webserver. Just copy server files in a directory read/write for web server user (www-data). A sample apache2 configuration file is available in ressources. For enhanced security, it's better to put the password server under https and add authentication to admin panel. Server side is written in PHP (with SQLite3 for database component).
|
||||||
|
|
||||||
Configuration parameters are in conf.php
|
Configuration parameters are in conf.php
|
||||||
|
|
||||||
A demonstration server is available [here](http://gpass-demo.soutade.fr). It's the default server of XPI package (user demo).
|
A demonstration server is available [here](http://gpass-demo.soutade.fr). It's the default server of XPI package (user demo).
|
||||||
|
|
||||||
Warning The master key derivation is partially based on account URL. So it's linked to your current server information. Currently there is no simple way to export/import a full gPass database.
|
**Warning** The master key derivation is partially based on account URL. So it's linked to your server information. Currently there is no simple way to export/import a full gPass database.
|
||||||
|
|
||||||
Client
|
Client
|
||||||
------
|
------
|
||||||
|
|
|
@ -167,7 +167,7 @@ function ask_server(field, logins, domain, wdomain, mkey, salt)
|
||||||
server_pkdbf2_level = parseInt(params[1].match(/\d+/)[0], 10);
|
server_pkdbf2_level = parseInt(params[1].match(/\d+/)[0], 10);
|
||||||
if (server_pkdbf2_level != NaN &&
|
if (server_pkdbf2_level != NaN &&
|
||||||
server_pkdbf2_level != pkdbf2_level &&
|
server_pkdbf2_level != pkdbf2_level &&
|
||||||
server_pkdbf2_level >= 1000)
|
server_pkdbf2_level >= 1000) // Minimum level for PKDBF2 !
|
||||||
{
|
{
|
||||||
debug("New pkdbf2 level " + server_pkdbf2_level);
|
debug("New pkdbf2 level " + server_pkdbf2_level);
|
||||||
pkdbf2_level = server_pkdbf2_level;
|
pkdbf2_level = server_pkdbf2_level;
|
||||||
|
|
Loading…
Reference in New Issue
Block a user