Bug 6383 - (V3) Add support for V3 Format
(V3)
: Add support for V3 Format
Status: NEW
Product: PasswordSafe
General
: unspecified
: N900 Windows
: Medium enhancement with 11 votes (vote)
: ---
Assigned To: Christian Sarrasin
: general-bugs
:
:
:
:
  Show dependency tree
 
Reported: 2009-11-28 16:12 UTC by Massimiliano Goriup
Modified: 2014-03-08 10:27 UTC (History)
4 users (show)

See Also:


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description Massimiliano Goriup (reporter) 2009-11-28 16:12:02 UTC
SOFTWARE VERSION:
(Settings > General > About product)
Password Safe 1.5.5

EXACT STEPS LEADING TO PROBLEM: 
(Explain in detail what you do (e.g. tap on OK) and what you see (e.g. message
Connection Failed appears))
1. Open File .psafe3
2. Enter master password
3. Leads to "wrong password" while it's actually right

EXPECTED OUTCOME:
Adding V3 format support it would just open and works.

ACTUAL OUTCOME:
Can't open it

REPRODUCIBILITY:
(always, less than 1/10, 5/10, 9/10)
Always

EXTRA SOFTWARE INSTALLED:

OTHER COMMENTS:
I know it's not supported in this version but it's going to be in future
release? Or is already avaiable a compatible testing version?

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.0; it; rv:1.9.1.5)
Gecko/20091102 Firefox/3.5.5
Comment 1 Fred Lefévère-Laoide 2009-11-28 19:06:01 UTC
Not yet supported ...
I'll try and find some time to investigate the work load associated ...
Comment 2 Christian Sarrasin 2010-02-19 06:08:14 UTC
This might be a little more serious than meets the eye as the V1 and V2
versions of the PasswordSafe file format are affected by several
vulnerabilities (this has been known since 2005:
http://seclists.org/vuln-dev/2005/Nov/6).

Just wondering Fred, are you currently working on this or is this something you
would welcome help on?  I happen to have few days of holiday left ;-)
Comment 3 Fred Lefévère-Laoide 2010-02-19 10:17:54 UTC
No I'm not : feel free ;)
Comment 4 Fred Lefévère-Laoide 2010-03-08 18:01:00 UTC
*** Bug 9455 has been marked as a duplicate of this bug. ***
Comment 5 3May 2010-03-08 23:26:45 UTC
was the workload assessed for this?  how much work was done investigating it,
i.e. can it be handed off?
Comment 6 Christian Sarrasin 2010-03-09 00:00:45 UTC
I have spent a fair amount of time working on this.  It's non-trivial as it
involves migrating to a newer (and now non-mainstream) of Scheiner's encryption
algorithm: Blowfish.  There's also an upgrade to the file format itself.  The
work is being done so that the program continues to be backward compatible with
older versions of the format.

I suspect it's probably another few weeks away, given that I'm working on this
in my spare time.  Suggestions are welcome obviously.
Comment 7 Christian Sarrasin 2010-03-09 00:17:19 UTC
^^ Sorry, I meant Twofish (http://www.schneier.com/twofish.html), not Blowfish
Comment 8 Fred Lefévère-Laoide 2010-03-09 10:08:24 UTC
Would you like me to accept the bug and assign it to you so that everybody
knows that there's something going on ?
Comment 9 Christian Sarrasin 2010-03-10 01:51:43 UTC
Sure, by all means!
Comment 10 Fred Lefévère-Laoide 2010-03-10 09:49:06 UTC
Christian is working on this ;)
Comment 11 3May 2010-03-10 17:48:29 UTC
> I suspect it's probably another few weeks away, given that I'm working on this
> in my spare time.  Suggestions are welcome obviously.

I'd love to see the code; is it checked in somewhere?

-3May
Comment 12 Christian Sarrasin 2010-03-11 23:52:15 UTC
(In reply to comment #11)
> > I suspect it's probably another few weeks away, given that I'm working on this
> > in my spare time.  Suggestions are welcome obviously.
> I'd love to see the code; is it checked in somewhere?
> -3May 

Help yourself: https://garage.maemo.org/scm/?group_id=46
Comment 13 petermaffter 2011-09-16 16:29:23 UTC
Platform item: Windows?
There is already a Windows program that handles v3 format:
http://passwordsafe.sourceforge.net/
The problem is: if you open a v2 database with this program and then
simple close it, the v2 database is overwritten with v3 format and you
cannot read it on the N900 anymore!