Fix a buffer overflow in password encryption, and allow arbitrary password length. Fixes bug #4033 - Claws Mail crashes [malloc(): memory corruption] while trying to save account password greater than 136 chars
Include more details in doc/src/password_encryption.txt.
Use PBKDF2 to derive encryption key for passwords. ...instead of my previous hash-then-xor nonsense.
Use PBKDF2 with HMAC-SHA1 for master passphrase in clawsrc. The 64 bytes long key derivation is stored in 'master_passphrase' pref, together with number of rounds used in its computation. Introducing also two new common prefs: master_passphrase_salt - holds a randomly generated 64 bytes for use as salt with PBKDF2. Base64-encoded. master_passphrase_pbkdf2_rounds - number of rounds (or iterations) for next passphrase key derivation The latter can be tweaked by user in case they want to use more or less rounds, e.g. if they're running on weaker hardware and KD with default number of rounds takes too long.
"Master password" is now called "master passphrase". This is to help diferentiate between passwords coming from accounts, plugins, etc., and the master passphrase used in an AES encryption key for encrypting these passwords.
Added password_encryption.txt to docs/src.