git.claws-mail.org Git - claws.git/atom - doc/src/password_encryption.txt history Claws Mail http://git.claws-mail.org/?p=claws.git root /gitweb/git-favicon.png /gitweb/git-logo.png 2018-06-09T22:53:20Z gitweb Fix a buffer overflow in password encryption, and allow arbitrary password length. 2018-06-09T22:38:42Z Andrej Kacian ticho@claws-mail.org Andrej Kacian ticho@claws-mail.org 2018-06-09T22:38:42Z http://git.claws-mail.org/?p=claws.git;a=commitdiff;h=a7f0d049b6a7f1df5fe4e6487ddbb140c22370e0
Fix a buffer overflow in password encryption, and allow arbitrary password length.

Fixes bug #4033 - Claws Mail crashes [malloc(): memory
corruption] while trying to save account password greater
than 136 chars
  • [D] doc/src/password_encryption.txt
Include more details in doc/src/password_encryption.txt. 2017-04-29T12:35:01Z Andrej Kacian ticho@claws-mail.org Andrej Kacian ticho@claws-mail.org 2017-04-29T12:35:01Z http://git.claws-mail.org/?p=claws.git;a=commitdiff;h=43a5970e1f7b623fb3641d7e384fb07ba2a8d4d4
Include more details in doc/src/password_encryption.txt.
  • [D] doc/src/password_encryption.txt
Use PBKDF2 to derive encryption key for passwords. 2016-05-24T16:29:37Z Andrej Kacian ticho@claws-mail.org Andrej Kacian ticho@claws-mail.org 2016-05-24T16:29:37Z http://git.claws-mail.org/?p=claws.git;a=commitdiff;h=54ce0e858a8a8afb81cf1e0302b39b1f9be4b0d0
Use PBKDF2 to derive encryption key for passwords.

...instead of my previous hash-then-xor nonsense.
  • [D] doc/src/password_encryption.txt
Use PBKDF2 with HMAC-SHA1 for master passphrase in clawsrc. 2016-04-07T12:56:48Z Andrej Kacian ticho@claws-mail.org Andrej Kacian ticho@claws-mail.org 2016-04-07T12:56:48Z http://git.claws-mail.org/?p=claws.git;a=commitdiff;h=ffd418aaa7b4bdf401193a96194346ff7e403b9e
Use PBKDF2 with HMAC-SHA1 for master passphrase in clawsrc.

The 64 bytes long key derivation is stored in 'master_passphrase'
pref, together with number of rounds used in its computation.

Introducing also two new common prefs:
master_passphrase_salt - holds a randomly generated 64 bytes
  for use as salt with PBKDF2. Base64-encoded.
master_passphrase_pbkdf2_rounds - number of rounds (or
  iterations) for next passphrase key derivation

The latter can be tweaked by user in case they want to use more
or less rounds, e.g. if they're running on weaker hardware and
KD with default number of rounds takes too long.
  • [D] doc/src/password_encryption.txt
"Master password" is now called "master passphrase". 2016-03-03T10:17:41Z Andrej Kacian ticho@claws-mail.org Andrej Kacian ticho@claws-mail.org 2016-03-03T10:17:41Z http://git.claws-mail.org/?p=claws.git;a=commitdiff;h=499c9fec4dda5f698378c506af1001cdcb41b04e
"Master password" is now called "master passphrase".

This is to help diferentiate between passwords coming from
accounts, plugins, etc., and the master passphrase used in
an AES encryption key for encrypting these passwords.
  • [D] doc/src/password_encryption.txt
Added password_encryption.txt to docs/src. 2016-02-04T21:02:35Z Andrej Kacian ticho@claws-mail.org Andrej Kacian ticho@claws-mail.org 2016-02-04T21:02:35Z http://git.claws-mail.org/?p=claws.git;a=commitdiff;h=ad9ddd799eff250b2f7a7a8752a9ffed282c2f98
Added password_encryption.txt to docs/src.
  • [D] doc/src/password_encryption.txt