[sip-comm-dev] Password Storage: Week 2


#1

Hi all,

I've just commited to my branch a working version of my password
storage service.
Basically, there's a new service and implementation in these packages:
net.java.sip.communicator.impl.credentialsstorage
net.java.sip.communicator.service.credentialsstorage
also storePassword and loadPassword methods in:
net.java.sip.communicator.service.protocol.ProtocolProviderFactory

I introduced a new config property to store the encrypted passwords:
accountPrefix + ENCRYPTED_PASSWORD
The password loading method can detect if a non-encrypted property
accountPrefix + PASSWORD exists, encrypt and erase it.
Also In the code I made an assumption that if there is no
"net.java.sip.communicator.impl.credentialsstorage.MASTER" property
set, then that means we are using null as a master password (actually
null cannot be used for encryption, so I substitute it later with a
hardcoded value). Also when master is null, it means the user is
unaware of the master password and is never presented with a prompt to
input it.
When MASTER property is set then it's value is a string that
represents the encrypted master itself. This way I can check if the
master input from the user was correct or not. The master is asked
only once (well, until it is correct) for all accounts.
I don't really like the idea of using this MASTER property, but I
haven't come up with a better way to do this. Also, more testing is
required.

Any suggestions and comments are welcome.

Cheers,
Dmitri

···

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net


#2

Hey Dmitri,

На 20.05.10 16:53, Dmitri Melnikov написа:

Hi all,

I've just commited to my branch a working version of my password
storage service.

Now that's an early bird! Great job! :slight_smile:

Basically, there's a new service and implementation in these packages:
net.java.sip.communicator.impl.credentialsstorage
net.java.sip.communicator.service.credentialsstorage
also storePassword and loadPassword methods in:
net.java.sip.communicator.service.protocol.ProtocolProviderFactory

I introduced a new config property to store the encrypted passwords:
accountPrefix + ENCRYPTED_PASSWORD
The password loading method can detect if a non-encrypted property
accountPrefix + PASSWORD exists, encrypt and erase it.
Also In the code I made an assumption that if there is no
"net.java.sip.communicator.impl.credentialsstorage.MASTER" property
set, then that means we are using null as a master password (actually
null cannot be used for encryption, so I substitute it later with a
hardcoded value). Also when master is null, it means the user is
unaware of the master password and is never presented with a prompt to
input it.

OK sounds reasonable.

When MASTER property is set then it's value is a string that
represents the encrypted master itself.

Encrypted using what key? Are you using the password itself or your
hardcoded value?

This way I can check if the
master input from the user was correct or not. The master is asked
only once (well, until it is correct) for all accounts.
I don't really like the idea of using this MASTER property

I agree. I am not sure why you need this though. Why not store a fixed
value there and then, once you have the master password, use it to
encrypt and decrypt that value. Checking whether it resolves to what
it's supposed to could be your way of verifying whether the password is
valid.

That's of course just a top-of-my-head suggestion, so maybe others would
have better suggestions. George, Ben?

Cheers,
Emil

···

, but I
haven't come up with a better way to do this. Also, more testing is
required.

Any suggestions and comments are welcome.

Cheers,
Dmitri

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

--
Emil Ivov, Ph.D. 67000 Strasbourg,
Project Lead France
SIP Communicator
emcho@sip-communicator.org PHONE: +33.1.77.62.43.30
http://sip-communicator.org FAX: +33.1.77.62.47.31

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net


#3

Hey all,

Great job Dmitri for that early commit.

I agree with Emil, I don't really understand how you plan to store a
cyphered master password and how to use it later. The Emil's idea to
compare cyphered values will probably be safer and easier to use.

Cheers,
Ben.

···

On Thu, May 20, 2010 at 17:06, Emil Ivov <emcho@sip-communicator.org> wrote:

Hey Dmitri,

На 20.05.10 16:53, Dmitri Melnikov написа:

Hi all,

I've just commited to my branch a working version of my password
storage service.

Now that's an early bird! Great job! :slight_smile:

Basically, there's a new service and implementation in these packages:
net.java.sip.communicator.impl.credentialsstorage
net.java.sip.communicator.service.credentialsstorage
also storePassword and loadPassword methods in:
net.java.sip.communicator.service.protocol.ProtocolProviderFactory

I introduced a new config property to store the encrypted passwords:
accountPrefix + ENCRYPTED_PASSWORD
The password loading method can detect if a non-encrypted property
accountPrefix + PASSWORD exists, encrypt and erase it.
Also In the code I made an assumption that if there is no
"net.java.sip.communicator.impl.credentialsstorage.MASTER" property
set, then that means we are using null as a master password (actually
null cannot be used for encryption, so I substitute it later with a
hardcoded value). Also when master is null, it means the user is
unaware of the master password and is never presented with a prompt to
input it.

OK sounds reasonable.

When MASTER property is set then it's value is a string that
represents the encrypted master itself.

Encrypted using what key? Are you using the password itself or your
hardcoded value?

This way I can check if the
master input from the user was correct or not. The master is asked
only once (well, until it is correct) for all accounts.
I don't really like the idea of using this MASTER property

I agree. I am not sure why you need this though. Why not store a fixed
value there and then, once you have the master password, use it to
encrypt and decrypt that value. Checking whether it resolves to what
it's supposed to could be your way of verifying whether the password is
valid.

That's of course just a top-of-my-head suggestion, so maybe others would
have better suggestions. George, Ben?

Cheers,
Emil

, but I
haven't come up with a better way to do this. Also, more testing is
required.

Any suggestions and comments are welcome.

Cheers,
Dmitri

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

--
Emil Ivov, Ph.D. 67000 Strasbourg,
Project Lead France
SIP Communicator
emcho@sip-communicator.org PHONE: +33.1.77.62.43.30
http://sip-communicator.org FAX: +33.1.77.62.47.31

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net


#4

Hi,
Thanks for the quick feedback.

Encrypted using what key? Are you using the password itself or your hardcoded value?

The pass itself, so that decrypt(masterpass, MASTER_PROP) ==
masterpass. Sure, it's not really necessary to store the encrypted
master itself, since I get an exception if it's wrong anyway from the
crypto class. It's just one way to check it's correctness.
Still, I need some boolean property (MASTER=true?) that tells me if
we're using a user defined master password or the default one (So that
we can check weather we need to prompt the user).

Cheers,
Dmitri

···

On Thu, May 20, 2010 at 6:16 PM, Benoit Pradelle <b.pradelle@gmail.com> wrote:

Hey all,

Great job Dmitri for that early commit.

I agree with Emil, I don't really understand how you plan to store a
cyphered master password and how to use it later. The Emil's idea to
compare cyphered values will probably be safer and easier to use.

Cheers,
Ben.

On Thu, May 20, 2010 at 17:06, Emil Ivov <emcho@sip-communicator.org> wrote:

Hey Dmitri,

На 20.05.10 16:53, Dmitri Melnikov написа:

Hi all,

I've just commited to my branch a working version of my password
storage service.

Now that's an early bird! Great job! :slight_smile:

Basically, there's a new service and implementation in these packages:
net.java.sip.communicator.impl.credentialsstorage
net.java.sip.communicator.service.credentialsstorage
also storePassword and loadPassword methods in:
net.java.sip.communicator.service.protocol.ProtocolProviderFactory

I introduced a new config property to store the encrypted passwords:
accountPrefix + ENCRYPTED_PASSWORD
The password loading method can detect if a non-encrypted property
accountPrefix + PASSWORD exists, encrypt and erase it.
Also In the code I made an assumption that if there is no
"net.java.sip.communicator.impl.credentialsstorage.MASTER" property
set, then that means we are using null as a master password (actually
null cannot be used for encryption, so I substitute it later with a
hardcoded value). Also when master is null, it means the user is
unaware of the master password and is never presented with a prompt to
input it.

OK sounds reasonable.

When MASTER property is set then it's value is a string that
represents the encrypted master itself.

Encrypted using what key? Are you using the password itself or your
hardcoded value?

This way I can check if the
master input from the user was correct or not. The master is asked
only once (well, until it is correct) for all accounts.
I don't really like the idea of using this MASTER property

I agree. I am not sure why you need this though. Why not store a fixed
value there and then, once you have the master password, use it to
encrypt and decrypt that value. Checking whether it resolves to what
it's supposed to could be your way of verifying whether the password is
valid.

That's of course just a top-of-my-head suggestion, so maybe others would
have better suggestions. George, Ben?

Cheers,
Emil

, but I
haven't come up with a better way to do this. Also, more testing is
required.

Any suggestions and comments are welcome.

Cheers,
Dmitri

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

--
Emil Ivov, Ph.D. 67000 Strasbourg,
Project Lead France
SIP Communicator
emcho@sip-communicator.org PHONE: +33.1.77.62.43.30
http://sip-communicator.org FAX: +33.1.77.62.47.31

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net


#5

На 20.05.10 18:41, Dmitri Melnikov написа:

Hi,
Thanks for the quick feedback.

Encrypted using what key? Are you using the password itself or your hardcoded value?

The pass itself, so that decrypt(masterpass, MASTER_PROP) ==
masterpass. Sure, it's not really necessary to store the encrypted
master itself, since I get an exception if it's wrong anyway from the
crypto class.

Oh, then that's even better.

It's just one way to check it's correctness.
Still, I need some boolean property (MASTER=true?)

Sounds great to me!

Cheers,
Emil

···

that tells me if
we're using a user defined master password or the default one (So that
we can check weather we need to prompt the user).

Cheers,
Dmitri

On Thu, May 20, 2010 at 6:16 PM, Benoit Pradelle <b.pradelle@gmail.com> wrote:

Hey all,

Great job Dmitri for that early commit.

I agree with Emil, I don't really understand how you plan to store a
cyphered master password and how to use it later. The Emil's idea to
compare cyphered values will probably be safer and easier to use.

Cheers,
Ben.

On Thu, May 20, 2010 at 17:06, Emil Ivov <emcho@sip-communicator.org> wrote:

Hey Dmitri,

На 20.05.10 16:53, Dmitri Melnikov написа:

Hi all,

I've just commited to my branch a working version of my password
storage service.

Now that's an early bird! Great job! :slight_smile:

Basically, there's a new service and implementation in these packages:
net.java.sip.communicator.impl.credentialsstorage
net.java.sip.communicator.service.credentialsstorage
also storePassword and loadPassword methods in:
net.java.sip.communicator.service.protocol.ProtocolProviderFactory

I introduced a new config property to store the encrypted passwords:
accountPrefix + ENCRYPTED_PASSWORD
The password loading method can detect if a non-encrypted property
accountPrefix + PASSWORD exists, encrypt and erase it.
Also In the code I made an assumption that if there is no
"net.java.sip.communicator.impl.credentialsstorage.MASTER" property
set, then that means we are using null as a master password (actually
null cannot be used for encryption, so I substitute it later with a
hardcoded value). Also when master is null, it means the user is
unaware of the master password and is never presented with a prompt to
input it.

OK sounds reasonable.

When MASTER property is set then it's value is a string that
represents the encrypted master itself.

Encrypted using what key? Are you using the password itself or your
hardcoded value?

This way I can check if the
master input from the user was correct or not. The master is asked
only once (well, until it is correct) for all accounts.
I don't really like the idea of using this MASTER property

I agree. I am not sure why you need this though. Why not store a fixed
value there and then, once you have the master password, use it to
encrypt and decrypt that value. Checking whether it resolves to what
it's supposed to could be your way of verifying whether the password is
valid.

That's of course just a top-of-my-head suggestion, so maybe others would
have better suggestions. George, Ben?

Cheers,
Emil

, but I
haven't come up with a better way to do this. Also, more testing is
required.

Any suggestions and comments are welcome.

Cheers,
Dmitri

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

--
Emil Ivov, Ph.D. 67000 Strasbourg,
Project Lead France
SIP Communicator
emcho@sip-communicator.org PHONE: +33.1.77.62.43.30
http://sip-communicator.org FAX: +33.1.77.62.47.31

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net

--
Emil Ivov, Ph.D. 67000 Strasbourg,
Project Lead France
SIP Communicator
emcho@sip-communicator.org PHONE: +33.1.77.62.43.30
http://sip-communicator.org FAX: +33.1.77.62.47.31

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@sip-communicator.dev.java.net
For additional commands, e-mail: dev-help@sip-communicator.dev.java.net