| Mike328 |
Hi guys,
Fellow '03 Nissan Murano owner here. I'm a professional software developer, and like many software guys I spend some time on the side coding for "fun".
Over the past two years, I've been working on a program called Secure Data Organizer, which is a password management program that stores and organizes all the usernames and passwords you have to keep these days. This software is free for personal use. (The idea is that, if it's good enough, a major vendor like Dell or Microsoft would pick it up rather then spend a year writing one from scratch.)
At least count, I had 229 items in Secure Data Organizer--from website passwords (nissanmurano.org!) to Bank of America, to bank account numbers, health insurance logins, network router passwords, wireless passwords, the list goes on and on.
The software was born from my discussions with people who keep their passwords on a piece of paper, or unencrypted on their hard drive in a word document, etc. They can't search them. They're there for the world to see. They can't access them when they're at work or on the go. All sorts of problems.
Enter Secure Data Organizer--it aims to solve these problems. There are a number of password management programs, and I've tried them all doing my research--I don't believe any are as good as this.
In any case, if you would be willing to try it, and provide feedback, I would be grateful. Again, it's free for personal use. The encryption it uses is state-of-the-art and much time has been spent agonizing over every deal of the user interface. There's also a Mobile version for Pocket PC and smartphone (so you can access your records on the go or on your cell phone). The software runs on Windows XP and also Windows Vista, both 32-bit and 64-bit versions.
The product homepage is:
http://www.visware.com/securedataorganizer
(Bear with me, the marketing and website is still a bit rough, this will improve in time.)
The direct download link is:
http://www.visware.com/files/Secure...zer_2-1-133.zip
Here is a link to a screenshot:
http://www.visware.com/securedataor...nScreenshot.jpg
(I've also attached a screenshot to this message.)
Thanks, guys!
Take care,
--Mike |
|
|
| krush40 |
| Sorry, Im a MAC guy otherwise Id give it a try. |
|
|
| enamurao |
downloaded,great peace of mind software.
thank you. |
|
|
| Corin |
I'll give it a whirl. My current solution (which is better than most password holders out there) is an encrypted excel file. Need to remember one password to open the file, then I have everything there.
One thing that might be nice to include is a password generator.
I have a simple perl script (which sucks right now, I need to update it) to generate random passwords. Would be nice to have a simple GUI that allows you to set the length of the password (i.e. "between x and y characters long") and check-box selection of what types of characters must be included (i.e. numbers, lowercase, uppercase, symbols). Hit "generate password" and it displays the new password AND puts the string into the copy/paste buffer.
Perhaps you could add this as an option when creating a new entry.
Always happy to try out fellow programmer's pet projects! :) (after, of course, a virus and spyware scan has been run successfully....;) ) |
|
|
| Corin |
Ah HA! Helps to do a quick look at a web page before replying. I see you DO have a password generator.
This will be fun. I'll see if I can come up with a few bug reports for you! :) |
|
|
| Corin |
Oh goodie, already encountered my first bug! (I'll send this in email to the support address as well).
On first load it requires registration, which is annoying but I understand.
It won't let me use an e-mail address with an underscore. Tried to put in my (valid) address of corin_spam@<removed> and it refused saying it was an invalid address. Removed the underscore and it worked fine. |
|
|
| Mike328 |
quote:
Originally posted by Corin
Oh goodie, already encountered my first bug! (I'll send this in email to the support address as well).
On first load it requires registration, which is annoying but I understand.
It won't let me use an e-mail address with an underscore. Tried to put in my (valid) address of corin_spam@<removed> and it refused saying it was an invalid address. Removed the underscore and it worked fine.
Heh! First bug! Good find. THis was a problem with the email address validator... I'm a bit embarassed. All that time supporting exotic domain names like the new ".mobi" and ".biz" addresses and I missed the underscore. The issue has been fixed now and will appear in the next release.
Thanks Corin!
--Mike |
|
|
| Mike328 |
quote:
Originally posted by Corin
Oh goodie, already encountered my first bug! (I'll send this in email to the support address as well).
On first load it requires registration, which is annoying but I understand.
It won't let me use an e-mail address with an underscore. Tried to put in my (valid) address of corin_spam@<removed> and it refused saying it was an invalid address. Removed the underscore and it worked fine.
Also, I've received your two feedback items as submitted by the applicaiton and will be following up with you on them shortly. Thanks again for being so helpful, and thanks to all others who have also registered!
--Mike |
|
|
| deeto |
Can you provide some info on the encyption algorythm you're using? "State-of-the-art" isn't good enough for techies like me :D
Additionally, in what files are you storing the password data? The SmartPhone integration sounds awesome and would be key for me.
quote:
Originally posted by Corin
I'll give it a whirl. My current solution (which is better than most password holders out there) is an encrypted excel file. Need to remember one password to open the file, then I have everything there.
MS Office based passwords are perhaps the worst things to use. They are soooo easy to crack. There are freely downloadable apps out there that will do it too. In my old days of I.T. I used to help coworkers by cracking their sensitive docs after they forgot the password.
You're better off not password protecting the XLS, but instead zipping it into a ZIP and password protecting that. Use a password greater than 8 chars containing random chars and numbers, and you're good to go. |
|
|
| Mike328 |
quote:
Originally posted by deeto
Can you provide some info on the encyption algorythm you're using? "State-of-the-art" isn't good enough for techies like me :D
Additionally, in what files are you storing the password data? The SmartPhone integration sounds awesome and would be key for me.
Hi deeto,
I agree with you with regard to MS office passwords. Password-protected Excel spreadsheet is just one example of solutions folks are coming up with to this growing problem of personal password management. Is it better than writing them on a piece of paper? How about storing them in a Word document? The goal of Secure Data Organizer was to be something of the ideal, expert-consensus solution for how to manage these things.
The encryption algorithms used in Secure Data Manager are completely public. If you install the software, I've even built in a complete interactive, very technical demo that illustrates the encryption process. This also allows you to verify the output of the symmetric encyrption, password deriviation, and hash algorithms independently.
In short: AES (Advanced Encryption Standard) is used in CBC mode with a 16-byte block size salted with a 16-byte initialization. Key size is 32 bytes so this is AES-256 bit (AES is based on the Rijnadel algorithm).
Also, the master password is not used directly as the encryption key; PBKDF (Password-based Key Deriviation) v2 is employed (RFC2898) with 1,000 iterations; this is based on HMAC-SHA1. This forms the bulk of the computational cost in the symmetric encryption/decryption. This key deriviation process is of course associated with SALT bytes; in fact, there is a different 16-byte salt block for EACH Secure Data Record to prevent leveraging any similarities that may occur in Secure Data Records (e.g. similar blocks of text).
Each Secure Data Record itself contains zero or more Secure Data Items; for example, a Username and Password record contains three: Encrypted username, encrypted password, and the associated encrypted notes. The 32-byte key from the key deriviation above is used to encrypt each of these items. Further, each independent ITEM is associated with its own 16 bytes of Salt as the Initialization Vector (IV) into the encryptor.
Finally, the entire datafile is stored in wide-open XML. This means that other programs can be written to leverage this standardized file format (Schema is will be published shortly). Further, it enforces that the security of the encryption does not rely on hiding; rather, it comes from a strong password paired with these strong encryption techniques and best practices.
I have just tonight completed the Pocket PC version and it's a nice piece of work. It works on Pocket PC 2002, and Windows Mobile 2003 and 2005. I have to do some interface tweaks, I think, to get things just right for Smartphone since the screen size is different on a cell phone!
Thanks for the thoughtful question and please absolutely call me out on anything you need clarification on. I will be making a post to the Cryptography usenet group shortly to get that community's blessing.
--Mike
APPENDIX: Sample XML for Secure Data Record (binary data is stored as Base-64 encoded):
- <SecureDataRecord>
<ID>be19f549-001b-49b2-b1c6-bd4fc6ffbcd2</ID>
<TypeID>1</TypeID>
<Name>Comcast Cable</Name>
<Description>www.comcast.com</Description>
<CreatedOn>2006-11-26T16:38:25.0625-07:00</CreatedOn>
<CreatedByPlatformInfo>Secure Data Organizer Version: 2.1.133; OS: Microsoft Windows NT 5.1.2600 Service Pack 2; .NET CLR Version: 2.0.50727.42</CreatedByPlatformInfo>
<CreatedByDataSetID>e8313f91-ba70-491b-b825-9deddb34360a</CreatedByDataSetID>
<AccessedOn>2006-11-26T16:40:01.53125-07:00</AccessedOn>
<ModifiedOn>2006-11-26T16:38:25.0625-07:00</ModifiedOn>
<ModifyStamp>04be663b-484e-42aa-81b6-6cd1f63cec7d</ModifyStamp>
<ModifiedByPlatformInfo>Secure Data Organizer Version: 2.1.133; OS: Microsoft Windows NT 5.1.2600 Service Pack 2; .NET CLR Version: 2.0.50727.42</ModifiedByPlatformInfo>
<ModifiedByDataSetID>e8313f91-ba70-491b-b825-9deddb34360a</ModifiedByDataSetID>
<DecryptedOn>2006-11-26T16:40:01.953125-07:00</DecryptedOn>
<DecryptionAttemptedOn>2006-11-26T16:40:01.9375-07:00</DecryptionAttemptedOn>
<PrintedOn>0001-01-01T00:00:00-07:00</PrintedOn>
<DeletedOn>0001-01-01T00:00:00-07:00</DeletedOn>
<ArchivedOn>0001-01-01T00:00:00-07:00</ArchivedOn>
<ExportedOn>0001-01-01T00:00:00-07:00</ExportedOn>
<ImportedOn>0001-01-01T00:00:00-07:00</ImportedOn>
<ImportedFromDataSetID />
<IsDeleted>false</IsDeleted>
<IsArchived>false</IsArchived>
<RandomSaltBytesUsedForKeyDerivation>nYvRU0whMImu8bGNHVGGNg==</RandomSaltBytesUsedForKeyDerivation>
- <EncryptedDataItem IsBlank="true">
<Index>0</Index>
</EncryptedDataItem>
- <EncryptedDataItem IsBlank="false">
<Index>1</Index>
<EncryptedDataBytes>QKnpZBmuRVQs5UdeVrwxOEVBlj4yNp20Y4DdJGhy2Qc=</EncryptedDataBytes>
<RandomIVBytesUsedForEncryption>a+J53n68EZ6vVm8fj9Rw3g==</RandomIVBytesUsedForEncryption>
</EncryptedDataItem>
- <EncryptedDataItem IsBlank="false">
<Index>2</Index>
<EncryptedDataBytes>OTA8jtcY5GSN1y1pKzv+aZ24epTVPeVOjZYqnGFsb0E=</EncryptedDataBytes>
<RandomIVBytesUsedForEncryption>C4gbchL8ekyDVGwRXwhySQ==</RandomIVBytesUsedForEncryption>
</EncryptedDataItem>
</SecureDataRecord> |
|
|
| TexInFla |
quote:
Originally posted by Mike328
I have just tonight completed the Pocket PC version
Any chance you'll port this over to the Palm OS? It would be handy to use on my Treo 700p. |
|
|
| Mike328 |
quote:
Originally posted by TexInFla
Any chance you'll port this over to the Palm OS? It would be handy to use on my Treo 700p.
A plan for that is definitely in the works... I need to do an updated study on marketshare of the Palm-devices vs the effort needed. Probably a 150 hour affair to get it up and running on the Palm. Maybe less if only the most recent Palm devices can be focused on (since they have a more developer-friendly environment and more powerful capabilities--they encryption techniques are very demanding). |
|
|
| Mike328 |
Hi guys,
Just wanted to say thanks again for all of support. As of today, Secure Data Organizer has 1,500 registered users from all over the world--quite a strong user base!
Also, it looks like PC Magainze will be reviewing it in the next few months, could be a big break.
Thanks again to all!
--Mike |
|
|
| Gonzo |
| I've been using "Turbo Password" for my PC and Palm Pilot... works good. You could check them out for ideas. |
|
|
| GripperDon |
NET frame work when I go to the net to get it there are multiple choices which one do I need?
Thanks Don |
|
|
| Mike328 |
| .NET Framework 2.0, or if 2.0 is not an option, then version 3.0. |
|
|
|
