Support master password (volunteers wanted) #3
Comments
|
Since I don't know any way of contacting you directly: @nyov, here's a re-write of the Firefox password decryptor with proper licensing. If you feel like adding and testing master password support, that would rock the house. |
|
Thanks for the notify, nice work. Any reason for having both GPL2.0 and LGPL2.1 in the license? I don't quite see the point. Though I also believe the LGPL has the option "built-in" to rerelease / migrate any LGPL code under the stricter GPL anyway. And do you have a specific reason for choosing to go with another ctypes wrapper project? Or would you consider cffi instead? Personally, I wanted to clean up the codebases I had there and then move on to doing an alternate implementation on top using the python-nss lib bindings. Also, I'd prefer to not get hung up on "decrypting" passwords, rather what I had this code in mind for should work bidirectionally, also allowing to add entries to a database, maybe even create one. |
|
Ah I see my first question is answered by the license header in https://github.com/mozilla-services/services-central-legacy/blob/master/security/nss/cmd/pwdecrypt/pwdecrypt.c. |
|
Hi!
I had not heard about CFFI before. I have little motivation to do that transition myself, but I do not object to a transition to CFFI.
I would not mind a dependency on python-nss. I did play with python-nss before going to ctypes. It does not seem provide the functions called by pwdecrypt, i.e. grepping for "PK11SDR_Decrypt" in 0.16 code did not give any matches. If python-nss helps, which functions to call would need to be found out.
No objections, I just would not write the code myself.
I remember seeing a re-licensing commit on that file somewhere but I fail to reproduce it right now, maybe later. If the re-licensing was allowed to take place, could be an interesting question by the way. Personally, I would be happy with MPL 2, too. Best, Sebastian |
|
Awesome, I think I can work with that. Regarding cffi, it seems to be the up-and coming thing to use if one wants to support pypy, and I also like the option of potentially linking to C libs on the API level versus just dlopen'ing. I'll look into doing a conversion. Finally, on licensing, I just re-read the MPL2 here https://hg.mozilla.org/projects/nss/file/9c25253f6d3c/COPYING, which allows linking to GPL/LGPL code, if one provides a potentially modified nss lib under the MPL. This leads me to think it would be simplest to just provide this under one license, say LGPL. But that's your prerogative, I don't mind either way. |
|
I'm sitting on this basic cffi converted version for the last two days now, with added master password checking and pypy/python3 support. But the way this currently works is rather horrible, doing the whole NSS_Init/NSS_Shutdown procedure, and then PK11 login/logout in between, for every single password. |
|
I named |
No description provided.
The text was updated successfully, but these errors were encountered: