[initial ping@zesty.ca**20060213225521] [Adding TODO kragen@pobox.com**20060213231324] [makefile simplification kragen@pobox.com**20060214030944 Got a Makefile that works on my machine without causing problems; I anticipate it will work on Ping's too. ] [made link work kragen@pobox.com**20060217180523 Simplified Makefile a little more and made 'make link' work on my machine. ] [cancel button works kragen@pobox.com**20060217180602 Now the little cancel button does the right thing. Incidentally also corrected SHA1 timing units. ] [removed duplicated XPI/XPS kragen@pobox.com**20060217181435 XPI and XPS were duplicatively defined twice to do the same thing; removed redundant definition. ] [random icon kragen@pobox.com**20060218055519 Now we select a random icon from the list, but we don't yet store our choice. ] [added mockup dialog kragen@pobox.com**20060218055610 I'm not really sure that this is what Ping has in mind, but here's at least a mockup that pretends to work. ] [persistent random icon kragen@pobox.com**20060219041218 So now we store the name of the randomly selected .png file as passpet.icon, so it's the same every time. ] [random persona name kragen@pobox.com**20060219080518 Now we have an animal name chosen from among "Rupert" and the 10 most common male and 10 most common female names from the US Census. Stored persistently in prefs. ] [use English for en-US, move French to fr-FR ping@zesty.ca**20060219111020] [debug setting of petnames, improve textbox ui ping@zesty.ca**20060219115449 clicking on the textbox when the site is unknown now highlights all the text typing in a new petname when the site is unknown updates the textbox colour ] [remove var x = function kragen@pobox.com**20060219224849 Previously we were using var foo = function(bar) { ... } all over the place, but it's confusingly similar to var foo = new function() { ... }, which is very different. ] [remove var x = function II kragen@pobox.com**20060219225248 Previous patch conflicted with Ping's patch; this cleans that up. ] [note pig1 bug kragen@pobox.com**20060220002021] [refactor random prefs kragen@pobox.com**20060220002038 There was some duplicate code, so I refactored it. ] [find login form kragen@pobox.com**20060220002109 So now there's code to find the login form and set its password to 'XXX', but it gets called in a somewhat random place --- if you click the toolbar button to hide the secret fields. ] [format setup dialog and add strength meter image ping@zesty.ca**20060220005435] [remove unnecessary semicolons kragen@pobox.com**20060220004916 JavaScript doesn't require many semicolons. ] [put password in weird places kragen@pobox.com**20060220005336 Previously the only way to get your "site password" (presently always 'XXX') out of Passpet was to go to a page containing a form with the "correct" layout of a username/password form. This patch puts the password in any input field you have the focus on instead. ] [resolving opendialog conflict kragen@pobox.com**20060220005713 The semicolon removal patch led to a conflict with a name change. ] [actually generate a site password kragen@pobox.com**20060220011238 Now we actually use SHA1 to generate the site password, although it doesn't yet include any secret information. ] [adjust setup dialog ping@zesty.ca**20060220020309] [make sha1 api more consistent, move toward underscore_names ping@zesty.ca**20060220023754] [remove unused files, factor out toolbar.js, add entropy indicator ping@zesty.ca**20060220114345] [remove unused style rules, size setup dialog according to flow ping@zesty.ca**20060220115848] [fix buglet where clicking pet doesn't redisplay url kragen@pobox.com**20060221203833] [move get_icon and get_name to passpet.js kragen@pobox.com**20060221204000 Refactoring: moving these two methods from passpet_toolbar to passpet, and make them public. ] [minor cleanups kragen@pobox.com**20060221204116 Just a couple of overdue comment updates. ] [persona names in setup dialog kragen@pobox.com**20060221204216 Display the correct persona names in the setup dialog using passpet.get_name() and passpet.get_icon() ] [make attack time depend on password entropy kragen@pobox.com**20060221204636 Yeah, as 2^n. Surprise: 1.0 << 100 == 16, so you have to use Math.pow. Also remove the complaint about 'width: -576px' in the javascript error log. ] [add entropy estimator kragen@pobox.com**20060221210617 The entropy estimator uses an old list of common passwords to estimate passwords containing them as lower-entropy. ] [minor wording fixes ping@zesty.ca**20060221222522] [add maxtime to hashing interface, optimize hashing ping@zesty.ca**20060225081210] [name some constants, rename a function ping@zesty.ca**20060225083539] [add persona icon to setup dialog, adjust styles ping@zesty.ca**20060226221349] [add confirmation textbox ping@zesty.ca**20060226223710] [make setup dialog appear as a dialog sheet in OS X ping@zesty.ca**20060226224634] [generate a base-62 string for the site password ping@zesty.ca**20060227014134] [switch from sha-1 to sha-256 ping@zesty.ca**20060303003323] [add approximate hash timings ping@zesty.ca**20060303004344] [apply utf-8 encoding to site label ping@zesty.ca**20060303133221] [adding basic srp stubs kragen@pobox.com**20060302231638 This SRP implementation may not actually work. Checking in anyway. ] [adding todo items kragen@pobox.com**20060305042443] [fix toolbaritem resizer ping@zesty.ca**20060305060128] [add intro dialog ping@zesty.ca**20060305063229] [oops, really add intro dialog ping@zesty.ca**20060305064246] [replace overlay with sleeping icon, make intro dialog a two-page deck ping@zesty.ca**20060306075220] [add context menu ping@zesty.ca**20060306085101] [ask for correct address kragen@pobox.com**20060306092514 Updating TODO a bit as well. ] [hide site label when asleep kragen@pobox.com**20060306110302 This seems to have some layout problems. ] [outdent toolbarbutton (trivial) kragen@pobox.com**20060306110449] [discuss tradeoffs kragen@pobox.com**20060306115648] [handle activation and deactivation ping@zesty.ca**20060306141322] [import paper text and bibliography into darcs ping@zesty.ca**20060306205625] [fix tex dependencies ping@zesty.ca**20060306205859] [add mention of tradeoffs to introduction ping@zesty.ca**20060307000615] [acknowledgements and limitations ping@zesty.ca**20060307000733] [new storage server protocol ping@zesty.ca**20060307000752] [add label accept/cancel buttons kragen@pobox.com**20060307015047 Still doesn't quite work right... but close! ] [update to-do list for paper, add goldfish icon ping@zesty.ca**20060307035902] [catch stray errors in pref manipulation ping@zesty.ca**20060307045407] [add figure 1 ping@zesty.ca**20060307061912] [fixing bookmark update bug kragen@pobox.com**20060307072840 Well, ya know, a document.location isn't really a string. So we have to take .href of it. ] [add figures 2 and 3 ping@zesty.ca**20060307073918] [add implementation to-do items ping@zesty.ca**20060307074432] [add request icon ping@zesty.ca**20060307080205] [tooltips and adjustments to toolbar ping@zesty.ca**20060307084050] [add transient label collision warning ping@zesty.ca**20060307092307] [tighten up the text about usage a little bit ping@zesty.ca**20060307092338] [activate vs. active terminology kragen@pobox.com**20060307092308] [makefile calls xpdf kragen@pobox.com**20060307094609] [remove assertion of impossibility of asking kragen@pobox.com**20060307094630 It may still be true that an attacker would have a hard time forging "Jennifer wants the secret for kragen@murch-sitaker.org", but here I've just removed the assertion that this is impossible. ] [site password length tradeoffs initial discussion kragen@pobox.com**20060307094752] [describe handling of common names kragen@pobox.com**20060307102524] [explain limitations of not using salt kragen@pobox.com**20060307104626] [describe risks of non-SSL password capture kragen@pobox.com**20060307112012 This version doesn't make any promises to change to supporting non-SSL sites, but it does clearly explain the limitations. ] [minor grammar stuff kragen@pobox.com**20060307112213 Adding LocalWords for ispell. ] [finished limitations section draft kragen@pobox.com**20060307114804] [comments on paper-todo kragen@pobox.com**20060307122651] [add label collision warning dialog ping@zesty.ca**20060307123230] [add all remaining figures to paper ping@zesty.ca**20060307123300] [add support for non-SSL sites ping@zesty.ca**20060307203236] [tighten up the secret entry box ping@zesty.ca**20060307204000] [use a list of two-level TLDs ping@zesty.ca**20060307215423] [add non-SSL support description to the paper ping@zesty.ca**20060307215445] [add toolbar states figure ping@zesty.ca**20060307220801] [updating paper-todo on last day kragen@pobox.com**20060307224541] [discuss database contention problems kragen@pobox.com**20060307224618] [activated/deactivated -> awake/sleeping ping@zesty.ca**20060307222027] [shrink bibliography ping@zesty.ca**20060307234453] [all kinds of edits ping@zesty.ca**20060307234517] [shrink the bibliography (why doesn't {abbrv} work?!) ping@zesty.ca**20060307234928] [update todo list per recent patch ping@zesty.ca**20060307235603] [put site password length tradeoffs under limitations kragen@pobox.com**20060308002142] [minor wording and punctuation changes kragen@pobox.com**20060308002300] [rewrite section 2/3 into one section ping@zesty.ca**20060308004014] [make wording of goals match kragen@pobox.com**20060308005641] [update wording of goals ping@zesty.ca**20060308010224] [shuffle figure layout ping@zesty.ca**20060308010236] [rewrite conclusion kragen@pobox.com**20060308010850] [back out of master_username change, edit limitations ping@zesty.ca**20060308012739] [fix wording ping@zesty.ca**20060308013125] [fix wording for accuracy ping@zesty.ca**20060308013208] [slight wording and punctuation changes, update todo kragen@pobox.com**20060308014438] [figure numbering, wording fixes ping@zesty.ca**20060308014614] [correct number of goals kragen@pobox.com**20060308015607] [mitigate underfull hbox kragen@pobox.com**20060308015622] [mention unique decomposition of hash inputs ping@zesty.ca**20060308015853] [spell check (fixed misspelling!) kragen@pobox.com**20060308021828] [recapitalize JavaScript kragen@pobox.com**20060308021938] [more spellchecking kragen@pobox.com**20060308022415] [rewrite abstract, squeeze bibliography ping@zesty.ca**20060308021037] [layout tweaks ping@zesty.ca**20060308022801] [lots of tiny final fixes ping@zesty.ca**20060308032943] [TAG help ping@zesty.ca**20060501004345] [TAG submitted to SOUPS ping@zesty.ca**20060501004356] [TAG submitted to SOUPS ping@zesty.ca**20060501004422] [add srp6a implementation ping@zesty.ca**20060501121452] [clean up and document ping@zesty.ca**20060501123014] [update todo ping@zesty.ca**20060506115618] [split out hash.js, make persona name flash ping@zesty.ca**20060513221803] [add a basic XPCOM component for Passpet ping@zesty.ca**20060519100026] [move common routines into utils.js; clean up xpcom implementation ping@zesty.ca**20060519231716] [add skeleton for Passpet XPCOM components ping@zesty.ca**20060520214047] [finish nsIPasspetHash implementation ping@zesty.ca**20060520225921] [change IDL to indicate that getSiteIdentifier and nsIPasspetHash.data are 8-bit strings ping@zesty.ca**20060520234351] [add implementation of entropy estimator as an XPCOM component ping@zesty.ca**20060521035332] [add entropy, serializer, and folder services ping@zesty.ca**20060522182100] [fix typo in Makefile and nsIPasspetSerializer.idl ping@zesty.ca**20060522182303] [use const where appropriate ping@zesty.ca**20060523003500] [add UTF-8 conversion to serializer ping@zesty.ca**20060523082847] [add basic implementation for persona and stubs for remote ping@zesty.ca**20060523205424] [fix components, initialize services later ping@zesty.ca**20060523223907] [rename files to get rid of the meaningless 'ns' prefix ping@zesty.ca**20060524004545] [fix small typos ping@zesty.ca**20060524110307] [massive changes to use new XPCOM components (not fully functional) ping@zesty.ca**20060524110358] [fix lots of little typos, update stylesheet, make resizing work, add stubs for PasspetRemote ping@zesty.ca**20060525024256] [update description of username filling, edit discussion of limitations ping@zesty.ca**20060525033319] [fix bibliography layout ping@zesty.ca**20060525073509] [minor wording changes; flash the site label; adjust breaks and spacing ping@zesty.ca**20060527024239] [TAG final camera-ready version ping@zesty.ca**20060527024306] [move all punctuation outside of quotation marks, fix copyright notice for SOUPS ping@zesty.ca**20060530191347] [TAG final FINAL camera-ready version ping@zesty.ca**20060530193154] [serialize dictionaries instead of arrays (for extensibility and debuggability); add PasspetJava for access to the Java in components ping@zesty.ca**20060606021559] [adjust tooltips and appearance of petname field ping@zesty.ca**20060606112619] [add asynchronous server implementation ping@zesty.ca**20060625092132] [update documentation ping@zesty.ca**20060625092253] [begin AES implementation based on FIPS 197 ping@zesty.ca**20060625230410] [finish AES implementation ping@zesty.ca**20060626003220] [clean up, provide access to the session key ping@zesty.ca**20060626011734] [Add implementation of AES-CMAC and improve docstrings. ping@zesty.ca**20060627000532] [fix typo ping@zesty.ca**20060627010542] [fix typo ping@zesty.ca**20060627010647] [clean up srp6a module, finish server implementation? ping@zesty.ca**20060627020936] [rename to passpetd ping@zesty.ca**20060627021512] [make passpetd executable ping@zesty.ca**20060627021535] [add check for valid username ping@zesty.ca**20060627022351] [fix lots of little bugs; server tested and working! ping@zesty.ca**20060627033559] [add server test script ping@zesty.ca**20060627033643] [small fixups ping@zesty.ca**20060628035444] [allow string or int for key; encipher() and decipher() now accept strings as well as blocks; various cleanups ping@zesty.ca**20060629214109] [separate out the implementation of CBC ping@zesty.ca**20060629220424] [add GCM implementation ping@zesty.ca**20060629232045] [use GCM in passpetd; support nonce in GCM ping@zesty.ca**20060629235611] [add JavaScript AES implementation ping@zesty.ca**20060630011232] [add a working implementation of GCM ping@zesty.ca**20060701235106] [add test cases for AES, AES-CMAC, GCM ping@zesty.ca**20060701235143] [use fancy gnu make rules to simplify the Makefile ping@zesty.ca**20060704105810] [implement SHA-256 and use it as the hash for SRP ping@zesty.ca**20060705074114] [add version number preamble to passpetd protocol; send nonce as 16 bytes ping@zesty.ca**20060706013848] [move value() calls into SRP protocol; add "Passpet" intro to protocol ping@zesty.ca**20060706111609] [add continuation-based implementation of PasspetRemote client ping@zesty.ca**20060706111724] [add PasspetRemote testing functions ping@zesty.ca**20060706111907] [initialize Java and pass it to PasspetJava ping@zesty.ca**20060706112013] [we aren't using srp.py or cbc.py any more ping@zesty.ca**20060706122229] [add utils.js ping@zesty.ca**20060706122513] [add error handling (+/- flag) to protocol ping@zesty.ca**20060707002511] [update for new error-handling protocol; add continuation helpers ping@zesty.ca**20060707011104] [include components in .xpi ping@zesty.ca**20060707011340] [fix up error handling ping@zesty.ca**20060707012638] [use .pu as extention for Passpet User files ping@zesty.ca**20060707074540] [print a nicer request id for debugging ping@zesty.ca**20060707074901] [fix filename bug in passpetd; allow hostname argument to test_passpetd ping@zesty.ca**20060707215950] [rewrite PasspetPersona in continuation-passing style ping@zesty.ca**20060707221224] [clean up error handling (again!) ping@zesty.ca**20060708005704] [fix persona file listing bug ping@zesty.ca**20060708010212] [update spelling of error codes ping@zesty.ca**20060708010534] [initialize Java earlier ping@zesty.ca**20060708011752] [clean up debugging messages ping@zesty.ca**20060708012301] [fix bugs in petname file decryption ping@zesty.ca**20060708014912] [nicer debugging messsages ping@zesty.ca**20060708015026] [make debugging in toolbar.js quieter ping@zesty.ca**20060708020939] [clean up continuations ping@zesty.ca**20060708052042] [remove spaces between hex bytes in protocol ping@zesty.ca**20060708052409] [encapsulate encrypted messages with '+' flag; fix up removing spaces in hex ping@zesty.ca**20060708054611] [handle bad encrypted messages more gracefully ping@zesty.ca**20060708055108] [move srp6a test into test_srp6a.py ping@zesty.ca**20060708060646] [update TODO ping@zesty.ca**20060708061005] [clean up unused stuff ping@zesty.ca**20060708062354] [update TODO list ping@zesty.ca**20060709044213] [combine intro and setup into one 3-page dialog ping@zesty.ca**20060709063346] [randomly select a persona name and icon ping@zesty.ca**20060709075009] [try to create actual personas, doesn't work yet ping@zesty.ca**20060709081812] [setup dialog: switch to constructor style, dynamic event attachment, use attributes instead of classes for styled status indicators ping@zesty.ca**20060709195113] [fix error handling when there's no server; provide feedback on address entry during setup ping@zesty.ca**20060709205644] [fix address entry feedback; use decks for feedback messages ping@zesty.ca**20060709224045] [allow choice of what to do with an existing account ping@zesty.ca**20060709234238] [reorder pages so persona intro is last ping@zesty.ca**20060710003142] [remove default personas; show progress on last setup page ping@zesty.ca**20060710011612] [add "New Passpet" menu command; move toolbar.* to browser.*; do hashing in the background when waking up a persona ping@zesty.ca**20060710065735] [update TODO ping@zesty.ca**20060710070521] [remove test() call ping@zesty.ca**20060710071006] [remove interfering definition of Step in test.js ping@zesty.ca**20060710071827] [update TODO ping@zesty.ca**20060710071918] [fix null-separation bug in persona pidList ping@zesty.ca**20060710074115] [new continuation helpers; add simple logic for handling remote conflicts; fix save/upload logic ping@zesty.ca**20060711014109] [fix folder implementation ping@zesty.ca**20060711025940] [use new Cont object instead of Step ping@zesty.ca**20060711030148] [don't immediately save persona after creation (setup might fail) ping@zesty.ca**20060711031156] [save if reusing an existing address ping@zesty.ca**20060711031317] [encrypt the empty file so it doesn't just accept anysecret ping@zesty.ca**20060711033550] [save initial file immediately ping@zesty.ca**20060711033732] [try to fix timer; don't add ? to non-SSL petnames ping@zesty.ca**20060711041440] [try for smarter scheduling of uploads ping@zesty.ca**20060711043740] [add callids to help trace continuation problems ping@zesty.ca**20060711045345] [handle errors during engine_push and show when the client goes away ping@zesty.ca**20060711061007] [fix DEADLY local 'client' variable bug!!! ping@zesty.ca**20060711064707] [clean up login exception handling ping@zesty.ca**20060711064822] [clean up authentication steps ping@zesty.ca**20060711065323] [rename LOGIN_REFUSED to LOGIN_FAILED ping@zesty.ca**20060711065621] [fix decryptFile; now initializing a persona works when it has to try multiple accounts ping@zesty.ca**20060711071356] [switch to a single persona status icon; use attribute selectors in CSS instead of classes ping@zesty.ca**20060711072627] [use attributes instead of classes to style the accept and cancel buttons ping@zesty.ca**20060711073246] [use attributes instead of classes for the label textbox styles ping@zesty.ca**20060711074434] [make a working collision warning dialog ping@zesty.ca**20060711102250] [update TODO ping@zesty.ca**20060711102341] [clean up unused icons; add an appearance for the toolbar palette and for when there are no personas defined ping@zesty.ca**20060712003409] [use regular expressions to check valid hostnames ping@zesty.ca**20060712063922] [make a nicer "empty" (question mark) icon ping@zesty.ca**20060712065542] [rearrange persona intro dialog and add warning ping@zesty.ca**20060712074952] [update TODO ping@zesty.ca**20060712075121] [add popup feedback to the persona button ping@zesty.ca**20060712095218] [update stylesheet to keep collision site names bold ping@zesty.ca**20060712100503] [improve "about" dialog; add to context menu ping@zesty.ca**20060712153251] [flash an outline around the petname textbox when filling passwords ping@zesty.ca**20060712163642]