Mrudul Posted August 14, 2004 Share Posted August 14, 2004 (edited) hey everyone, I have made a s/w in c# and would like to share with everyone here. I need ur suggestions for further improvements. About Software : The purpose of software is to store various passwords in and encrypted format safely. It makes management of these passwords really easy. The software allows you to store password of following kind : 1) Emails 2) Forums 3) Internet Banking 4) Credit \ Debit Cards 5) Others. The s/w is here : https://www.neowin.net/forum/index.php?show...#entry584409759 To Use this s/w you need Microsoft .NET framework. You can get the framework here : http://www.microsoft.com/downloads/details...&displaylang=en Thanks. Mrudul Shah mrudulshah@gmail.com Edited August 30, 2004 by Mrudul Link to comment Share on other sites More sharing options...
Mx Posted August 14, 2004 Share Posted August 14, 2004 Is this secure, I am not doubting you application but you only have 3 posts and your program can hold Credit/Debit Card details. Anything to prove it is secure? Or has anyone tried it yet? Link to comment Share on other sites More sharing options...
XanDaMan Posted August 14, 2004 Share Posted August 14, 2004 How do we know this program isn't storing out passwords and sending them away...just asking. Link to comment Share on other sites More sharing options...
[John] Posted August 14, 2004 Share Posted August 14, 2004 Um...guys, why don't you just see if it is sending any thing to a website. If you don't believe him, download it, enter in some fake stuff, and see if it is sending the information to something that it should not be sending it to. ;) Link to comment Share on other sites More sharing options...
Mrudul Posted August 14, 2004 Author Share Posted August 14, 2004 hi everyone, I understand your concern. Actually, this has been one of the reason behind me writing this software. Since, I wrote this s/w - I know with 100% surety that there are no backdoors to it ...sending data to websites ..etc..etc. From users (your) perspective : 1) i agree trusting is difficult but, ...that is the only way ppl can try such kind of software ...(we have bin using Windows since ages ... w/o asking a single question to microsoft ..Y ?? ..becoz we trust that company) 2) u can firewall your machine with best possible firewall ..and c if my program tries to access internet at ne pt. of time. ( it has no NETWORK related code in it) 3) try out wat John said ....thats pretty good idea. 4) when u`ll use the s/w, u`ll c ...it has only those features which are absolutely required and pertinent. Actually, I m glad ... such a question was raised ! thanx - Mrudul. Link to comment Share on other sites More sharing options...
phedot Posted August 14, 2004 Share Posted August 14, 2004 been testing it... can't see the proggie transmiting data to somewhere in the net... so I think it's to trust... test it first... I don't really want to get flamed if this has some kind of backdoor in it and I haven't reported... I'm not a beta-tester ;) Link to comment Share on other sites More sharing options...
Mrudul Posted August 17, 2004 Author Share Posted August 17, 2004 hey ppl, did u find any ..bugs or .any suggestions ? thanx - Mrudul Link to comment Share on other sites More sharing options...
Guest Dan C Posted August 17, 2004 Share Posted August 17, 2004 Bug: Unneeded scrollbar at the bottom of the tree view. Looking for more Link to comment Share on other sites More sharing options...
kombolcha Posted August 18, 2004 Share Posted August 18, 2004 thanks, this is a nifty program Link to comment Share on other sites More sharing options...
Original_ Posted August 18, 2004 Share Posted August 18, 2004 (edited) decompiling a .net application is easy Use Reflector (preferred) or Anakrino to look at the source and see if it's secure Edit: Looks good to me. Edited August 18, 2004 by Original_ Link to comment Share on other sites More sharing options...
ozgeek Posted August 19, 2004 Share Posted August 19, 2004 A nice starting program. But the thing that is bugging me is the system is beeping at me when displaying password dialog boxes and about box. Link to comment Share on other sites More sharing options...
Mrudul Posted August 22, 2004 Author Share Posted August 22, 2004 hi everyone, thanx for suggestions. I have new version of the software attached to this note. Changes : 1) ScrollBar is made optional 2) Annoying Beeps removed from everywhere, except at places where passwords go wrong. Bug Fixes: **** IMP*** In previous version , when you save the record after modification and if "show password check box" is unchecked then the password in the record becomes ********** and is thus lost. this was stupid mistake by me. this version has solved this bug. I apologize, if you lost ur password / pin . So , it is must that you REMOVE the previous version first and INSTALL this version. 1) from Add-Remove programs remove previous version (1.0.0) 2) To install new verion (1.0.1) double click "Locker.msi " (attched with this note) suggestions welcomed. thanx. - Mrudul :) Locker_1.0.1.zip Link to comment Share on other sites More sharing options...
Syntax_Error Posted August 22, 2004 Share Posted August 22, 2004 No one has asked what encryption this program uses to securely store passwords. To Original_ - can you actually decompile .NET code? I thought if you decompile executable code you get a mess and some assembly? Link to comment Share on other sites More sharing options...
Glowstick Posted August 22, 2004 Share Posted August 22, 2004 Some people can read assembly code. The easier it is with MSIL, since you get usable class and method names due the metadata (unless it's obfuscated). Link to comment Share on other sites More sharing options...
Syntax_Error Posted August 22, 2004 Share Posted August 22, 2004 Yeah I did some assembly at Uni but they way Original_ phrased it, sounded like you can read the source Link to comment Share on other sites More sharing options...
Mrudul Posted August 22, 2004 Author Share Posted August 22, 2004 (edited) No one has asked what encryption this program uses to securely store passwords. - Syntax_Error ... I am using some encryption along with some key .... ...i would rather not make it public ...coz ..therez no need ...! thanks - Mrudul. :) Edited August 22, 2004 by Mrudul Link to comment Share on other sites More sharing options...
Glowstick Posted August 22, 2004 Share Posted August 22, 2004 I can see pretty much every info in cleartext in the serialized objects. ☺ ☺ ♀☻ NPassword Manager, Version=1.0.1695.32653, Cultu re=neutral, PublicKeyToken=null♣☺ ▬Password_Manager.Cards○ ○bank_n ame?company♦type?card_no♥pin◘validity♣other○node_name►Record+node_name ☺☺☺☺☺☺☺☺☺☻ ♠♥ ♫TEST VISA BANK♠♦ ♦Visa♠♣ ♂Credit Card♠♠ ►1234 567812345678♠? 0∞?⌐δ╛?Γ??φ??Γ??πܣ?ƫ?┐?Φ??Γ╢│???σ?╣α??Γ?╢σ??Φ??♠◘ ♣03/05♠○ ♠◙ ‼TEST VISA BANK-5678○◙ ♂ Link to comment Share on other sites More sharing options...
Mrudul Posted August 22, 2004 Author Share Posted August 22, 2004 true ... i have only encrypted .... passwords/ pins/ secret ans. i think thats enuf ! - Mrudul Link to comment Share on other sites More sharing options...
Smenus Posted August 22, 2004 Share Posted August 22, 2004 Erm, but wouldn't people want their card info to be secure too? I for one wouldn't use an app if the card numbers stored could be (fairly) easily viewed. Dunno, might just be me though... Link to comment Share on other sites More sharing options...
Mrudul Posted August 22, 2004 Author Share Posted August 22, 2004 I didnt encrypt that coz..ur card numbers are neways open ...! whenver u shop or pay onlne bills ....u have give ur number ! noother reason. - Mrudul. Link to comment Share on other sites More sharing options...
Syntax_Error Posted August 23, 2004 Share Posted August 23, 2004 No quite true, even when you get a receipt when paying by card you only get the last 4 digits, the rest are starred usually. Link to comment Share on other sites More sharing options...
Mrudul Posted August 23, 2004 Author Share Posted August 23, 2004 hmmm ...actually this is not a big issue. i can easily implement this. in next version u`ll surely find it. till then u can use it. dont worry , you wont have to re-enter records for new version. they will be taken care off :happy: or shuld i encrypt every damn thing ?? any other suggestions ?? thanx ..every1 - Mrudul. Link to comment Share on other sites More sharing options...
kombolcha Posted August 23, 2004 Share Posted August 23, 2004 on the credit card part.. have that encrypted and when someone tries to view it, it should ask for a second password.. i'll feel more secure that way. a password to open the locker and another password to view my saved credit card number(s) Link to comment Share on other sites More sharing options...
Mrudul Posted August 24, 2004 Author Share Posted August 24, 2004 is this level of security required ??? ... becoz therez trade off between security settings and ease of use ! Link to comment Share on other sites More sharing options...
kombolcha Posted August 24, 2004 Share Posted August 24, 2004 is this level of security required ??? ...becoz therez trade off between security settings and ease of use ! for credit card numbers!? YES, i would like more security than ease of use anytime when it comes to my card number Link to comment Share on other sites More sharing options...
Recommended Posts