automaticable

I’ve started another pet project for the summer, and I believe it’s ready for a stable release.  The program is called Pwdhash Sharp, and it’s a C#, Gtk-based desktop implementation of the PwdHash password-generator, written for Ubuntu.   We’ve written about PwdHash before, but if you’re not familiar:

PwdHash automatically replaces the contents of [site address and password] fields with a one-way hash of the pair (password, domain-name). As a result, the site only sees a domain-specific hash of the password, as opposed to the password itself. A break-in at a low security site exposes password hashes rather than an actual password. We emphasize that the hash function we use is public and can be computed on any machine which enables users to login to their web accounts from any machine in the world. Hashing is done using a Pseudo Random Function (PRF).

Now with Pwdhash Sharp, you get the same functionality integrated into your desktop.  When I first started writing this application, the PwdHash Firefox extention wasn’t compatible with Firefox 3 (although they’ve updated the addon since then), so that was another reason I needed an alternative.  Pwdhash Sharp is also convenient for non-browser applications which require a password– now you can easily use strong passwords for them as well.

Pwdhash Sharp 0.8.4 is the fourth version released, and is now relatively stable.  Some of the features include:

• Passwords exactly match those generated by PwdHash, so they are interchangable.
• Native GTK window and icons.
• Create and retrieve passwords for web- or desktop-based applications.
• Minimize to tray for convenient access when you need it.

There are two ways to download Pwdhash Sharp 0.8.4.  You can either download the .deb for your platform from the release page, or you can get uploads via my personal PPA.  The benefits of the PPA is that you will receive automatic updates of pwdhash-sharp as they occur, just like all other programs in Ubuntu.  To add it:

• In the panel, select System > Administration > Software Sources
• Select the “Third-Party Software” tab, and “Add…” to add a new entry.  In the popup, enter the line:

deb http://ppa.launchpad.net/swegner/ubuntu hardy main

• Close the software sources manager, and allow the repository cache to reload.  Now, you can install pwdhash-sharp from your favorite package manager.  On the command line:

sudo aptitude install pwdhash-sharp

Once installed, you can launch it from the “Accessories” submenu.  Use it just like the form on the pwdhash.com website.

I’m pretty happy with the project so far, but it’s by no means complete.  It’s been a learning experience in packaging for Ubuntu, as well as developing using Mono and GtkSharp.  There’s still a few bugs to work out, and some features that I’d like to add.  Namely:

• For some reason, Pwdhash Sharp can’t be launched from within Gnome Do.  Anybody have this issue?
• I’d like to add some preferences to automatically copy generated passwords to the clipboard.  Also, it might be useful to automatically minimize, and “forget” the previous site password, for security reasons.
• Also, “man” pages aren’t generated correctly, but this seems to be a packaging issue.
• It would also be nice to port to Windows, and should be relatively easy since it’s in C#.  I could either do a Gtk port, or use a native Windows interface.  Anybody interested in helping?

So, give Pwdhash Sharp a try, and let me know what you think.  I’m open to suggestions and feature requests.

PS: The PwdHash algorithm generates only pseudo-random passwords, which could be decrypted, given at least half of the key.  Can anybody figure out the password in the screenshot?