Development: progress and thougts

[f0dder]

I figured it's about time I write down some thoughts on the future of fSekrit in one (hopefully coherent) thread, rather than having bits and pieces spread across various other threads. So, without further ado, here goes a braindump

Current state of fSekrit
The program is relatively close to being feature-complete, at least in the context of the features I originally envisioned. A few of the unimplemented features require a fair amount of code, however, feature count isn't everything.

Not all code is as clean as I would ideally want, there's a fair amount of commenting and documenting to be done, and a bunch of refactoring as well. Work has been started on this.

There's currently no test suite, which is... pretty bad. There's been a few bugs that a test suite would/should have caught. Never really found any C++ unit testing framework I liked, but I recently bumped into gtest which actually looks pretty decent. Feedback?

Overall, I'd say that the project is in relatively good shape.

fSekrit in the future
Keywords:

• Modularizing - progressing nicely, "sekritCore" close to done.
• Documentation - update & cleanup existing. (Internals, not readme.txt)
• Unit testing - not started.
• Key derivation - implement PBKDF2 instead of sha256(passphrase).
• Tabbed interface - multiple "document streams" in one container. Work has been started.
• Mass upgrader - automate upgrading of editor part of documents.
• Open-source - unleash the source code unto the world.

The current goals are towards cleaning up the source code, before new functionality is added. This means modularizing, documentation, unit testing. Work is progressing nicely (load-code has been refactored & works, save is yet to come), but there's still a fair amount of work to be done. Executable size has bloated a bit, but once unit tests are in place and refactoring is done, some code will be specialized instead of using standard C++ containers, which should bring code size down to the size of 1.40 - perhaps even a bit smaller.

Once cleanup is done, I'll have to decide on whether I want to open-source the project first, or if some of the missing features should be implemented. I'm leaning towards open-sourcing first, perhaps implementing PBKDF2 first. Feedback?

Opensourcing fSekrit
I've been wanting to do this for a while, it's something that has been planned pretty much from the beginning. I didn't want to release the code before it is "decent enough", though - I'll have to admit that some revisions haven't exactly been top-grade code

There's various decisions to be made wrt. opening the source. One of them is license - it's definitely not going to be the horribly yucky GPL. Basically I don't want anybody making money off my work, I want attribution if my code is re-used, and I'd prefer to stay in charge (though this last requirement needn't be enforced in the license). Feedback?

There's also the issue of hosting. Forum and binary downloads probably still fit just fine on donationcoder.com and dcmembers.com, but I'm not sure what to do with the source code. I'm considering SourceForge or GoogleCode, dunno if there's other/better choices. Feedback?

At least initially, I'm going to keep the subversion repository on my own private server, and let people contribute patches if they want. Source code previous to the open-sourced version won't be public available. Eventually, it'd be nice to have updates to my own repository mirrored to a public repository; this really screams "move to a DVCS". Feedback?

I might want some bug tracking / feature request system as well... that would probably come with the source hosting. I've used RedMine a bit, and that's the one I've been liking best - trac is apparently nice, but looks a bit unpolished.

[mouser]

Sounds nice.
We have a redmine set up on http://redmine.dcmembers.com -- if you create an account i'll make an fsekrit project for you there.
The multiple document streams idea sounds interesting..

[f0dder]

We have a redmine set up on http://redmine.dcmembers.com -- if you create an account i'll make an fsekrit project for you there.

-mouser (February 01, 2010, 03:23 AM)

Thanks, but I don't need it right now - I have redmine on my private server, and I use ToDoList for managing stuff right now... it's when opensourcing the project that issue-tracking might come in handy, and I expect whatever source hosting to provide issue tracking. If it doesn't, or it sucks, I'll definitely take up your offer, though

The multiple document streams idea sounds interesting..

-mouser (February 01, 2010, 03:23 AM)

Yep, and it's something that has been requested by users. And I can definitely use it myself to organize my passwords.exe a bit better

Btw, another thing I'm considering is a BeyondCompare plugin so fSekrit documents can be compared without decrypting temporarily to disk - I'll have to check out how much work this requires, but it's definitely also something I could use myself... sometimes I add new password entries on my laptop, and end up with files that are out of sync. Having factored the container load/save stuff out to a separate project was a prerequisite for even considering this.

[Lashiec]

There's various decisions to be made wrt. opening the source. One of them is license - it's definitely not going to be the horribly yucky GPL. Basically I don't want anybody making money off my work, I want attribution if my code is re-used, and I'd prefer to stay in charge (though this last requirement needn't be enforced in the license). Feedback?

-f0dder (January 31, 2010, 05:48 PM)

Custom license? :D

I doubt you will find any license that fulfill all the requirements, but except for the last one, you may find something in the OSI list. The Non-Profit Open Software License 3.0 sounds good. Alternatively, I found something at the Fedora wiki

It seems you have the same problem as the bsnes author had a while ago. Pity that his custom license has been retired (he's using the GPLv2 now, heh). Of course, any custom license might not hold up in court, unless you have it reviewed by an experienced lawyer.

[f0dder]

Wow, that bsnes blog post is long - might read it a bit later.

I was considering Creative Commons Attribution-Noncommercial-Share Alike, as I think :p it supports the attribution and non-commercial aspects that I want. The Attribution-Noncommercial-No Derivative Works would also add the "stay in charge" aspect, but it seems a bit draconian.

[Lashiec]

Yeah, the last one does not seem to allow reusing code. In any case, is it a good idea to use a Creative Commons license for software?

BTW, the CC page is beautifully designed. The FSF or the OSI could learn a lot of things from them, would make things easier for people choosing the most appropriate license for their software, as well as explaining the big points of the license without forcing the author to go through all that legalese.

[f0dder]

Yeah, the last one does not seem to allow reusing code. In any case, is it a good idea to use a Creative Commons license for software?

-Lashiec (February 01, 2010, 10:28 AM)

That's definitely something I'd like to hear other people's thoughts on - it does feel a bit awkward. If somebody can find me a software-specific license that resembles CC's Attribution-Noncommercial-ShareAlike, let me know

[nitro3]

I know you are thinking about opensoure, which is great!. but for now i had a question about programming. I am mostly interested in how you saved the user data back into the exe to make it self contained. I was trying to find some tutorials of this type but could not find success. is there a reference you used that you can point me to? also what programming languag is fSekrit written in.

Thanks you

[f0dder]

fSekrit was written in C++, with all GUI stuff done through direct Win32 API calls - no MFC or whatnot.

As for the exe updating, this is great fun . First, you need to identify whether there's saved data or not. For this, I write an 8-byte tag to the end of the exe (*after*) data is appended. This consists of a 4-byte magic marker value, and a 4-byte "size of data blob".

That's the easy part - actually writing the data isn't so easy, since Windows keeps a lock on executable files while they're running. Thus, I have to do a funky little dance where I copy the opened fSekrit note to %temp%, run that with command-line arguments, and have this copy in %temp% update the original file.

[Stoic Joker]

After recent events, I had to go back and double check on how the code for T-Clock was originally released. It was (thankfully) just included in the download with no strings attached to be used as a learning aid (according to Kazubon).

And it occurred to me; if I did release the code in the same fashion (which I'm inclined to do), and someone expanded on the work to create a commercial product that they got rich on (not likely but...), am I really willing to/interested in going through all the legal/lawyer crap? The answer is simply no. Frankly, any lawyer I could afford would get shredded instantly, so I'll be much farther ahead just saving the money.

Now you are the original author of FSekrit - A fine program indeed - But are you really willing to go through all the legal crap if somebody learned enough from your code to get ahead?

Just a Thought,
Stoic Joker

[f0dder]

Now you are the original author of FSekrit - A fine program indeed - But are you really willing to go through all the legal crap if somebody learned enough from your code to get ahead?

-Stoic Joker (August 22, 2010, 08:52 AM)

An interesting question, really. And the answer is probably no - I don't have the time nor money to do that.

fSekrit is a pretty small app, and I doubt it'd be easy for people to rip it off and sell it - yes, a lot of people are sheeple, but still. It'd hurt to see other people profit from my work, but on the other hand I think there's a lot of value in having the source code open; people tend to trust encryption application a bit more when they can verify there are no back doors

[panzer]

For paranoid users:

Add possibility to encrypt with Serpent algorithm (it is apparently even more secure than AES, but slower and more difficult to implement)

and

implement 2-pass encryption mode: pass 1 Serpent, pass 2 AES

Just kidding. FSekrit is good enough as it is.

For those who need Serpent or some other algorithm (or 2-pass encryption mode), there is ClipSecure (http://sourceforge.n...projects/clipsecure/). You can mix 5 chaining modes, 6 hash types, and 7 algorithms to find your ideal security formula.

[f0dder]

Alternate encryption algorithms isn't something I've planned on implementing in fSekrit, at least not before every other ToDo item has been fixed.

Why? Because I find it extremely unlikely we're going to see Rijndael broken... at least to the level where it's breakable by anybody but the largest criminal gangs or governments (tomato/tomato, I guess). And if those people are after you, they've already gut rubber hose cryptography, which breaks just about anything available today.

Alternative crypt algos will add several kilobytes to the executable, while fSekrit's primary goal after security was to keep things simple & slim. And I can't help ponder that if one of the major block ciphers was severely broken, wouldn't that mean advances in maths/quantum computing/whatever that would also deliver serious blows against the other contenders, considering they're (AFAIK) similarly structured?

This is a fine point in favor of opensourcing, btw - to let other people work on adding new algorithms . I'd probably accept such changes into the main distribution, if the patches allowed for easily building versions with/without the extra algorithms, so the main/baseline executable can be kept slim.

[panzer]

1. Please make an option to save files but without lock icon (Windows shouldn't recognize it) and that it wouldn't be self-extracting exe. It should be accessed only throught FSekrit menu Open file.

Why?

Let say I live in a country with a represive regime. I get a visit from a policeman (not stupid, but not bright either). He checks my comp. He then finds files with lock icon. He doesn't know what are they so he double clicks on it. A window opens requiring from him a password. Just because I have password protected files it could cost me my freedom i.e. I could go to jail or they would torture me until I would tell them the password.

Truecrypt and Dscrypt are great because files are recognized as unrecognizable (you have to make that in Options), by double clicking on them you will get a window asking you Which programm should I use to open it. If that policeman asks you what is this unrecognizable file, you can just say It is just a leftover from a messy uninstalation. He can't tell for sure it is a encrypted file.

Weird scenario, but self-extracting exe files are not great idea for all users.

Does this make any sense?

2. When you save file as read only, you are not allowed to save it once more to some other location for backup (if you mistakenly delete it) - the options remain grey. Why is that? By normal saving, you can save the same text multiple times without fuss.

Have a nice day!

[f0dder]

#1: I actually do plan on supporting fSekrit "documents" without the executable prepended - but it's not not going to be 100% anonymous, since (contrary to how e.g. TrueCrypt works) the fSekrit documents have a file header. But if you don't set up a file association, you won't get the icon and double-click behavior. It's on my ToDo list.

#2: different people are asking for different things wrt. how read-only should work. You can always manually copy the .exe file from explorer, or copy/paste text into a new document, or use the export functionality

[panzer]

Thank you for answering me.