[ADDED] Calculate cost for cracking a password.
[UPDATED] Hardware cost data based on various GPUs with updated hashcat metrics.
[ADDED] Ability to calculate the strength of an arbitrary password.
In some situations, the cipherText that was passed in is actually
plainText. Old mpsites files used to store the login name as plain text
even though the file was redacted. Newer versions of the file store the
login name as ciphertext. There is no clear way to distinguish between
the two cases.
Error message lifecycle was limited to the static mpw_str buffer, which
is far too limited and also dangerous. Own the message by the
MPMarshalFile object, freed in mpw_marshal_file_free.
- Order of fall-back formats from most to least preferred.
- The keyID should be based on the user algorithm, not the site algorithm.
- Standardize mpw_format* function names.
Documented the data fields in the marshal structure to avoid value
ambiguity.
NULL values for eg. identicon shouldn't serialize to flat (mpsites) file
as "(null)" but rather as empty "".
Parsing header values from the flat file that are empty yielded NULL
instead of the empty string since mpw_strtok was needlessly aggressive
on that front.
Don't memcpy beyond src buffer size in strcpy implementation.
Technically safe since the buffer overrun was replaced by NUL, but act
can trigger memory safety features.
Move secret keys out of the repository and hide them in the binary.
C-string -> String decoding for unsigned strings and buffers to
facilitate conversion of various C API strings into Swift.
Some cleanup in base64 coding utility.
A utility for converting hex strings into byte buffers.
Improved checks during AES routine and fix PKCS padding bug if
plain text fits block size.
Logging now happens at the mpw-core level, by default using sinks that
can be registered.
For iOS we forward log messages to os_log for unified logging. We also
keep a record of log messages for future retrieval in a log view.
This obsoletes and removes Pearl's logger entirely.
Maarten Billemont