My password manager, SCURP

4042

What is it

SCURP (SeCURePassword Manager) is a new password manager application I have written. It is intended to run cross-platform (Windows, Linux, OSX and whatever else that can run Java and, optionally, Firefox), and contain more functionality than what is contained within Firefox's own password manager. SCURP is still undergoing changes and should be considered beta software, at best. It should not lose or corrupt any data, however bugs are inevitable.

It is an open source application, and sources are available.

What it does

SCURP is an application that will allow you to store all of your private information and passwords in a secure, central location. All information is stored within an encrypted file (currently 128bit AES in CBC [cipher-block-chaining] mode) protected by a master password (SHA1 with 40bit RC4 password encryption).

Passwords are never stored as cleartext even while the file is decrypted. They are always stored in memory as ECB-mode ciphertext and only decrypted on-demand for short uses. This gives protection against casual memory analysis. Intensive analysis can reveal the encryption key used to encrypt the database, although I believe this to be quite difficult. The memory location of the encryption key must be discovered and then access to the appropriate pieces of data must be found.

Connectivity

The password manager has multiple methods for interacting with external applications. The most basic interaction is through the system clipboard. Another method of interaction is through the use of AutoType. The most advanced interface is through a custom Web Service.

Comment

No HTML is allowed. Numeric entity refs (&#nnnn;) are supported. Use {{{ and }}} to delimited preformatted sections. Items noted by * are mandatory.

Identify yourself

All new comments are moderated for spam protection. Email addresses are visible only to the entry owner and administrators.

  • Use AccessKey-P to Preview and AccessKey-S to Post