(Legacy) KPassC Documentation
Document remains available for legacy users of KPassC
Introduction
KPassC is a free ware software application which offers security for end user credentials.
The specialise software equips its end users to deploy cryptographic security over
valuable contents such as workstation textual notes, account login credential information
and also serves as a bookmarker to store universal resource identifiers (URIs) commonly
abbreviated as URLs and/or web addresses.
Its aim is to simplify the use of cryptographic technology to secure information locally
which is of frequent use, provide an interface where such information can be easily
accessed and which encourages the use of multiple distinct passwords by remembering
one strong password we denote as a master key.
This encourages end users to remember one password whilst using multiple distinct
passwords for all web services and accounts they may use each day.
1.1 Motivation
Over half of everyday internet users in 2013 still use the same password for every account
login and for security this poses a significant problem when this password exists within the
wild. Ofcom, a UK communications watchdog described the issue as appalling (Naked
Security, 2013). There are numerous articles which document the wide increase in cyber
attacks taking place which is expected to continue as more and more communities adopt
cyber infrastructure into their societies (Uk.reuters.com, 2014) (Theregister.co.uk, 2014).
The growth of a digital economy which is replacing a traditional economy brings with it
traditional risks. Risks such as theft which have always been a risk to society no doubt
exist within digital economies, the protection from which resides solely upon security
counter measures to protect account credentials.
An issue with the research performed by Ofcom to which 55% of internet consumers using
the same password for multiple web accounts is that should one database which serves a
web service be compromised, many distinct web services are at risk if a majority of the
user base are using the same password on these other web services which are governed
by their own distinct database.
It is not uncommon within the industry to hear of victims who had their email address
compromised to suddenly find that many other accounts belonging to the same account
holder were also compromised in the same attack. Should any account type be that of a
financial account then the consequences can be severe in addition to a severe violation of
a victims human rights.
1.2 Privacy and Encryption
Privacy is a corner stone of human rights legislation. It aids individuals in democratic
states to go about their business without outside interference. Encryption in the digital age
is unfortunately a necessity to safe guard this human right and prevents eavesdropping by
competitors and others who pose a threat to the well-being of an individual or the success
of a legitimate business, in the latter these are denoted as trade secrets which need be
protected.
In business, one must safe guard their intellectual property against those who wish them
economic harm. Likewise individuals have the right not to disclose every minute detail of
themselves to others without their consent.
Those who oppose the right to privacy with the argument "nothing to hide, nothing to worry
about" are the reason why true democratic states uphold the right to privacy and the
reason it was included in human rights legislation, article 8. We only have to look back at
history post WW2 to acknowledge why hence the drafting of the human rights act which
includes privacy as a vital necessity for citizens to protect themselves from third party
interference; the same reason mail is addressed to its owners and protected by democratic
law.
1.3 Benefits
KPassC allows you to manage credentials locally and optionally offers a cloud facility for
those who require it. Note that cloud support is optional and support within the client
allows you to develop your own as detailed in section 2 should you require this
functionality.
Alternative solutions use commercialised database systems to manage many users thus
your information is subject to being sold to third parties in addition to them monitoring your
use of the web with browser plug-ins. With KPassC you are free of all these concerns
since you are given the client to use on your own computer governed by your own security
solution.
KPassC is a software application which does not interface with your web browser. Thus
you have total control over your data without the use of complex routines, database
administration or invasive browser add-ons.
2 KPassC
KPassC is a cross-platform software application that can be run on Microsoft Windows and Linux operating systems. It comes equipped with an effective graphical user interface which is user friendly to manage any credentials which will eventually populate the data structure.

The search bar facilitates filtering numerous entries should you ever get to the stage
where you possess many hundreds of items thus you can obtain specific items quickly by
providing title specific keywords and the filter also checks for the existent of sub strings
within titles. Consideration into the software engineering and time complexity of data
structure design has been tested robustly to ensure speed is never an issue once size()
runs into the tens of thousands.
The search takes place in real time thus just type to begin a filtered search and remove the
terms to remove the filter or alternatively click the corresponding brush metaphor button
situated to the right of the search bar. Entries may also be filtered by one of the many
folders you are able to create and these are visible in the left column widget on the main
interface which may be selected by the mouse.
Should items ever need be located which possess a specific email address then special
filters have been implemented which allow you to delimit these entries. To search for all
login accounts with a specific email address, you may use the form in the search bar:
Which will yield a results list of ALL accounts which have an email address field value
equal to the input: name@domain.ext
You may wish to locate clear-text in an encrypted note, to do this you may use the form:
Which will yield a results list of encrypted text messages where the textual expression is evident in its clear-text.
2.1 Eavesdropping and Idle Computers
Items within KPassC are only decoded when needed thus the data structure resides in
memory in an encrypted state thus no other process on the same computer can eavesdrop
on their contents from within memory.
Should a computer be left unattended, KPassC periodically locks itself into the system tray
after 3 minutes of in-activity thus will require the input of the cipher key to unlock. If the
key given is incorrect, the clear-text value of item contents will not be decipherable thus
leaving your computer to sit idle will not inherit a threat since the software will
automatically lock itself away from harms reach.

Passwords are always masked by default when selecting a login type item from the client software. You may unmask the password field by clicking the asterisk metaphor button or simple click the copy button which will place the password into clipboard memory. After a short duration, this clipboard memory will be restored to its prior contents. This can be ideal should you be using KpassC in the presence of others since the password field will need not be visible on screen.
2.2 Data Format and Export Support
You may review the data structure data by clicking the Tools menu and selecting Local Cache and choosing Export from the sub menu. By observing this data dump, it will appear as a meaningless data dump to inexperienced users.
This data is simply a base64 dump. You may use a base64 decoder to revert this base64 encoding to a decipherable clear-text. On a Linux terminal you may use the form:
… where data_dump.xml is the base64 encoding and decoded_clear_text.txt is the
decoded clear text for further examination.
Within the decoded_clear_text.txt, you will see on the second line a unique string
beginning with the sub string <kpassc. Within this sub string exist three useful attributes
which mean the following:
updateTime | The unix time of the last data change within the data structure |
genTime | The unix time equal to the time when the data was generated |
datumCount | The number of item entries within the entire data structure |
Next in the data dump are a series of folder strings, one equal to one folder thus the
number of folder lines is equal to the number of folders defined within the client. From this
point forth all attribute values are encoded in base64. Decoding these singleton encodings
within the attribute quotations will reveal cipher texts.
Beware that you cannot decode the cipher text without a functional copy of the LDCa
algorithm, a correct alphabet pre-set and a unique key which inherits the correct
mathematical properties used to encode an initial clear-text to produce the evidential
cipher texts.
Following all lines beginning with the sub string <folder will follow all item entries beginning with the sub string <datum.
Note that all time stamps within the XML data dump use Unix time and are relative to UTC
time coordinated.
2.3 Autonomous Data Dispatching
Familiar users will have noticed the cloud detail dialogue which exists to support synchronisation of the data structure in real time should the feature be needed.

The software utilises a TCP/IP socket where if the details are fulfilled in this dialogue, a
synchronisation process will take place every 3 minutes. This is incredibly valuable if you
find yourself working on many distinct operating systems or computers. You may rely
upon this robustly tested feature to safely and securely transit your ciphers to all clients
with the correct synchronisation details.
You will see that it is possible for an entry programmer to create their own cloud facility to a
remote database lookup utility by creating a simplistic daemon which can read and write
data onto the endpoint of the client TCP/IP socket.
The default values kpc://nullox.kpassc and port 80/443, you may change them to fit your
needs. Whilst in production, you are strongly encouraged to adopt SSL for your business
thus use port 443 which will invoke a secure socket to handle data exchange.

The bottom right area of the toolbar displays the time since the last synchronisation
operation took place. The timing of this operation cannot be changed albeit we may
introduce a setting in the future to facilitate timing change. In our testing we have found 3
minutes to be ideal even when ciphers are shared amongst many members working within
the same organisation which need coordinate real-time sensitive data IO.
Upon a synchronisation operation, a HTTPS POST takes place where the data is posted
to a remote web service. REST parameters are of the form:
FIELD | VALUE |
EMAILADDR_S | Email Address |
PASSWD | Password |
DATAXML | Encrypted Data Structure |
As mentioned in section 2.3, an updateTime attribute exists in the XML data which stores a
Unix time stamp equal to the last data change made to the data structure model within the
client. You may use this metric to determine whether the HTTP POST warrants a READ or
WRITE operation upon a remote database.
It is wise not to modify the contents of the $_POST['DATAXML'] on either a READ or
WRITE operation since its contents is checked by the client to determine whether the data
format is verifiable and secondly whether the internal data structure within the client is to
be updated with the returned data by the web service.
Reference(s)
- Naked Security, (2013). 55% of net users use the same password for most, if not all, websites. When will they learn?
- Theregister.co.uk, (2014). Freenode IRC users told to change passwords after securo-breach.
- Theregister.co.uk, (2014). Leak of '5 MEELLLION Gmail passwords' creates security flap.
- Uk.reuters.com, (2014). EBay asks 145 million users to change passwords after cyber attack