PassKeeper 1.0, 32-bit
by Brad Greenlee
Copyright 1995 iSYS International
All Rights Reserved


Introduction
------------
PassKeeper is a Windows utility that allows you keep a list of accounts with
usernames, passwords, and notes. This list is stored encrypted.

I developed PassKeeper in order to keep track of the many different "accounts"
I have across the Net. Many services on the Web, for example, require you to
register and give out a username and password, which you are often allowed
to pick out yourself, but not always. Examples of such services include
HotWired, Pathfinder, Amazon, etc. Of course, PassKeeper can be used to safely
keep a record of anything, really.

PassKeeper is freeware. All I ask is that this file remains with any
redistributions of PassKeeper. Also, if you find any bugs or have any
suggestions on improving PassKeeper, feel free to email me at brad@isys.hu

The most up-to-date version of PassKeeper can always be found at
ftp://ftp.isys.hu/incoming/win/utilities/passkeep.zip

PassKeeper uses Eric Young's implementation of CBC Triple DES Encryption.
Please see his copyright info at the end of this document.


Installation and Usage
----------------------
Installation is simple. You've already done it. When you run PASS32.EXE for
the first time, you will be asked to enter the password you would like to use
to access PassKeeper in the future. This password is also the key to
encrypting and decrypting your data. It is very important that you do not
forget this password, as your data will be undecipherable. You can change
your password later, but only after logging in to the program.

PassKeeper creates two files:
  PASS.INI  Contains the user-configurable options.
  PASS.DAT  Contains the encrypted data.

If someone else using this machine would like to have their own PassKeeper
list, just copy PASS32.EXE to a separate directory.

If you ever forget your password the only thing you can do is delete the
PASS.DAT file. You will lose all your entries of course. Actually, I suggest
just renaming PASS.DAT or storing it somewhere else just in case you
eventually remember the password.


Options
-------
PassKeeper has only two user-configurable options:
  Confirm Remove        When this option is checked, you will be asked
                        whether you really want to remove an item when you
                        click the 'Remove' button.

  Auto-Save on Quit     When this option is checked, any changes you made
                        while in PassKeeper will be saved automatically upon
                        Quit (or Exit, or Close). Otherwise, you will be asked
                        whether you would like to save your changes.


BUGS
----
None. Yeah right. None that I can see right now, but I'm sure there are still
some around somewhere. Let me know if you find any.


ISSUES
------
1. I believe PassKeeper is about as secure as currently possible. If anyone
finds any holes please let me know as soon as possible. It has already been
suggested to me that checking to see if there were any keyboard hooks in
memory and giving a warning of such would be a good extra security precaution
(i.e. your PassKeeper password could be grabbed by a keyboard hook). I'll
look into this (if anyone knows how to do this or has seen code, send me an
email; you'll save me some time).

2. The .EXE is a bit fat, as I compiled it with Borland C++ 4.5 and its OWL.
If anyone knows how to significantly reduce the .EXE size of statically linked
apps (I don't want to link it dynamically because I want it to be able to
stand alone), please let me know.


That's it. Thanks for using PassKeeper!


Brad Greenlee
brad@isys.hu

Budapest
5 November 1995


DES Copyright Info
------------------
Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
All rights reserved.

This package is an DES implementation written by Eric Young (eay@mincom.oz.au).
The implementation was written so as to conform with MIT's libdes.

This library is free for commercial and non-commercial use as long as
the following conditions are aheared to.  The following conditions
apply to all code found in this distribution.

Copyright remains Eric Young's, and as such any Copyright notices in
the code are not to be removed.
If this package is used in a product, Eric Young should be given attribution
as the author of that the SSL library.  This can be in the form of a textual
message at program startup or in documentation (online or textual) provided
with the package.

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the copyright
   notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
   notice, this list of conditions and the following disclaimer in the
   documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software
   must display the following acknowledgement:
   This product includes software developed by Eric Young (eay@mincom.oz.au)

THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.

The license and distribution terms for any publically available version or
derivative of this code cannot be changed.  i.e. this code cannot simply be
copied and put under another distrubution license
[including the GNU Public License.]

The reason behind this being stated in this direct manner is past
experience in code simply being copied and the attribution removed
from it and then being distributed as part of other packages. This
implementation was a non-trivial and unpaid effort.
