OfficerBreaker
kvass
OfficerBreaker | kvass | |
---|---|---|
14 | 8 | |
588 | 881 | |
- | - | |
1.8 | 0.0 | |
almost 2 years ago | 5 months ago | |
Java | Go | |
- | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
OfficerBreaker
-
[HELP] Excel file protected by password, we need to access this.
If open xml format try https://github.com/nedlir/OfficerBreaker
- OfficerBreaker - pptx/docx/xlsx密码去除器 (OfficerBreaker – pptx/docx/xlsx password remover)
-
Hacker News top posts: Jul 24, 2022
OfficerBreaker – pptx/docx/xlsx password remover\ (22 comments)
- OfficerBreaker – pptx/docx/xlsx password remover
- I built pptx/docx/xlsx password remover for read-only files
- pptx/docx/xlsx read-only password remover
kvass
- Show HN: Kvass,一个个人键值存储器 (Show HN: Kvass, a personal key-value store)
- GitHub - maxmunzel/kvass: a personal key-value store
-
Show HN: Kvass, a personal key-value store
Hi mbreeze!
> this seems to just be a SQLite database with values in fields?
Sqlite is used as a storage format ("SQLite competes with fopen()"). The key-value pairs are stored as a modified Append-Only CRDT. The LUB-Operation (to merge to states while syncing) is implemented here: https://github.com/maxmunzel/kvass/blob/e32fdabdc86b039f716c...
> anyone with access to the file would be able to see all data stored?
Yes, attackers with access to your fs are not part of my attacker model. I rely on disk encryption for that matter.
> Do the clients cache data locally? It looks like you're basically syncing from the server for every request. You're already making a round trip to the server for a request anyway, so why not keep state only on the server? I can understand an offline-only mode, but this would require a significantly more robust sync mechanism. If this was the goal, I'd love to see this discussed more in the README too.
The sync mechanism is actually pretty solid, as its based on CRDTs. One of the applications of kvass is central management of config files, so automatic syncing and offline fallback are important.
> What is the purpose of the ProcessID?
The Counter Variable implements a rudimentary implementation of Lamport clocks. To get a total order from Lamport clocks, you need ordered, distinct process ids. The process id's don't really need to mean anything and the Lamport clock is itself just a fallback for the case that the wall-clock timestamps collide (see the Max() function), so it's practical to just draw them randomly.
> I didn't see any authn/authz in the requests. You're also unmarshalling random data from the request w/o confirming that it is valid first. This seems risky to me and could potentially crash the server if I were to send it random data.
Authentication is provided by the GCM mode of AES. As I decrypt (and thereby verify) early, I can assume to work on trustworthy payloads. GCM is also non-malleable unlike for example CBC or CTR.
As suggested by losfair, I'll switch to PSK TLS as soon as it's available or just put HTTPS in front of the end-points. But that's not high-priority right now.
-
Hacker News top posts: Jul 24, 2022
Show HN: Kvass, a personal key-value store\ (51 comments)
What are some alternatives?
prima - PRIMA is a package for solving general nonlinear optimization problems without using derivatives. It provides the reference implementation for Powell's derivative-free optimization methods, i.e., COBYLA, UOBYQA, NEWUOA, BOBYQA, and LINCOA. PRIMA means Reference Implementation for Powell's methods with Modernization and Amelioration, P for Powell.
Prima
llvm-m88k - LLVM backend for m88k architecture
DocBleach - :shower: Sanitising your documents, one threat at a time. — Content Disarm & Reconstruction Software
browserpass-extension - Browserpass web extension
strongbox - A secret manager for AWS
custom-learning-office-365 - Microsoft Learning Pathways end user learning solution for Microsoft 365 customers.
Doctool - A tool to manipulate .docx files (shrink images size, remove password lock for edits, etc.)
pdfarranger - Small python-gtk application, which helps the user to merge or split PDF documents and rotate, crop and rearrange their pages using an interactive and intuitive graphical interface.
john - John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs