AKA the "I just got hired and I start Monday go me!" edition.
Application: Google Chrome
Category: Internet
Description: "Google Chrome runs web pages and applications with lightning speed."
[Edit: NOTE: When upgrading from the previous release, if you used Portable Passwords, please see the note at the end of this post otherwise your saved passwords may be lost when upgrading.]
Download Google Chrome Portable Stable Branch 3.0.195.33 Revision 2 Development Test 2 [1.5MB download / 34MB installed]
(MD5: 9ac73657ad96e8125b3bcbb7468b8384)
Download Google Chrome Portable Beta Branch 4.0.249.30 Development Test 1 [1.5MB download / 34MB installed]
(MD5: 29bca5cb9e92988e7d4edd0e4fee2f45)
Download Google Chrome Portable Dev Branch 4.0.266.0 Development Test 1 [1.5MB download / 34MB installed]
(MD5: 35d52a68e4ef3e1ffa0ea406af1346b8)
[Edit: Bumping for new release instead of a new thread 'cause there are mostly minor changes. I improved the algorithm slightly (not as much as I wanted to, AES refused to work, if anyone has a good code sample for AES with the Crypto API let me know) and fixed all of the other problems I mention below.]
Biggest update is the Portable Passwords! It's opt-in since it needs to prompt you for a master password on startup, and the algorithm I used to encrypt the passwords is possibly weak, and it does not hide the length of the original password. I believe I know how to use a stronger cipher for next release.
This thing was hard and I had to code it in C++ as an NSIS plugin (no way around that as far as I could tell, I tried a bunch of things) so now that it is working I will push it out and take a small break.
Known Bugs:
- When opting in to Portable Passwords (see GooglechromePortable.ini), it is possible to determine the lengths of your saved passwords without needing the master password. The master password itself uses a different encryption algorithm and does not have this problem. I will be looking at how to address this in a future release. [Edit: Haven't figured out how to use AES instead of RC4 yet, Crypto API is giving me an error the docs say it shouldn't, but I am using a stronger key length for RC4 now. If I can't figure it out or AES doesn't pad to the nearest block like I think it will, I should be able to pad the unencrypted passwords myself with nulls or something to mask the length.]
Release Notes:
2.1.1.0
- Updated Dev to 4.0.266.0 and Beta to 4.0.249.30. Google Chrome Extension gallery is live!
- Installer now shows the version of Chrome being downloaded.
- Updated the sample INI with some new notes.
- msvcr100.dll beta 2 is no longer required by the NSIS plugin. 200kb has been shaved off the launcher.
- Changes to Portable Passwords to improve security and prevent possible vulnerabilities. If you were previously using Portable Passwords you will need to import your passwords to Chrome before updating, see the note below on how to keep your saved passwords.
- Fixed bug in NSIS plugin where memory was freed twice (oops).
- Added EncryptPortablePasswords switch to INI, so you can choose to store saved passwords in plaintext. This may be useful if you already use an encryption solution such as TrueCrupt to protect your PortableApps and have no need for additional protection. This is also removes the need for a master password.
- Installer window no longer shows. DialogEx is used instead for the master password prompt.
- Tidied up some things in the launcher code (all language strings are in the appropriate NSH now).
- Updated to PA.c Installer 1.0.1.
2.1.0.0
- Updated Dev to 4.0.249.11
- Merged with John's recommended changes to the launcher/installer.
- Updated to PAF 1.0
- Fixed some details in the docs. 4.0 beta doesn't have extension support at all.
- Fixed network paths not working with the theme path fixer. Note that running from a network folder is not supported. If you encounter problems, try mapping a drive letter to the folder and running GCP from there.
- exclude.txt has been removed from Source since it is no longer needed.
- Local Chrome will no longer lose track of its profile if "User Data" was set up as an NTFS junction.
- Passwords can now be preserved accross user accounts and computers by setting PortablePasswords to true in GoogleChromePortable.ini. You will need to provide a master password as an alternative to Chrome's built-in encryption to keep your passwords safe. See GoogleChromePortable.ini for more details.
Importing Old Portable Passwords
I made some changes to Portable Passwords to remove or reduce vulnerabilities (I'm new at this "security" thing, sorry), which means old Portable Passwords will no longer be understood by the launcher. But, you can ensure they are imported into Google Chrome's local-user-account encrypted passwords database, and then upgrade Google Chrome Portable, which can then regenerate the Portable Passwords from your Google Chrome profile.
Note that if you toggle the new EncryptPortablePasswords flag in the INI (side note: I highly recommend it be kept on unless you know what you're doing) you should also follow this procedure to avoid losing saved passwords. Replace "upgrade" with "toggle the INI switch", or "change your master password"; the procedure is the same.
Start the old GCP up on your computer to ensure the Portable Passwords are correctly imported into your Google Chrome profile. Then close GCP and remove the Portable Password files to force their regeneration in the new format:
Data\settings\masterpassword.hash
Data\profile\\Portable Passwords
Next, perform your upgrade, and start GCP. Enter your master password (you can even pick a new one if you want, since we're rebuilding Portable Password files), and wait for GC to start and then close it. Your new Portable Password files should be regenerated from your profile's saved passwords.