Lock vault after 3 wrong attempts (Fixes #197)

    Fix share button, fix shared_key not added to storedCredential after sharing (Fixes #249)
    Add password app importer. Fixes #248
    Fix version check via proxy. Fixes #237
    Fix activity app not filtering. Fixes #246
    Add EnPass txt importer. Fixes #159
    Fix for disabled share button
    Require vault key for export. Fixes #199
    Indicate that sharing only works with users that have 1 or more vaults.
    Fixes #242
    Reset tags on logout. Fixes #245
    Ability to enter OTP secret manually. Fixes #198
    Create teampass importer. Fixes #244

1 files changed, 70 insertions, 23 deletions

diff --git a/README.md b/README.md
index d2b4926d..4a4f3388 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,5 @@
 #Passman
+Passman is a full featured password manager.
 
 [![Build Status](https://travis-ci.org/nextcloud/passman.svg?branch=master)](https://travis-ci.org/nextcloud/passman)
 [![Codacy Badge](https://api.codacy.com/project/badge/Grade/749bb288c9fd4592a73056549d44a85e)](https://www.codacy.com/app/brantje/passman?utm_source=github.com&utm_medium=referral&utm_content=nextcloud/passman&utm_campaign=Badge_Grade)
@@ -6,11 +7,37 @@
 [![Scrutinizer Code Quality](https://scrutinizer-ci.com/g/nextcloud/passman/badges/quality-score.png?b=master)](https://scrutinizer-ci.com/g/nextcloud/passman/?branch=master)
 
 
-Passman is a full featured password manager.
-Features:
+## Contents
+* [Screenshots](https://github.com/nextcloud/passman#Screenshots) 
+* [Features](https://github.com/nextcloud/passman#features) 
+* [External apps](https://github.com/nextcloud/passman#external-apps)
+* [Security](https://github.com/nextcloud/passman#security)
+  * [Password generation](https://github.com/nextcloud/passman#password-generation)
+  * [Storing credentials](https://github.com/nextcloud/passman#storing-credentials)
+* [API](https://github.com/nextcloud/passman#api)
+* [Docker](https://github.com/nextcloud/passman#docker)
+* [Maintainers](https://github.com/nextcloud/passman#main-developers)
+* [Contributors](https://github.com/nextcloud/passman#contributors)
+
+
+
+
+##Screenshots
+![Logged in to vault](http://i.imgur.com/ciShQZg.png)   
+
+![Credential selected](http://i.imgur.com/3tENldT.png)   
+
+![Edit credential](http://i.imgur.com/Iwm3hUe.png)   
+
+![Password tool](http://i.imgur.com/ZYkN70r.png)
+
+For more screenshots: [Click here](http://imgur.com/a/giKVt)
+
+
+## Features:
 - Vaults
 - Vault key is never sent to the server
-- Credentials are stored with 256 bit AES
+- Credentials are stored with 256 bit AES (see [security](https://github.com/nextcloud/passman#security))
 - Ability to add custom fields to credentials
 - Built-in OTP(One Time Password) generator
 - Password analyzer
@@ -21,7 +48,9 @@ Features:
   - DashLane
   - ZOHO
   - Clipperz.is
-
+  - EnPass
+  - [ocPasswords](https://github.com/fcturner/passwords)
+  
 
 For a demo of this app visit [https://demo.passman.cc](https://demo.passman.cc)
 
@@ -29,10 +58,10 @@ For a demo of this app visit [https://demo.passman.cc](https://demo.passman.cc)
 - NextCloud 10 / 11
 - ownCloud 9.1+
 
-## Browser extensions
-At this moment we don't have any extensions available, sorry!   
-However, if you're interested in helping us (or you want to guide us while building)   
-Check out: https://github.com/nextcloud/passman-chrome-extension
+
+## External apps
+- [Firefox / chrome extension](https://github.com/nextcloud/passman-webextension)
+- [Android app](https://github.com/nextcloud/passman-android)
 
 
 ## Supported databases
@@ -44,28 +73,46 @@ Check out: https://github.com/nextcloud/passman-chrome-extension
 Untested databases:
 - pgsql
 
+## Security
 
-##Screenshots
-![Logged in to vault](http://i.imgur.com/ciShQZg.png)   
+### Password generation
+Passman features a build in password generator.
+Not it only generates passwords, but it also measures their strength using [zxcvbn](https://github.com/dropbox/zxcvbn).   
+![](http://i.imgur.com/2qVBUfM.png)   
 
-![Credential selected](http://i.imgur.com/3tENldT.png)   
+Generate passwords as you like   
+![](http://i.imgur.com/jcRicOV.png)   
+Passwords are generated using the random functions from `sjcl`.
 
-![Edit credential](http://i.imgur.com/Iwm3hUe.png)   
 
-![Password tool](http://i.imgur.com/ZYkN70r.png)
+### Storing credentials
+All passwords are encrypted client side using [sjcl](https://github.com/bitwiseshiftleft/sjcl) which uses AES-256 bit.
+Users supply a vault key which is feed into sjcl as encryption key.
+After the credentials are encrypted they are send to the server, there they will be encrypted again.
+This time using the following routine:
+- A key is generated using `passwordsalt` and `secret` from config.php *so back those up*
+- Then the key is [stretched](http://en.wikipedia.org/wiki/Key_stretching) using [Password-Based Key Derivation Function 2](http://en.wikipedia.org/wiki/PBKDF2) (PBKDF2).
+- [Encrypt-then-MAC](http://en.wikipedia.org/wiki/Authenticated_encryption#Approaches_to_Authenticated_Encryption) (EtM) is used for ensuring the authenticity of the encrypted data.
+- Uses openssl with the `aes-256-cbc` ciper.
+- [Initialization vector](http://en.wikipedia.org/wiki/Initialization_vector) (IV) is hidden
+- [Double Hash-based Message Authentication Code](http://en.wikipedia.org/wiki/Hash-based_message_authentication_code) (HMAC) is applied for verification of the source data.
 
-For more screenshots: [Click here](http://imgur.com/a/giKVt)
 
-## Encryption (server side)
-All passwords are encrypted client side AND server side.
-This means that if you move to another server you have to backup the following from config.php
-- `passwordsalt`
-- `secret`
+### Sharing credentials.
+Passman allows users to share passwords (this can be turned off by an administrator). 
 
-## Support Passman
-If you like passman, support us via [patreon](https://www.patreon.com/user?u=4833592) or [paypal](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=6YS8F97PETVU2)
 
 
+## API 
+For developers passman offers an [api](https://github.com/nextcloud/passman/wiki/API).
+
+## Support Passman
+Passman is open source, but we would gladly accept a beer (or pizza!)   
+Please consider donating via
+- [Paypal](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=6YS8F97PETVU2)
+- [Patreon](https://www.patreon.com/user?u=4833592)
+- Bitcoin: 1H2c5tkGX54n48yEtM4Wm4UrAGTW85jQpe
+
 ## Code reviews
 If you have any improvements regarding our code.
 Please do the following
@@ -77,8 +124,8 @@ Please do the following
 Or if you're feeling lazy, create an issue, and we'll think about it.
 
 ## Docker
-To run passman with docker you can use `docker run  -p 8080:80 -p 8443:443 brantje/passman`
-To use your own SSL cert mount them as below   
+To run passman with docker you can use `docker run  -p 8080:80 -p 8443:443 brantje/passman`   
+You have to supply your own ssl certs.   
 Example:   
 `docker run -p 8080:80 -p 8443:443 -v /directory/cert.pem:/data/ssl/cert.pem -v /directory/cert.key:/data/ssl/cert.key brantje/passman`