Release Notes

2.20160912.64c83fd

Let's face it.

You cannot use Gobbledygook without having a mobile version.

Neither can I! So I decided to write Gobbledygook for Android!

In preparation for the release for Android, this update brings incompatible changes to Gobbledygook.

Changelog

• Domain Names: The domain field is dropping the "www." etc from the front.
• Automatic SaltKey Generation: Gobbledygook automatically generates the salt key on first run (i.e. when none exists), without forcing the user to do so.
• Hide Advanced Options: The options for iterations/truncation/saving custom overrides have been moved to an "Advanced..." collapsible, since they are not expected to be touched often. Having them in the main view just made the UI clunkier.
• Z85-encoding by default: The default scheme for encoding the final password now is Z85 (ZeroMQ implementation of Base85-encoding), which provides special characters in the password and therefore makes it stronger. To switch back to the old Base64-encoding for websites that don't allow special characters in password, check the "No special characters" checkbox under "Advanced..."
• Import/export settings: Settings can now be exported/imported between browsers - between two Firefox instances, between Firefox and Chrome, and eventually between mobile and browser, as all versions will be compatible with each other. For Firefox, the storage API now uses local storage instead of the sync system - a limitation of the current webextension API support in Firefox at this time; the export/import options provide a workaround for this.
• Options UI: The Firefox options UI is now the same one as in the Chrome version. The older list version in Firefox was dangerously buggy, since things like the saltKey could be edited by hand and would automatically save (a feeble attempt to "unlock" it using another preference element was at best an exercise in delusion).
• Under the Hood: The Firefox version of the addon is now a webextension, which unifies it with the Chrome implementation. While the core of the codebase was always the same with browser quirks being abstracted into an outermost layer, the outermost layer is now vanishingly thin, and there's less chance of blunder.

What should I do as an Existing User?

Due to the humongous number of changes, for websites where you've already been using Gobbledygook, it is recommended that you simply reset your password by choosing the "Forgot password" option. Please take note that the password reset page may have a different domain name from the usual login page, so be sure to generate the new password on the usual login page and use it on the reset page.

While there was the possibility of generating the old password given the same salt key by plugging in the domain name with the "www." qualifier and using base64 encoding, the truly incompatible change is the removal of the "_" and "-" from base64-encoded passwords. These were the two special characters in the base64 alphabet (in urlsafe mode), and allowed to remain in the old encoding when there was only one mode for password generation. In the current avatar, the default mode is to include special characters through Z85 encoding, and therefore the "fallback" mode without special characters, which uses base64 encoding, must truly not contain any special characters, and is intended to provide a pure fallback when faced with an appalling site with poor password practices. Given the many such out there still as of 2016, the small inconvenience caused by this incompatibility is probably dwarfed by the usability benefit this mode provides.