[nycbug-talk] password repository

[Jesse Callaway]

On Tue, Jan 5, 2010 at 10:34 AM, Chris Snyder <chsnyder at gmail.com> wrote:
> On Mon, Jan 4, 2010 at 9:25 PM, Okan Demirmen <okan at demirmen.com> wrote:
>
>>> > The best web-based thing I've found was PassPack. It's totally
>>> > awesome. Each user has their own login to PassPack. Users can share
>>> > passwords and assign read/write privileges to them per item being
>>> > shared.
>>>
>>> Hrm?  I dug around for it online and there's tons of other noise...  Sounds awful dangerous, but interesting-
>>
>> i'm not sure i'm giving my passwords to someone else ;)  i want to
>> understand the best practices/procedures that may be applied and apply
>> them myself, be it in software or not.
>>
>
> PassPack is really interesting, actually. The guy who put it together
> is a big proponent of "zero-knowledge hosting", whereby the
> application provider has no access to the data that users are storing
> in the application.
>
> It uses JavaScript implementations of standard cryptographic libraries
> to encrypt and decrypt passwords in the browser. All you are sending
> and retrieving from the website is the encrypted data. It's open
> source, and from what I can tell, done right. The crypto
> implementations are independent libraries written by academics.
>
> If nothing else, it's a working prototype for data security and
> privacy in the cloud era.
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>

hey, sorry about not filling in on the details... It's a part of my
all too efficient mental shortcut system. I did some research and
thought it "good enough". Of course, nobody in their right mind would
trust me to say something is "good enough" without any
qualifications... including myself, which leads to why I'm a little
too efficient in this department ; )

-jesse