[nycbug-talk] password repository

Chris Snyder chsnyder at gmail.com
Tue Jan 5 10:34:07 EST 2010


On Mon, Jan 4, 2010 at 9:25 PM, Okan Demirmen <okan at demirmen.com> wrote:

>> > The best web-based thing I've found was PassPack. It's totally
>> > awesome. Each user has their own login to PassPack. Users can share
>> > passwords and assign read/write privileges to them per item being
>> > shared.
>>
>> Hrm?  I dug around for it online and there's tons of other noise...  Sounds awful dangerous, but interesting-
>
> i'm not sure i'm giving my passwords to someone else ;)  i want to
> understand the best practices/procedures that may be applied and apply
> them myself, be it in software or not.
>

PassPack is really interesting, actually. The guy who put it together
is a big proponent of "zero-knowledge hosting", whereby the
application provider has no access to the data that users are storing
in the application.

It uses JavaScript implementations of standard cryptographic libraries
to encrypt and decrypt passwords in the browser. All you are sending
and retrieving from the website is the encrypted data. It's open
source, and from what I can tell, done right. The crypto
implementations are independent libraries written by academics.

If nothing else, it's a working prototype for data security and
privacy in the cloud era.



More information about the talk mailing list