Security Basics mailing list archives
Re: Password Manager Software recommendations
From: Tara Kelly <tara () passpack com>
Date: Tue, 08 May 2007 23:04:18 +0200
Hello,I was trying not to butt in because it would have sounded like a product plug... I'm a founding partner at PassPack, reading this list for a week or so. But since mdevlin mention us, well - I can resist no longer.
PassPack:Yes - Easy to use for most non-technical end-users [built with "normal people" in mind] Yes - Small resource footprint [it's hosted, needs a browser to run and an Internet connection]
Yes - Easy to deploy [nothing to install] Yes - Use of AESYes - Product must be actively supported/maintained for the foreseeable future
Maybe - Suitable for business/enterprise (MS Windows) environmentsThat last "maybe" is the clincher I think. We currently have free accounts aimed at individuals, and we'll be adding paid packages over the course of the 12-16 months. Among these will be two packages PRO and BIZ. The PRO will allow shared slave accounts and is meant for micro-small businesses. The BIZ package will have full administration of users and accounts, privacy controls.
As far as MS Windows is concerned - Yes, PassPack runs on Win, Linux and Mac. It's been tested on IE6+, Firefox 1.5+, Safari 2, Opera 8+. It's an Ajax application, which means that all data is encrypted in the browser, with a key that never leaves the browser. Only encrypted data (without the key) gets sent to the server for storage. It's based on the Host-Proof Hosting pattern if you're interested in looking that up: http://ajaxpatterns.org/Host-Proof_Hosting
Since all encryption takes place in the browser, we use a Javascript implementation of AES128 - at the time of creation, the AES256 implementation was causing the browser to run under stress. However we're evaluating a new, hopefully faster implementation of AES256. Our architecture allows us to update the algorithms fairly easily (we've already done this with 0 data loss) so that is a change which will probably come about in the next months.
You can find links to the algorithms we use here: https://www.passpack.com/info/thanks/ Here's a screenshot and features list (with links to more info on the blog): http://passpack.wordpress.com/passpack-infosheet/Like I said, PassPack is new to the market, so the information on the website may be too limited for your needs. Let me know if you have any questions. Also - feedback and suggestions are greatly appreciated.
Cheers, Tara mdevlin () boston com ha scritto:
Passpack.com is a web based password manager I came across the other day. It uses AES, and allows you to import/export passwords along with making offline encrypted backups of your database----- Original Message ----- From: fRANz [andrea.francesconi () gmail com] Sent: 05/07/2007 10:28 PM ZE2 To: security-basics () securityfocus com Subject: Re: Password Manager Software recommendations On 5/4/07, BSD Dude <bsdguy2000 () yahoo com> wrote:The basic general requirements are: Easy to use for most non-technical end-users Small resource footprint Easy to deploy Use of AES, Two-fish, and/or Blowfish algorithmsProduct must be actively supported/maintained for the foreseeable future (I am aware of the problems with this type of requirement)Suitable for business/enterprise (MS Windows) environmentsAny web-based password manager? Regards, -f
Current thread:
- RE: Password Manager Software recommendations, (continued)
- RE: Password Manager Software recommendations Ackley, Alex (May 04)
- RE: Password Manager Software recommendations jbeauford (May 04)
- Re: Password Manager Software recommendations Jeb Barger (May 04)
- Re: Password Manager Software recommendations Chris Barber (May 04)
- Re: Password Manager Software recommendations Jason Ross (May 07)
- Re: Password Manager Software recommendations Dave Dearinger (May 04)
- Re: Password Manager Software recommendations Cam Fischer (May 07)
- Re: Password Manager Software recommendations fRANz (May 07)
- Re: Password Manager Software recommendations BSD Dude (May 08)
- Re: Password Manager Software recommendations mdevlin (May 08)
- Re: Password Manager Software recommendations Tara Kelly (May 08)
- Re: Password Manager Software recommendations jonathan . cogley (May 09)
- Re: Password Manager Software recommendations Ali, Saqib (May 09)