Marc Hedlund sez, "Wesabe just open sourced a project called Grendel
that makes it easy for web apps to encrypt data using the user's login password, and only decrypt that data when the user is logged in. Let's say you're using a word processing web app and don't want your documents stored plaintext -- the web app could use Grendel to easily encrypt your docs for you, using OpenPGP. Log in and you can edit; log out and only you can get at the data again (since only you have your password). There are some hooks for encrypting with multiple keys if you want to share docs with selected other users on the system. Since people are throwing a ton of sensitive data in web apps these days I think having some tools to help make that safer would be a good thing."
Protecting "Cloud" Secrets with Grendel
Of course, data on web sites is usually shared with at least some other people in some way. Sometimes a user might want to share their information with the web site support staff, so the staff can help solve a problem or fix a bug. Or, the user might want to share their sensitive data with selected other users on the site, such as coworkers or family members. Grendel allows this, letting you encrypt data with multiple keys so that more than one user's password can gain access.
It's very easy to screw up when building a cryptography system -- check out Nate Lawson's excellent Google Tech Talk on common crypto flaws, or Matasano's Socratic dialog on similar topics, for a map of the pitfalls available to you, and us. We've been fortunate at Wesabe to have a number of people who think very carefully about security, and they've put a lot of effort into designing and building Grendel. That said, we have two goals in open sourcing Grendel: first, to make a tool available to others that could help make "cloud" applications in general much safer for everyone, and second, to open up what we've built so others can review and help us improve it. We would love comments on any aspect of Grendel, security or otherwise.
(Disclosure: I am proud to serve on Wesabe's advisory board)
Buckets hanging on maple trees may have worked great 200 years ago, but modern producers use a system like the internet: a series of tubes!
Researchers from the Technical University of Denmark demonstrated a new nanotechnology-based printing technique that produces long-lasting color images on plastic at resolutions up to 127,000 dots per inch, many times more detailed than traditional laser printers. The system uses a laser to alter the structure of nanoscale structures on the plastic material. (A nanometer is […]
Way back in 2011, major American automakers were slow to realize that “companies in Silicon Valley have for some time been looking at cars just like another mobile device or app.” When the disruption, hit, it hit hard, writes Nick Bilton:
While some people still maintain that everything in Apple’s walled garden “just works” and is immune to the rampant malware of the Windows world, the reality is different. The Mac’s growing market share has made it a much more viable target for malicious actors, and its built-in tools aren’t always enough to fix things. Drive […]
Boasting an IPX6 waterproof rating, the Trakk Bullet Ultra Compact Waterproof Bluetooth Speaker resists dust and heavy rainfall. It’s currently available in the Boing Boing Store.The Trakk Bullet offers the same wireless convenience as other portable speakers, but few are built as tough as this one. Its utilitarian construction is designed to be a totally low-maintenance […]
The Ticwatch 2 Active Smartwatch is a simpler take on an active wearable that raised over $2m dollars on Kickstarter and is currently offered in the Boing Boing Store.Somewhere in between the single-day battery life and platform-specificity of the Apple Watch and Android Wear devices, there exists the Ticwatch. Instead of trying to shoehorn another […]