Marc Hedlund sez, "Wesabe just open sourced a project called Grendel
that makes it easy for web apps to encrypt data using the user's login password, and only decrypt that data when the user is logged in. Let's say you're using a word processing web app and don't want your documents stored plaintext -- the web app could use Grendel to easily encrypt your docs for you, using OpenPGP. Log in and you can edit; log out and only you can get at the data again (since only you have your password). There are some hooks for encrypting with multiple keys if you want to share docs with selected other users on the system. Since people are throwing a ton of sensitive data in web apps these days I think having some tools to help make that safer would be a good thing."
Protecting "Cloud" Secrets with Grendel
Of course, data on web sites is usually shared with at least some other people in some way. Sometimes a user might want to share their information with the web site support staff, so the staff can help solve a problem or fix a bug. Or, the user might want to share their sensitive data with selected other users on the site, such as coworkers or family members. Grendel allows this, letting you encrypt data with multiple keys so that more than one user's password can gain access.
It's very easy to screw up when building a cryptography system -- check out Nate Lawson's excellent Google Tech Talk on common crypto flaws, or Matasano's Socratic dialog on similar topics, for a map of the pitfalls available to you, and us. We've been fortunate at Wesabe to have a number of people who think very carefully about security, and they've put a lot of effort into designing and building Grendel. That said, we have two goals in open sourcing Grendel: first, to make a tool available to others that could help make "cloud" applications in general much safer for everyone, and second, to open up what we've built so others can review and help us improve it. We would love comments on any aspect of Grendel, security or otherwise.
(Disclosure: I am proud to serve on Wesabe's advisory board)
Anarchic Adjustment was a pioneering streetwear brand and artist collective that emerged from the London punk-skate-BMX-Xerox art scene in the mid-1980s and spread like a virus when founder Nick Philip moved to San Francisco and immersed himself in the early cyberculture. Immediately, Anarchic Adjustment became the clothier-of-choice for the likes of DJ Mixmaster Morris, Joi […]
Joi Ito (previously) — director of MIT Media Lab, former Creative Commons chief, investor, entrepreneur, and happy mutant — interviewed Barack Obama for a special, Obama-edited issue of Wired.
Modal VR, the new stealth startup co-founded by Atari and Chuck E. Cheese creator, has opened the doors a crack. According to Bushnell, their portable VR system is built for business applications (even though the demo video shows, you guessed it, a game). “We want to help enterprises solve problems by looking at them from […]
From self-driving cars to stock market predicting software to the recommendations you get on Amazon and Netflix, machine learning is at the core of modern technology. You could find yourself building technology that is literally changing the world with the skills you’ll learn in The Complete Machine Learning Bundle. This bundle of 10 courses includes 406 lessons that will teach […]
This Python Mega Course will help you learn to code by teaching you to build 10 real-world apps that each highlight a unique use of Python.Job prospects for coders are still growing steadily—and with Python being one of the most popular coding languages out there today, it’s important for job seekers to demonstrate a widespread understanding of the […]
The Atmos R2 may be bigger than the brand’s previously-released vapes, but we argue that in this case it’s definitely a good thing. A bigger heating chamber means more room for packing it full. And the bigger battery means longer, more fulfilling vape sessions. In fact, you can use the Atmos R2 for up to about 25 […]