Marc Hedlund sez, "Wesabe just open sourced a project called Grendel
that makes it easy for web apps to encrypt data using the user's login password, and only decrypt that data when the user is logged in. Let's say you're using a word processing web app and don't want your documents stored plaintext -- the web app could use Grendel to easily encrypt your docs for you, using OpenPGP. Log in and you can edit; log out and only you can get at the data again (since only you have your password). There are some hooks for encrypting with multiple keys if you want to share docs with selected other users on the system. Since people are throwing a ton of sensitive data in web apps these days I think having some tools to help make that safer would be a good thing."
Protecting "Cloud" Secrets with Grendel
Of course, data on web sites is usually shared with at least some other people in some way. Sometimes a user might want to share their information with the web site support staff, so the staff can help solve a problem or fix a bug. Or, the user might want to share their sensitive data with selected other users on the site, such as coworkers or family members. Grendel allows this, letting you encrypt data with multiple keys so that more than one user's password can gain access.
It's very easy to screw up when building a cryptography system -- check out Nate Lawson's excellent Google Tech Talk on common crypto flaws, or Matasano's Socratic dialog on similar topics, for a map of the pitfalls available to you, and us. We've been fortunate at Wesabe to have a number of people who think very carefully about security, and they've put a lot of effort into designing and building Grendel. That said, we have two goals in open sourcing Grendel: first, to make a tool available to others that could help make "cloud" applications in general much safer for everyone, and second, to open up what we've built so others can review and help us improve it. We would love comments on any aspect of Grendel, security or otherwise.
(Disclosure: I am proud to serve on Wesabe's advisory board)
Do you remember the first time you used a remote control on your television set or favorite toy? It was incredible right? I can honestly say that making my sister believe I had telekinetic powers was fantastic! But as I’ve accumulated more and more remote controls in my life, I’ve become jaded. And then, I […]
In a society buffeted by technological change, the discipline of “engineering ethics” raises some of our most significant and difficult-to-answer questions: from last year’s Moral Character of Cryptographic Work to the Neveragain.tech pledge not to enable trumpism’s ethnic cleansing mission (a pledge in the tradition of the 1943 firebombing of the Amsterdam Municipal Register to […]
Photo: Donald Trump speaks as PayPal co-founder and Facebook board member Peter Thiel (C) and Apple Inc CEO Tim Cook look on during a meeting with technology leaders at Trump Tower in New York U.S., December 14, 2016. REUTERS With his children and Peter Thiel at his side, Predator-elect Donald Trump on Wednesday told Silicon […]
One of the best ways to progress a career in project management is through earning recognized certifications. These certifications carry significant clout and don’t require expensive tuition or student loans. This Ultimate Project Management Certification Bundle is a great example of an affordable way to get ahead. It includes training for 9 certifications including PMP, […]
There’s nothing quite like the rush of playing against a real human opponent. But from a developer standpoint, creating fun multiplayer experiences is incredibly complex. Fortunately, the Unity3D game engine has made all aspects of game creation, including multiplayer functionality, as accessible as ever.This Unity Course Bundle introduces all of the necessary elements of creating […]
The 2016 World Series game 7 will undoubtedly go down in history as one of the greatest baseball games of all time. With endless suspense, a nefariously-timed rain delay, and extra innings, it reminded over 40 million viewers why they love America’s pastime – and why all bets were truly off in 2016. Savor the […]