Marc Hedlund sez, "Wesabe just open sourced a project called Grendel
that makes it easy for web apps to encrypt data using the user's login password, and only decrypt that data when the user is logged in. Let's say you're using a word processing web app and don't want your documents stored plaintext -- the web app could use Grendel to easily encrypt your docs for you, using OpenPGP. Log in and you can edit; log out and only you can get at the data again (since only you have your password). There are some hooks for encrypting with multiple keys if you want to share docs with selected other users on the system. Since people are throwing a ton of sensitive data in web apps these days I think having some tools to help make that safer would be a good thing."
Protecting "Cloud" Secrets with Grendel
Of course, data on web sites is usually shared with at least some other people in some way. Sometimes a user might want to share their information with the web site support staff, so the staff can help solve a problem or fix a bug. Or, the user might want to share their sensitive data with selected other users on the site, such as coworkers or family members. Grendel allows this, letting you encrypt data with multiple keys so that more than one user's password can gain access.
It's very easy to screw up when building a cryptography system -- check out Nate Lawson's excellent Google Tech Talk on common crypto flaws, or Matasano's Socratic dialog on similar topics, for a map of the pitfalls available to you, and us. We've been fortunate at Wesabe to have a number of people who think very carefully about security, and they've put a lot of effort into designing and building Grendel. That said, we have two goals in open sourcing Grendel: first, to make a tool available to others that could help make "cloud" applications in general much safer for everyone, and second, to open up what we've built so others can review and help us improve it. We would love comments on any aspect of Grendel, security or otherwise.
(Disclosure: I am proud to serve on Wesabe's advisory board)
On Saturday, Franky Zapata took his prototype Flyboard Air hoverboard for a rather impressive flight, three miles on the French coast. It’s based on Zapata’s previous water-powered hoverboard. When the first short flight video went up last month, The Verge interviewed Zapata: So there’s three parts to this, right? The board, a fuel tank, and […]
On the left: a Colby Walkmac, “the first battery-operated Macintosh computer and first portable Mac with a LCD display.”
Media artist Michael Naimark writes: In 1990, right as the first VR wave was swelling, Stewart Brand and Grateful Dead manager Jon Mcintyre concocted a scheme to produce an invitation-only 24-hour VR event modeled after the Electric Cool-Aid Acid test. They convinced Colossal Pictures, the largest soundstage in San Francisco, to host it. Dozens of […]
Almost everyone has their smartphone in a case of one kind or another. Beyond simple protection, finding a case that can charge your phone on its own, but doesn’t feel like it’s also adding a couple pounds to the phone’s weight is the tricky part. Billed as the world’s thinnest battery case, the ThinCharge iPhone […]
You never know when new projects, ideas or opportunities can drop into your lap at a moment’s notice. That may require you to learn a new programming language like Python. Or maybe you need a primer on 3D game development. Or you might realize you could use a serious brush-up on iOS mobile creation.Point is, […]
Isn’t it about time to stretch what your Mac can do? I mean, you’ve got plenty of great programs now…but don’t you think you could use some new tools to get your creative, analytical and organizational juices really flowing? It’s spring, so we cleaned up a whole bunch of super-cool apps lying around and packaged […]