Marc Hedlund sez, "Wesabe just open sourced a project called Grendel
that makes it easy for web apps to encrypt data using the user's login password, and only decrypt that data when the user is logged in. Let's say you're using a word processing web app and don't want your documents stored plaintext -- the web app could use Grendel to easily encrypt your docs for you, using OpenPGP. Log in and you can edit; log out and only you can get at the data again (since only you have your password). There are some hooks for encrypting with multiple keys if you want to share docs with selected other users on the system. Since people are throwing a ton of sensitive data in web apps these days I think having some tools to help make that safer would be a good thing."
Protecting "Cloud" Secrets with Grendel
Of course, data on web sites is usually shared with at least some other people in some way. Sometimes a user might want to share their information with the web site support staff, so the staff can help solve a problem or fix a bug. Or, the user might want to share their sensitive data with selected other users on the site, such as coworkers or family members. Grendel allows this, letting you encrypt data with multiple keys so that more than one user's password can gain access.
It's very easy to screw up when building a cryptography system -- check out Nate Lawson's excellent Google Tech Talk on common crypto flaws, or Matasano's Socratic dialog on similar topics, for a map of the pitfalls available to you, and us. We've been fortunate at Wesabe to have a number of people who think very carefully about security, and they've put a lot of effort into designing and building Grendel. That said, we have two goals in open sourcing Grendel: first, to make a tool available to others that could help make "cloud" applications in general much safer for everyone, and second, to open up what we've built so others can review and help us improve it. We would love comments on any aspect of Grendel, security or otherwise.
(Disclosure: I am proud to serve on Wesabe's advisory board)
Mike Campau recreated Generation Gap, a CGI series of some of the most iconic items from 1980s childhoods, each one lit with gorgeous multi-hued gradients.
At Vice, Leigh Alexander (recently at Boing Boing) writes about the superstitious rituals we all practice when it comes to technology. We do it whether we are conscious of the ritual or not, and we do it even when we are informed the ritual is harmful to the machines. …blowing on cartridges may have actually […]
Human biases exposed by Implicit Association Tests can be replicated in machine learning using GloVe word embedding, according to a new study where GloVe was trained on “a corpus of text from the Web.”
When you’ve had a long day and it’s time to unwind, there’s a lot you can do to relax: drink some tea, take a shower or even read a book. But there’s one thing that’s essential to a comfortable night’s rest—and that’s investing in some really good sheets. Enter Bamboo Bed Sheets. These quality sheets retail for $120, but […]
The Avantree Powerhouse 4 Port Fast USB Charging Station brings high quality, high power, and still keeps your work space or home looking neat and organized. The best part about this charger is its capacity. It comes packing 4 USB charging sockets and a powerful 4.5A/22.5W output.. Its smartport technology means you don’t have to worry about frying your battery, either—it […]
With this comprehensive course in App & Game Development for iOS and Android, you’ll be able to take full advantage of this career opportunity without committing to going back to school full time. You’ll learn how to build immersive, interactive games and apps from start to finish using Python, C#, Unity, and HTML—some of the most in-demand programming […]