Comments on: A Password Worth Millions in San Francisco

By: Alecco

Alecco — Sat, 19 Jul 2008 11:24:31 +0000

Back to the topic of this post, you might want to check recent updates to the story again. There was significant misinformation on the original reports, and certainly too much hype and scaremongering.

By: anonymous

anonymous — Fri, 18 Jul 2008 11:53:46 +0000

A password of the form Hash(userid,passphrase) would not really violate the design principle of “keeping the login credentials and Packing Key separate”, don’t you agree? I would, however, increase the usability of passpack by orders of magnitude.

Also, I do not see where the problem is if you want to substitute such a password with an alternative method (e.g. OpenID coming from outside, or yourself acting as OpenID provider). These things are orthogonal (unless I miss some important detail).

“This sounds like it would meet your needs.”

I would like to know more about *how* passpack works *why* it works the way it works ;)

I am afraid that I still do not see why you require your users to choose and remember a password. There must be a real reason, right?

By: Tara

Tara — Fri, 18 Jul 2008 08:36:44 +0000

@Reedy
I like Passpack Lounge. I’ll see if I can’t get this set up either using the categories (each one has it’s own feed) or I’ll look into opening a separate blog. Give me a few days to figure out what is the best way to handle it. Thanks for the feedback (you too @Alecco) – it really helps to keep us oriented.

@anonymous
Keeping the login credentials and Packing Key separate is a design decision.

In the future we’ll allow OpenID to substitute the User/Pass combination. This sounds like it would meet your needs. I don’t have a release date for that though yet, sorry.

By: anonymous

anonymous — Thu, 17 Jul 2008 18:43:44 +0000

I did *not* ask why you have a passphrase (aka “packing key”).

What I ask is why on earth do you bother your users to remember a password? Why can’t the password be a one-way function of the passphrase (e.g. password=Hash(username,passphrase)) ???

If you would do this, there would be no need for users to remember a password, too – a big usability advantage, don’t you think?

At the same time, if the password was to be calculated on the client (the code is there already) there would be no more “exposure” of the “packing passphrase/key” than there is already.

So please tell me, why on earth do you require users to choose and remember a password in addition to the “packing key/passphrase” ?

By: Reedy

Reedy — Thu, 17 Jul 2008 18:14:57 +0000

Alecco’s comments were a bit harsh, however, I understand his sentements, as I was suprised to read some of the recent posts which appear to be general chatter rather than about specific information about Passpack. Maybe you need 2 feeds, one for Passpack and maybe a ‘Passpack Lounge’, and let readers decide what they wish to subsctibe to.
I subscribe to keep up to date with this excellent product, and if I want news or chatter I go elswhere.

By: Tara

Tara — Thu, 17 Jul 2008 17:58:31 +0000

@anonymous
I’m not sure exactly what you mean, but judging by @Alecco’s reply I think you’re asking why we have a separate Packing Key (encryption key) and don’t just use the password to encrypt data straight way?

If so, it’s a fairly simple answer. By separating the authentication credentials (user id and pass), from the encryption key we have more flexibility to manage the account without going anywhere near the data.

For example, we can offer support, manage sharing or accept OpenID as an authenticator.

@Alecco
Not really sure how the auto-login post ties into this – help?

By: Alecco

Alecco — Thu, 17 Jul 2008 17:34:22 +0000

@anonymous

They do. That’s the 2nd part, the “packed” thing.

I guess it’s tricky not to have a system user, it probably simplifies fending off bots and abusers. Yep… “For security purposes, we need to be able to track down anyone who attempts to abuse the system.”
http://passpack.wordpress.com/2007/03/23/how-passpack-auto-login-works-qa/
(I hope this isn’t outdated.)

By: Alecco

Alecco — Thu, 17 Jul 2008 17:22:16 +0000

@Tara

I can only dream of living in Italy and having those glorious espressos every morning!

Cheers.

By: anonymous

anonymous — Thu, 17 Jul 2008 15:36:37 +0000

(offtopic) … and I am still puzzled why you cannot have the user’s password computed on the client as a one-way function of his passphrase….

By: Tara

Tara — Thu, 17 Jul 2008 11:41:07 +0000

@Alecco
Glad you’ve been following us – thanks! We actually had a lot of internal debate on the Zero Knowledge post. Both Francesco and I are against the definition — he felt it was important to open up a discussion, while I was afraid (since it’s closely related to Clipperz) that it would create a negative backlash. In the end, we took the chance since we both feel very strongly about it.

On the lack of technical posts recently. Yes, that’s true. I think what you’re seeing are our growing pains.

I used to write the blog on my own, back when it was just Francesco and I. Now we’re opening up the blog to our employees to contribute to. They have varying levels of technical knowledge, or ability to write in English (we’re in Italy) and it’s turning out to be an interesting experiment.

That said, if things are swaying too much in one direction, then I’ll try and get some of the more technical and/or product-centric posts written that are on the to-do lists. Louise is now studying about potential perils of using Passpack (or other sensitive sites) on public computers. Let’s see what she comes up with.

On coffee – no problem. I can’t even *see* in the morning without at least two cups (that’s espresso – straight up).

Cheers to you!
Tara