Have you seen LastPass product browser integration? If we could have this kind of integration with the security of Passpack Desktop it would be the best of both worlds.

Just a consideration. In this post we were talking about Passpack Desktop.
It is a perfect example of what you want. In fact, it is released with a checksum. You can verify it and you can audit all the code – because it is compressed but not-obfuscated Javascript.

Our monitoring is a mix of internal and external services.

I understand your feeling, but Host-Proof Hosting most not be seen as the absolute security. It is simply a privacy pattern.

If you compare an HPH system with a standard system you can easily see that (if the server security measures are the same) the first is more secure, because

(1) if an attacker compromises the first, he must try to grab some data in real time, with the high risk that the monitoring services discover his actions

(2) if an attacker compromises the second he can copy all the data, causing a disaster

IMHO this is a huge difference.

Static code is an unsafe solution because if we discover a vulnerability we have to update it immediately. With a static-audit solution this would not be possible. Also, a similar process is too expensive for a very small company like Passpack.

In my idea a full HPH is possible only with the following process:

1. Passpack updates a library
2. An external authority checks it and publishes a checksum
3. The browser, during upload, asks the authority for the checksum and verifies the code before activating it

In order to make this real, all browsers must implement a protocol similar to SSL, not oriented to the domain, but to the code. Any other solution fails.

We do our best to offer a good service, but we can not change the world (although we’d like to).

You said

“our online code is continually monitored with procedures that stop the service if suspect code is found”

I don’t know if those procedures are also hosted by your company but if it is the case, a person who compromises the code can also alter the procedures, and it will be in vain.

There is a concern about a virtual attack to your company, or a Government Agency taking over your code, or some bad employee doing wrong things, etc. Because of all these things you can’t say that you are “host proof” when you really aren’t.

The only solution for this dilemma that I see is that the code must be static and auditable.

I read your post. You say:

“The problem is that most of the code that decrypts your sensitive data can be updated in few seconds without sending warnings to you. If someone compromises the host, he can modify the code they serve to send the key or the decrypted data back to him, and he can update the code again to behave normally whenever he wants.”

If you use Passpack Desktop you can view and verify the Javascript code. But I suppose that you was referring to the online version. Theorically it is possible, but it is extremely difficult because our online code is continually monitored with procedures that stop the service if suspect code is found.

After you say:

“I would trust only a tool that: (1) is open source and (2) isn’t updated automatically”.

I understand but I disagree.

1. An open source application is more secure only if there is a large comunity that works on the code. If not, it is less secure because the only really interested in study all the code is someone that want to crack the application.

2. A web application that is not automatically updated is less secure because if we discover a bug or a vulnerability, we want to update it immediately. If you want to verify the update, you could continue to use a bad version of the code. This is not safe. Also, in order to have advantage from the check of the code you must be capable to analize the code and understand that it is safe or not. Trust me, this is almost impossible. A code as Passpack (or LastPass) is too complex to allow this in acceptable times.

IMHO, you have to trust the service provider. An auto-trust web application is pure utopia.

When I go to shutdown, it automatically halts (putting up dialog box indicating that Passpack halted the logout/shutdown) the shutdown and I have to do it again.
Tried it with another Air application and this does not happen.