I've never understood why password managers use browser plugins. It should be an application agnostic overlay that pastes selected passwords into the currently selected textbox.
I'm working around that at the moment with a combination of Emacs, the Mac keychain and Alfred.app - it's not beautiful though.
FWIW, I think the browser plugins that 1Password implements are the "killer feature" - it notices you registering/logging-in to most websites, and prompts you to save the password. This reduces enormously the temptation to "just use an easy-to-remember reused-everywhere" password - I can randomly mash keys and have it automatically remember 25+ char passwords for me.
My plans regarding browser plugins was to have a small icon inside a <input type="password"> that can generate a new password, or would allow you to select the password if you already stored it and it's not clear which one to use. Otherwise the field should be automatically filled in.
How do you activate the paste in your setup? Is there some kind of global key combo for this?
As someone who is a big supporter of Firefox Sync [0]:
What will this provide me over Firefox Sync, which has a built in encryption layer on their (admittedly cloud) service? I can pull their code and host my own Firefox sync server, and someone has written a special PHP-based version for inclusion into OwnCloud. So, what is so special here except the use of buzzword P2P? (See next question below.)
How will you do to P2P without some kind of centralized bootstrapping service with the prevalence of NAT and people who do not know how to port-forward? (I just saw the Github repos, so I will examine this myself in a bit.)
UPDATE: It would appear you are using mDNS and/or Zeroconf [1] to handle this? I am still not sure how this will ease the NAT and/or syncing over public Internet.
Why should I trust you? What have you done other than this project? Not to be increasingly blunt, but you are not the Mozilla Foundation and your Github repos do not show much other than work on co-routines and AD service wrappers. That is useful to me, but I would like to see more security work and knowledge of crypto libraries if I trust you with password manager code. What else do you work on? Your blog does not show me too much, and I cannot find much mention of you to warrant 60,000 USD for such a project. I am correct in seeing you a Marketing/Product Manager? Sorry to be harsh, but honestly I think most of HN would be worried about these points.
UPDATE: Ok, maybe I was a little too harsh; you do seem to have some more experience than I had previously estimated, given some Googling and your Linkedin profile, if legit. [2]
> How will you do to P2P without some kind of centralized bootstrapping service with the prevalence of NAT and people who do not know how to port-forward? (I just saw the Github repos, so I will examine this myself in a bit.)
The P2P is done over local networks only. It uses multicast DNS for service discovery. Bluepass syncs between your own devices only. As long as the devices occasionally share a (W)LAN, it will work.
> Why should I trust you? What have you done other than this project? Not to be increasingly blunt, but you are not the Mozilla Foundation and your Github repos do not show much other than work on co-routines and AD service wrappers. That is useful to me, but I would like to see more security work and knowledge of crypto libraries if I trust you with password manager code.
Well, everybody has to start somewhere. I do believe that I have enough experience with crypto to be qualified here. I've got a physics degree and did a lot of maths. And I read Schneier and Wenbo Mao's book cover to cover. Also note that I'm not using any proprietary algorithms. This is all OpenSSL wrapped algo's that I'm using from Python.
But in the end, what should give this the right credibility is that the source code is up on Github, together with my intention to grow a community that can review the crypto. If there is something not right, which can always happen of course, then it will get out sooner or later.
> What else do you work on? Your blog does not show me too much, and I cannot find much mention of you to warrant 60,000 USD for such a project. I am correct in seeing you a Marketing/Product Manager? Sorry to be harsh, but honestly I think most of HN would be worried about these points.
This is not related to my day job. I would say have a look at the code, and decide for yourself if you like the code. I don't think being a product marketing manager in the day is mutually exclusive with being able to write good code.
The calculation of the funds is rather straightforward: $10k for each of the platforms that need work: iOS, Android, Chrome, FF, Mac and Windows.
Thanks for the honest responses. I will not lie: you easily shredded most of my reservations. Not sure if I will donate just yet, but I will definitely consider it in the future.
And I did look at the code. It looks Pythonic and clean, so I am impressed. Definitely above my capabilities.
>As long as the devices occasionally share a (W)LAN, it will work.
How about a VPN? I have a work laptop that is rarely (if ever) connected to my home network directly. -- However it is connected to my home network through a VPN daily.
I am not the network guy at my office, but if you look at his code it uses special DNS records (look-up Zeroconf, it is a discovery protocol for services on a network). Do you remember using Apple iTunes back when you could share music with people on the same network? Same difference, so to speak.
If your VPN provider, you or otherwise, does not block the mDNS/Zeroconf network traffic and had a permissible DNS configuration (almost all commodity routers have mDNS/Zeroconf config available if not on by default), I am sure you will have this work. The author can answer you more clearly.
It depends on how the VPN is setup... Multicast DNS will work if you are in the same L2 ___domain. Otherwise, a different solution is needed. For example, if you have a smartphone that you bring with you to the office, and that is connected to your office Wifi network and your home Wifi network, then synchronization would still work through your smartphone. Otherwise, a cloud-based "reflector" is needed. See the other comment about that.
And to apologize: re the reflector, I assumed you were doing this, like BitSync, and that is why I question ed you in my first comment. I am glad you do not over-promise with tyour project. Good work.
I'm a big fan of Mozilla as well, but can Firefox Sync handle credentials other than for web? I use KeePass2 to store a lot more than just web username/passwords. Also, I like to keep my password database separate from my browser for security reasons.
As far as trusting this project, it is GPL and you are free to inspect it. I don't think being part of the Mozilla Foundation somehow guarantees secure code. If the author wants $60,000, he is free to ask for it.
Regarding the question around Firefox sync: even if you use your own server, you are sending senstive data that is encrypted with a password or passphrase over the Internet. This opens you up to dictionary attacks now, and if the communications are intercepted, far into the future.
I have a KeePassX db in a git repo I clone on all my hosts plus two backup remotes.
Why would Bluepass be any better than my current setup?
I already have P2P secure synchronization (via git+ssh), full control over my data and everything is based on portable FOSS.
* Bluepass does push synchronization. So you wouldn't need to manually sync.
* It would work on smartphones / tables too.
* Are the remote git repos under your physical control? If not then your setup is vulnerable to a dictionary attack on your password / passphrase.
* The Bluepass database is set up such that it can resolve conflicts due to concurrent updates (actually it's an append-only graph of parent->child nodes with a algorithm that selects the most likely lineage in case of conflict).
I use keepass database that I store in a truecrypt volume which is then stored in dropbox which solves the first two items listed. With two separate 20+ char pass phrases the last issue is not one that I currently worry about.
This is not saying that this project isn't interesting, I've just found a solution that has solved these issues for me for the last several years.
I've been using a similar approach actually, with a keepass db on Dropbox. It provides a reasonable level of security assuming your passphrases are indeed random and computer generated (humans are lousy random number generators).
However I wanted to bring the security to the next level after that, and this is what Bluepass is about.
For one thing - auditable source code. Except for my most paranoid moments, I pretty much trust AgileBits to not be selling me out to the NSA, but that'd be much easier to completely trust if the source code was public and audited/approved by smarter people than me who know their crypto shit.
Having said that, I'm currently storing my 1Password file in the unencrypted section of my DropBox storage, so my iOS devices can easily access it. (I've got EncFS/BoxCryptor working, but I don't think it's easy/possible to convince the DropBox app to read from the encrypted filesystem…)
I'm very excited to see this. I've been using KeePass2 on Linux and it's a pain to sync with my Android phone. I tried setting up OwnCloud to share the key file but even using that causes too much friction for me to be willing to frequently sync.
In your FAQ you say:
> "What do I get when I fund you?
Once the software is ready, you will get unlock codes for the mobile versions for the amount you funded. As a special appreciation for being an early customer, these codes not expire and will unlock the mobile versions for life."
But you don't specify a price for the mobile versions. Also, will the mobile versions be GPL'ed?
Very happy to see you take Bitcoin as a funding option.
Hi, it's mentioned in the FAQ, little bit further down.
The mobile versions will be somewhere between $5 and $10. As a perk for funding Bluepass, whatever the price turns out to be, your version will include unlimited free upgrades.
The source of the mobile versions will be available, but for the success of a project, a recurring revenue stream is required to maintain them. The mobile platforms change a lot, and there are not many examples of open source projects that can successfully provide productized versions for these mass market consumer platforms. That is why I cannot commit at this point that the license will allow redistribution on an app store. This means it would not be an OSI style license.
Well, if you licensed the sources under the GPL, you could still prevent redistribution on iOS (though not Android), since the GPL is incompatible with Apple's ToS.
As the copyright holder, that wouldn't affect you, of course, since you don't need a license to distribute the software yourself.
Just looked at bittorrent sync and all they offer is a binary download for Linux. Thanks, but I'd rather use open source tools to handle my secure data.
Not a question, but a pet peeve. You have a typo on your homepage. Search for 'synchronziation'.
Also, please don't have text that looks like a hyperlink if it's not (even if it is a placeholder), specially if you then have hyperlinks that look the same.
Other than that, good luck on the project. It seems promising.
Yubikey could be interesting for protecting the local vault. I haven't looked into it yet on how easy it is to do, but it is interesting and I will look into it. I cannot make any guarantees yet though.
Kickstarter is US/UK/Canada only. Being Dutch and resident in Italy it would not work.
I hadn't really looked at Indiegogo before I was too far along doing my own site. In the end it was relatively simple. I'll open source it at some point.
I did consider it, and the Bluepass sync protocol has an option for a node type without an encryption key. Such a node is merely "reflector" of traffic, which can be useful in case you have two disjoint sets of devices that are never on the same LAN.
This could be later addition. However it does decrease the security slightly because now you have to assume that others now have access to your encrypted data. It is still a lot better than the alternatives because still no dictionary attack is possible, you'd have to break RSA to get to it.
So, does this mean that if i switch from keepass to Bluepass I won't be able to go back and will be stuck with a semi-commercial app forever?
Why not use keepass format natively? IMO a keepass-compatible app with built in sync would make much more sense. The userbase is already there, and a user friendly keepass app with sync would be a hit.
The Keepass format is not suitable for my use. Bluepass uses an append-only database containing a forest of nodes. Each node is a specific password version, and child nodes are updates of a parent. This data structure is used to do conflict resolution in case of concurrent updates. It also gives you infinite history, which is nice. The file format itself is an SQLite database with JSON documents in it.
this is exactly what I've been looking for.
I was thinking of using a small truecrypt container with btsync but it wouldn't work well due to container size being always the same, sync being possible only after unmounting the TC container and so on.
I've got EncFS encrypted filesystems on Dropbox, BTSync, GoogleDrive, and Jottacloud (a non-US based cloud storage provider). It's been working fine over the last month or so of testing. In MacOSX, I've got both EncFS over FUSE and the commercial BoxCryptor packaged version happly working together. I've got Ubuntu 9 & 12.04LTS, ARCH Linux on a RaspberryPi, and iOS on my phone and iPad all syncing some or all of those EncFS containers and successfully reading/writing them. I haven't tried, but I have no reason to doubt BoxCryptor will happily read/write those filesystems on Windows and Android.
One thing I particularly like about this setup, is that I can have encrypted data synced to a machine that doesn't have the decryption key (or even software) on it – my media server and a machine at work are "backing up" all that data without it being "exposed" even if a machine and disks get stolen/confiscated.
This is different to a truecrypt volume, in that the files are still discrete:
individual files can get synced as the change, without needing to re-sync the entire volume. On the downside, that means I leak some metadata, file sizes and modification dates, but not names or contents. I also lose the tryecrypt option of hidden volumes, but perhaps that's a plus in that they wont hit me with the $5 wrench insisting that there's _another_ password - even if there isn't…
I'm currently using a truecrypt tiny volume inside Dropbox, works but it is not really ideal. Conflicts resolution and a very long password to remember for the volume, that's the only way I can protect the data when it is synched on the Dropbox servers.
Exactly. By default Bluepass uses a long password as well to protect the local database. However, you can opt to choose a shorter password, or no password at all. In this case you are still protected by:
* The physical security of your device. Unless someone gets access to your device, you are safe.
* The fact that the sync traffic goes over your local network only.
* Even if someone managed to sniff your local traffic, all synchronization requests are encrypted by each node's unique 2048-bit RSA key. No dictionary attack is possible - you'd have to break RSA.
One interesting option would be to bring this kind of P2P syncing to KeePass. This would benefit from all the features that are already build into KeePass.
IMHO KeePass is in need of a reboot. First, it's very confusing which version to use. KeePass 1.x (Classic), KeePass 2.x (Professional), or KeePassX (originally KeePass/L for Linux?). When I first tried them out, I settled on KeePass2 because it supported filling out browser forms in Linux. But it's a mono app with an ugly interface. With no built-in syncing support and no good syncing plugins either.
I hope this project can become a suitable replacement.
Why not improve something existing is a valid question, and I did look into it.
The difficulty is that a P2P sync requires a completely difference design. Keepass is pretty much a frontend to an embedded database. A P2P node need to have its own network facing component that acts independently of the frontend, to relay messages, respond to pairing requests, etc. This is why Bluepass has a frontend/backend architecture. It is a lot easier to create such a different architecture from scratch.
Remember what you're protecting here: the keys to your data, not the data itself.
You're at risk from the US government, but it's unclear that a government that can compel Dropbox to hand over your database and then crack some pretty heavy encryption can't access the accounts you're protecting with those passwords in some other way.
The main adversaries, IMO, you're protecting against are non-government actors, and your setup should be completely adequate for those.
You are at risk of a dictionary attack on your password / passphrase. You need protect it with a long, computer generated passphrase to be secure. I would say at least 128 bits of entropy. By being stored on Dropbox, you have to assume that the the "agencies" have access to your database. At some point, computing will advance enough to either brute force the encryption or find a weakness in it.
The safest option is to prevent 3rd parties from having access to your encrypted data in the first place. This is the approach Bluepass is taking.
The entropy problem you can go around with by encrypting the data with a combination of pass phrase and a token file. For example KeePass supports these kind of combinations.
Obviously the token file would be something you don't put into cloud but instead store on each physical device.
Assessing risk is a sensible part of securing your computers.
The US / UK have imprisoned people without charge, trial or conviction, and based on flimsy evidence. Some of those people will have been tortured.
Feel free to suggest 1password on dropbox, or Bluepass, if you think either of them can protect against well funded government agencies. I hope you're also recommending better door locks, no windows on the ground floor, 5 metre fences, hardened computer running hardened OS, etc.
Then I owe the NSA gratitude because I've been long wishing that there was more focus in the hacker community on building distributed systems as alternatives to data silos like Facebook and Google.
