With PassPack’s upcoming Beta 6 version, you’ll have the tools to take your security into your own hands. Our aim is to give you security, portability and speed.
Until now (Beta 5) PassPack has been using AES-256 bit encryption for all your entries, but Beta 6 will allow you to choose from 3 different level encryptions. On the main page of the Beta 6, next to each one of your entries, you will have a lock. This lock represents your choice of encryption. You can choose a single bolt lock, a double bolt lock or a triple bolt lock (this is the default).
Triple Bolt Lock
AES-256 bit encryption, your PassPack default lock. This is the same encryption used by the US government for ‘top secret’ information and would take 149 trillion years to ‘crack’ only one entry encrypted with AES-256. We suggest you use this lock for all sites linked to any personal information, e-mail accounts or links to online shopping.
Once PassPack starts allowing storage of passwords to financial information (not yet though) like credit cards, PayPal or on-line banking, you’ll want to use the triple bolt lock for these.
Double Bolt Lock
AES-128 bit encryption. This encryption is also approved and used by the US government for ‘classified’ or ‘secret’ information. You’d probably want to double bolt entries that take you to frequently visited forum sites or social networking sites where your name and reputation is public.
Single Bolt Lock
xxTEA-128 bit encryption. This is the fastest, yet least robust, of the 3 locks. xxTEA would lighten your Pack and making unpacking faster overall. xxTEA is a valid option for sites in which no personal information has been disclosed, such as online magazines, download registrations and the famous ‘junk accounts’.
Some folks also store some-non password entries in their PassPack account – like bookmarks. xxTEA would also be fine for these non-critical entries as well.
Make Your Choice
You could choose to set all your entries on any one of the above encryptions or you could mix and match following the suggestions mentioned.
Keep in mind that the more accounts you have, the heavier your PassPack will be – so lighten up what you can, giving more speed to the entries which are less critical and extra protection to those you’d prefer to keep ‘top secret’.
Note – we’re still not convinced about those icons, and we may even change the xxTEA algorithm if we can find an even faster substitute.
Technorati Tags: PassPack, password manager, passwords, security, lifehack, phishing, antiphishing
4 responses so far ↓
Manage Passwords Online With PassPack » Tip and Trick // Apr. 21 2008 at 13:48
[...] The PassPack Beta 6 enables users to choose from 3 different levels of encryption. Read out more about Beta [...]
Want to Test PassPack Beta 6? « PassPack Blog // May. 04 2008 at 7:47
[...] a lot of you mentioned you’d like to see PassPack go quicker. Beta6 will give you the option of 3 levels of encryption speed and setting up favorites – so you the choice is [...]
Beta 6 Public Preview « Passpack Blog // May. 31 2008 at 23:17
[...] Tab The password list we all know and love but… you can now add favorites, change the encryption levels if you so please, and you’ve got your tags placed handily on the right side of the [...]
David Spector // Aug. 01 2008 at 22:49
Here is a much simpler way to get speed for your users without requiring them to choose the encryption algorithm (this is not user-friendly because they can’t really understand the tradeoffs provided by three algorithms):
1. Separate out the user’s data into one piece for the index (the list of entries), and one piece for each entry.
2. Encrypt each entry (and the index) SEPARATELY using the best encryption method when the entry is edited or imported.
3. Store the encrypted index and all the encrypted entries as a single concatenated list of data.
When the user looks at their entries (opens their pack), decrypt the index only. Note: if this is slow for 100-200 entries, use a less secure algorithm (it’s only the index!).
When the user selects an entry (to visit that URL and make automatic entries in form fields, or to edit it, etc.), decrypt ONLY that entry, then act on the decrypted data.
See how simple this is? Instead of encrypting or decrypting the ENTIRE pack on load/store, you need only encrypt a single entry when necessary (this is called Lazy Evaluation in Computer Science).
I hope this helps you improve your product.
David