Host-Proof Hosting

UPDATE: Passpack has released an Open Source Library for creating your very own Host-Proof Hosting applications. Download it from Google Code.

Passpack is built to make sure that not even we can read your passwords. But – how can that be? How does it work?

Folks are often frightened away by reading uninvited technical explanations. They underestimate themselves, hear cryptography and host-proof hosting and think – “oh no, thats too hard! run – run!”

We have therefore introduced a simpler (less scary) lexicon. Instead of talking about encrypted data, we talk about your locked Pack. Instead of 256 bit encryption keys, we call it simply the Packing Key that unlocks your Pack.

But if you’re one of those people that want to understand more – Great! We’re more than happy to give you that information.

A Look Under the Hood

Host-proof hosting is a public security pattern that allows PassPack to harbor your data without the company being able to access it. The information that passes through PassPack is encrypted and untraceable; nobody can see the data – not even PassPack.

By hosting sensitive data in encrypted form, only the user’s “client” can access and manipulate it. A typical client is an Internet browser with Javascript enabled but may also be a browser plugin, Java applet or installed software.

Once the user chooses a packing key (the Encryption Key used to encrypt his/her data), this packing key is never transmitted to the server. The server is limited to housing and retrieving whatever encrypted data the browser sends it. All encryption and decryption takes place inside the browser itself. When on the server the information is never in its unencrypted, visible form.

Login With Host-Proof Hosting

Host-Proof Hosting must be implemented with client-side technologies supporting non simultaneous data exchange between client and server, such as Javascript/AJAX, a Flash object or a Java applet.

In particular, PassPack uses a two-step process that separates authentication and decryption:

1. The user enters User ID and Pass to log into his account. The server receives this and authenticates the user, returning the user’s Encrypted Data (the Locked Pack).

2. The user inserts the Encryption Key (Packing Key) which is then temporarily stored in the browser’s memory (it’s not written to disk, or stored anywhere else) and will be used to decrypt the Encrypted Data.

It’s also possible to manage a one-step login in Host-Proof Hosting, but by using the two-step process PassPack is able to build in additional services like anti-phishing (which is inserted between the two steps) as well as provide customer support.

The Importance of Encryption

You could be wondering “OK, then what if a hacker gets a hold of the Encrypted Data, would he be able to crack the Encryption Key?”

User data is encrypted with the AES-256 algorithm. Each user’s data is encrypted separately (because each user has chosen his own secret Encryption Key). The strength of the Packing Key determines the strength of the algorithm, the longer the Key the longer it will take to crack it.

It could take upwards of 149 trillion years to brute force a 256bit Encryption Key.

PassPack requires users to choose a Packing Key at least 80bit (comparable to a typical SSL 1024bit certificate). Why not require a 256bit key, or even 128bit? Well, simply put, if the requirement is too high, people complain and usually give up.

Security isn’t secure unless people actually use it.

Of course, we would be delighted if each user chose a 128bit (or higher) Encryption Key. Coming up with such a length is not too complicated, you can see it yourself if you type in a password into the password field in your entry window. The quality rating at the bottom indicate the bit encryption.

What all that means is: even if a hacker were able to come into possession of all the user data, he would not be able to read or use any of it. It’s all encrypted and every user has a different key that would need to be “guessed” separately – that’s up to 149 trillion years each, depending on the length of each Key.

The main element of Host-Proof Hosting is that the Encryption Key is not known on the server. The provider or host, in this case PassPack, has no way of decrypting the data.

More Definitions


Ajax Patterns:

Richard Schwartz:…

Yedda Answer:…

Technorati Tags: , , , , , , , ,

Thanks to Dani for writing this article – Welcome aboard!


5 responses to “Host-Proof Hosting

  1. Pingback: The Trust Fallacy in Zero Knowledge Web Application « Passpack Blog

  2. Pingback: How Passpack and OpenID can complement each other? « Passpack Blog

  3. Pingback: Organization and security in 30 seconds (or your money back) | Srcasm

  4. Pingback: Shared Host-Proof Hosting « Passpack Blog

  5. Pingback: Obama Gives Privacy the Spotlight « The (old) Passpack Blog

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s