Passpack online password store

Discussion in 'other software & services' started by Neggy, Apr 30, 2007.

Thread Status:
Not open for further replies.
  1. Neggy

    Neggy Registered Member

    Joined:
    Jul 22, 2005
    Posts:
    73
    Location:
    England
    Hi,

    Not sure if this is in the right section but....

    I've just started using a new online password store called www.passpack.com

    Has anyone else used it?

    I've also used www.just1key.com which is also good and tried www.clipperz.com which seems not finsihed?
     
  2. coolbluewater

    coolbluewater Registered Member

    Joined:
    Feb 10, 2007
    Posts:
    268
    Location:
    next door to Redmond
    Maybe it's just me, but an online password/data store that claims to know nothing about your info with the name "clipperz" doesn't give me a warm fuzzy. For that matter, ANY online "password store" just doesn't sit right in my mind.
     
  3. wilbertnl

    wilbertnl Registered Member

    Joined:
    Dec 29, 2004
    Posts:
    1,850
    Location:
    Tulsa, Oklahoma
    I use Password Scrambler from http://onepassword.com/.
    This free password manager does not store anything, nowhere.
    It supports both Internet Explorer and Mozilla browsers.
     
  4. gcsolaroli

    gcsolaroli Registered Member

    Joined:
    Apr 30, 2007
    Posts:
    19
    Location:
    Italy
    @Neggy: why do you feel the Clipperz service to be "not finsihed"?

    @coolbluewater: beside the feeling our name (Clipperz) gives you, we take security very seriously, and we don't what our users to trust us, but we provide all the information required for you to check how we process your data.

    The core crypto library we use are available under a BSD licence [1] and all the application code [2] is available under a reference licence [3]

    You may not like our service, but you should not drop it just because you don't trust us.

    We have also set up a forum [4] where to openly discuss about all Clipperz issues.

    Giulio Cesare Solaroli
    Clipperz co-Founder and CTO

    [1]: http://code.google.com/p/clipperz/
    [2]: http://www.clipperz.com/learn_more/reviewing_the_code
    [3]: http://www.clipperz.com/learn_more/reviewing_the_code/license
    [4]: http://www.clipperz.com/forum
     
  5. coolbluewater

    coolbluewater Registered Member

    Joined:
    Feb 10, 2007
    Posts:
    268
    Location:
    next door to Redmond
    After reading the Clipperz forum threads, I'm still not impressed with what essentially amounts to alpha software.
    Thanks, but no thanks. :D
     
  6. Neggy

    Neggy Registered Member

    Joined:
    Jul 22, 2005
    Posts:
    73
    Location:
    England

    The of the site or the name doesn't seem finished to me.

    Clipperz sounds like something to do with photo's? (I believe you did use the domain for a previous project?)

    I'd prefer a name more tough and secure. I prefer the name Passpack it make me feel more safe. Also the colours and design of the Passpack site make me feel more safe. Securespace, Vault, Box, Safe, Tech, etc... Something with a business / professional feel.

    I don't like the image of the baby on the Clipperz site. It seems irrelevant?? Clipperz = baby photo site? Baby shopping?

    I'd pick a new domain and change the colours (black, white and grey). have a competition to design a new logo and name etc??

    Also I prefer the double login on Passpack.

    On Clipperz I couldn't get the direct login feature to work? It might have been me being an idiot but I couldn't be bothered to find time to work out how to do it as I'd also found Passpack which I prefer. Though this too can be improved.
     
  7. gcsolaroli

    gcsolaroli Registered Member

    Joined:
    Apr 30, 2007
    Posts:
    19
    Location:
    Italy
    Sorry, but I really can not understand how reading a forum you can express any evaluation on the software (that is also available for inspection), but you are obviously free to have your own opinion on the project.
     
  8. gcsolaroli

    gcsolaroli Registered Member

    Joined:
    Apr 30, 2007
    Posts:
    19
    Location:
    Italy
    Neggy, if your "security" evaluation is done base on colors or site name, I am very sorry but I have no arguments to reply to you.

    If you are interested on application design, on how data are processed or any other issue relevant for the security of the data we process, I think we could have a nice discussion instead.
     
  9. Neggy

    Neggy Registered Member

    Joined:
    Jul 22, 2005
    Posts:
    73
    Location:
    England
    The packaging and name of any commercial product is important if it is going to be a success.

    The name Clipperz and the photo of a baby does nothing for me.
     
  10. wilbertnl

    wilbertnl Registered Member

    Joined:
    Dec 29, 2004
    Posts:
    1,850
    Location:
    Tulsa, Oklahoma
    When I evaluate software or services, I look at the features and platform support and dependability.

    In case of online password managers that would mean support for Internet Explorer (perhaps also the custom shells, like maxthon), Mozilla browsers and Opera. Security is in this case important to examine. It helps if reviews are available from independent security experts.
    What would happen when the Clipperz server is unreachable? Would I still need a list with my passwords as backup?

    I haven't evaluated Clipperz or any other online password service. But I can't see why this solution isn't reliable if the connection from browser to server is secured.
     
  11. gcsolaroli

    gcsolaroli Registered Member

    Joined:
    Apr 30, 2007
    Posts:
    19
    Location:
    Italy
    Wilbertnl, you have raised an excellent point, but I think we have a sound answer for this:
    http://www.clipperz.com/support/step_by_step/offline_copy

    Please, let me know if the Clipperz offline copy feature address your concern.
     
  12. wilbertnl

    wilbertnl Registered Member

    Joined:
    Dec 29, 2004
    Posts:
    1,850
    Location:
    Tulsa, Oklahoma
    I probably do something wrong. I created one card with login information and this is the result:

    clipperz.jpg
     
  13. gcsolaroli

    gcsolaroli Registered Member

    Joined:
    Apr 30, 2007
    Posts:
    19
    Location:
    Italy
    Wilbertnt,

    first of all, thanks for taking the time to try Clipperz.
    We are having a few problems with Zip files on Windows, even when the zip files looks perfectly fine. :-(

    Do you have any chance to try to open the downloaded file using WinZip?
     
  14. wilbertnl

    wilbertnl Registered Member

    Joined:
    Dec 29, 2004
    Posts:
    1,850
    Location:
    Tulsa, Oklahoma
    Hello G. Solaroli,

    Winzip says:

    winzip.jpg

    Microsoft zipfolder says:

    zipfolder.jpg

    No doubt that you get the server side compressor working very soon.

    This is what I was thinking:
    I would make the local version of Clipperz (the one I download as backup) the major frontend, and let this update the server in the background.
    This would mean that the user usually is working without any internet traffic for his logins, unless he modifies or adds cards.
    When the user is somewhere else (in the library) he is able to go to the website and find the up to date cards.

    What do you think?
     
  15. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Giving this website my passwords ? They steal my email-address as well and break in to my Paypal Account. Pffft.
     
  16. gcsolaroli

    gcsolaroli Registered Member

    Joined:
    Apr 30, 2007
    Posts:
    19
    Location:
    Italy
    This is really odd. :-(

    This is the very first report we got of problem opening the offline copy ZIP file. Windows own zip extractor sometime complains about unsafe or password protected files stored on the zip file, but no other issue have never been reported.

    On your first message I have just noticed a strange thing: you have post the message yesterday (1st of May), but the date of the file downloaded from Clipperz is the 26th of April. But this does not address why the downloaded file is corrupted. :-(



    The idea is nice and sound, but it is not possible to implement it in plain Javascript, as the browser will let Javascript communicate (throught XHR calls) only with the server where the main page has been dowloaded.

    There are a lot of tools that try to fill this gap, but all require the installation on each client of a sort of proxy that could manage the switch between online and offline behaviour.

    We are still investigating the option to make the offline copy read/write, but we have not found any reasonable arrangement, yet.
     
  17. gcsolaroli

    gcsolaroli Registered Member

    Joined:
    Apr 30, 2007
    Posts:
    19
    Location:
    Italy
    Erik,

    I understand that this sound very weird, but you are not giving Clipperz any valuable information, but just a bunch of scrambled data completely useless to anybody but you.

    One of the early payoff we were considering for our site was: "Garbage in, garbage out". Clipperz, and nobody else without your credentials, will be able to do anything with the data you upload to our servers using our application.
     
  18. wilbertnl

    wilbertnl Registered Member

    Joined:
    Dec 29, 2004
    Posts:
    1,850
    Location:
    Tulsa, Oklahoma
    01-clipperz.jpg

    02-clipperz.jpg
     
  19. gcsolaroli

    gcsolaroli Registered Member

    Joined:
    Apr 30, 2007
    Posts:
    19
    Location:
    Italy
    Wilbertnl,

    thank you very much for your patience!

    The file date is definitely a problem on our server side code that slipped through until now. I will look into it immediately but, as I was fearing before, this does not address the corrupted file issue you are having. :-(

    Update:
    I have fixed the date issue on our code repository. Next application version will have this problem fixed.
     
    Last edited: May 2, 2007
  20. Genady Prishnikov

    Genady Prishnikov Registered Member

    Joined:
    Mar 9, 2006
    Posts:
    350
    I don't know about this. After looking over and trying both Passpack and Clipperz, PassPack is far and away more professional. Sorry, gcsolaroli, just being honest.
     
  21. gcsolaroli

    gcsolaroli Registered Member

    Joined:
    Apr 30, 2007
    Posts:
    19
    Location:
    Italy
    Wilbertnl,

    I have tried again to download the offline copy using also IE7 with WinXP, using different account, but I had no issue at all. :-(

    May I abuse of your patience with a few more questions?

    - Do you use WinXP or Vista?
    - Do you have any software installed (anti-virus, or similar) that could alter the content of the downloaded file?
    - Could you try to download an offline copy of your Clipperz test account using FireFox (1.5 or 2.0 are fine).

    As these requests are clearly an "abuse", you are very free to drop them altogether. But I really have no clue on what could be the cause of the issue you are having. :-(
     
  22. Genady Prishnikov

    Genady Prishnikov Registered Member

    Joined:
    Mar 9, 2006
    Posts:
    350
    And again, with no disrespect intended, with bugs like this (that you can't duplicate, but are obviously there), we're supposed to trust that you have adequately secured our passwordso_O? Again, PassPack seems like a MUCH more professional product.
     
  23. gcsolaroli

    gcsolaroli Registered Member

    Joined:
    Apr 30, 2007
    Posts:
    19
    Location:
    Italy
    Genady,

    Wilbertnl is definitely having some trouble using Clipperz; it probably is our fault, but having not found the cause yet, I need to keep all relevant option into consideration.

    But there is a point I think you are missing; even if you feel Clipperz not to be professional enough, you DO NOT have to trust us, as we have published all the code that handles your data, and we allow you to check that what is running on your browser is the same code we have published [1].

    Passpack may look (or even be) more professional, but you DO have to trust them in carefully handling your data, as the code that handles your data is packed and dynamically loaded to your browser making it almost impossible to check what is really running into your browser.


    [1] checking of the code that is running on your browser is still very inconvenient, but we are working on improving it.
     
  24. coolbluewater

    coolbluewater Registered Member

    Joined:
    Feb 10, 2007
    Posts:
    268
    Location:
    next door to Redmond
    There's no "probably" about it - it's definitely not wilbertnl's fault. It shouldn't even be available for public download IMO, considering the sensitive nature of what the software tries to accomplish. It's clearly still in alpha, and it's buggy.

    Any company that keeps reiterating the point "you don't have to trust us" just smells bad, especially when that company is involved with securing end-user passwords. If anyone tried saying the same thing in a job interview, well, umm...

    No offense to gcsolaroli, but this thread makes me think of a cat who smelled something good and blindly jumped over the fence, only to find itself landing squarely in a Doberman kennel - entertaining, but that's about it.
     
  25. wilbertnl

    wilbertnl Registered Member

    Joined:
    Dec 29, 2004
    Posts:
    1,850
    Location:
    Tulsa, Oklahoma
    Hello gcsolaroli,

    I run Windows XP sp2 with current hotfixes.
    For beta test and evaulation purposes I use the free InnoTek VirtualBox, which is installed with Windows XP sp2 and also current hotfixes. And no other software installed. I created a Virtual Box with a 'boot and destroy' character, meaning that any modifications made during a session are destroyed after shutdown. No security software installed in the Virtual Box.

    Anyway, I don't think that security software can intercept a secured (https) internet connection.

    Firefox 2.0.0.3 says:

    ff.jpg

    The Virtual Box (squeezed for a smaller picture):

    vb.jpg

    Hope it helps!
     
    Last edited: May 2, 2007
Loading...
Thread Status:
Not open for further replies.