Simple and secure online password manager.
CoffeeScript HTML CSS Makefile
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
node_modules
src
.gitignore
API.md Updated API Nov 19, 2017
INSTALL.md Implemented option to disable registration Nov 19, 2017
LICENSE.md Update LICENSE.md Apr 11, 2017
Makefile
PassDeposit.sublime-project Reorganized sublime project Jul 7, 2013
README.md Update README.md Nov 11, 2017
package.json Added FileSaver Apr 6, 2017

README.md

PassDeposit

PassDeposit is a simple and secure online password manager. It allows you to store and access your passwords online.

You may be asking yourself: Can I trust PassDeposit? Yes you can! PassDeposit has been designed to ensure maximum security for your data.

Installation

You can download and install the latest version of PassDeposit on your server. See the installation instructions for more information.

Features

  • Your data is encrypted and decrypted directly in your browser using AES-256
  • The server is not able to decrypt your data
  • Connections to PassDeposit are secured by SSL/TLS (HTTPS)
  • PassDeposit is open source, you can review the source code before trusting it
  • Import and export (backup) your data
  • You can host your own installation of PassDeposit to gain maximum control over your data

Why is it secure?

  1. The connection between your browser and the server is secured by SSL/TLS (HTTPS). Thus no one can eavesdrop on the data being exchanged.

  2. The server is not able to decrypt your data, because your password is never sent to the server.

  3. 2-step authentication:

    Your password is hashed in the browser with PBKDF2 (1000 iterations) using SHA-256. The resulting hash acts as your authentication key and is sent to the server.

    The server hashes your authentication key with PBKDF2 (300000 iterations) using SHA-1 and a random salt. The random salt is re-generated every time you change your password.

  4. After authentication, the connection is secured by using sessions (256 bit random hashes).

  5. The database is regularly backed up on two servers. Those servers are not located at the same computing center.

Tools

Bugs

Please report bugs to https://github.com/fluidblue/passdeposit/issues

License

Copyright (C) 2013-2017 Max Geissler

This program is free software, licensed under the GNU Affero General Public License (AGPL). Please see the License for further information.