Open Source host-proof password storage based on PHP and Gibberish AES.
JavaScript PHP
Latest commit 7fc8229 Oct 27, 2009 @jmhobbs Slight shift in design to make MAC easier. Switching to SHA-1 over SH…
…A-256. Added MySQL schema. Added PBKDF-2 implementation.
Permalink
Failed to load latest commit information.
i18n/en Bringing in all the stuff from the old ClearPass for ref and re-work.… Oct 21, 2009
interfaces/default Bringing in all the stuff from the old ClearPass for ref and re-work.… Oct 21, 2009
js Slight shift in design to make MAC easier. Switching to SHA-1 over SH… Oct 27, 2009
.htaccess Move resources to js, add ClearPass object, test page, modified SHA25… Oct 21, 2009
README.markdown
api-output-formatters.php Bringing in all the stuff from the old ClearPass for ref and re-work.… Oct 21, 2009
api.old.ref.php Bringing in all the stuff from the old ClearPass for ref and re-work.… Oct 21, 2009
api.php Slight shift in design to make MAC easier. Switching to SHA-1 over SH… Oct 27, 2009
config.php Core of new version of ClearPass. Just working out details, will be r… Oct 21, 2009
i18n-js.php Bringing in all the stuff from the old ClearPass for ref and re-work.… Oct 21, 2009
index.php Bring in fresh copies of resources, set up directory structure for te… Oct 21, 2009
mysql.sql Slight shift in design to make MAC easier. Switching to SHA-1 over SH… Oct 27, 2009
test.html

README.markdown

What is ClearPass?

ClearPass is a web based password storage system based on the host-proof design pattern.

All encryption and decryption is done on the local system, and content is never transmitted in plaintext. The server has no clue what you password is, assuring that if it is comprimised, your information will not be.

How?

All sensitive information in ClearPass is encrypted in 256-bit AES in CBC mode, using the OpenSSL compatible Gibberish AES library by Mark Percival.

To be prevent MITM and replay attacks, all messages from client to server are wrapped with a SHA256 based MAC scheme.

API?

Unlike previous versions of ClearPass (and formerly, BlowPass) the driving feature will not be the front end, but rather the API. The vision is that by focusing on the API we can be more flexible and create something that works for a web front end, desktop apps, browser plugins, etc.

When?

This is all still in early stages, so if you need something now, go grab the last generation source from http://www.clearpass.org/dev/

Who?

ClearPass in all forms is maintained by John Hobbs and Little Filament