PassPack and aSSL: "Francesco Sullo's day job is to work on PassPack an online password manager.

PassPack is based on the Host-Proof Hosting Ajax Pattern.

How it works

PassPack uses a double access technique: User ID and Pass give a user access to her Account, while the Packing Key is needed to access the actual passwords. The 'Pack' in PassPack comes from the bundle of locked up passwords inside the Account. PassPack checks the User ID and Pass at sign-in without exposing the passwords in the encrypted Pack.

Only the user can encrypt and decrypt the passwords in the browser with her Packing Key. The Packing Key never travels over the Internet. The encrypted Pack gets sent over SSL to the server for storage.



aSSL

Francesco works on aSSL in his spare time, and just released another new version with Javascript/ASP server-side component (PHP and others pending).

aSSL now works with the following process:


The browser calls the server to start the process.
The server returns its RSA modulus (e.g. the public key) and the public exponent (3 or 1000"