Should I make it?
True but it would be more using the right tech for it. I was thinking of storing the keys encrypted. Each account would have its own salt stored in the database. Then only that user account could see those keys.
I would most likely setup a email-less system. It would be a one time use to verify the account, after that you would have to use the provided security info to reset your password. Its something I have done in the past as a uni project but its been a few years.
Comment has been collapsed.
The salt will be stored in memory/session. I will also keep a backup in a file for that user. It wont be accessible other than through SSH. Which I only plan on allowing my computer with ssh key access only.
Worst case, I will try to think of a second way of decrpting it for this case.
Comment has been collapsed.
Decrypting wont be able to happen unless I can get the salt. Sure, I could write a piece of code to scan the session and memory of the system to get the salt. Which I know is hard to put trust into someone about this type of situation.
Each session in itself will be unique to the person. There will be a CSRF key in it as well. Which the every part of the site or code that touches user data, has to verify. If it fails, you cant do anything. It will destroy that current system and toss you back to login.
For multiple logins, I plan on looking into detecting this and make it sign out the other account. I will look into something. But each login will be treated as a separate session. Wont be shared, as each CSRF token is unique. It gets touchy here as well, it may be forced to do IP checks. So if you do sign in from a new IP or a current IP signed in, it will reset.
Comment has been collapsed.
I have never trusted either of those for a "backup". Its more syncing than anything. Sure they may retain your data but it doesnt mean it will always stay there.
Also services like these are always changing how they handle things. Going from supporting one type of file or feature, to not the next year.
They are not as secure as any online backup service. Its just the world we live in now.
Comment has been collapsed.
wait what?? you can trust a service online to store your keys if it is designed to store keys, but you can't trust a system thats sole purpose is to store files as safely and as redundantly as possible?
that doesn't make much sense to me considering they both are online stored..
Comment has been collapsed.
Sorry for being blunt. But:
Do you have a good mechanism to protect my key so that you or any other hacker cannot use my keys even they are stolen?
Comment has been collapsed.
The idea is to allow only one way salt encryption from the client and only the client and "technically" decrypt it. Asked further up in the discussion. I will have to think of a backup solution. Most if not all the keys will be stored on the host system itself. Possibly session as well but I have to experiment with it.
Will have to try and be logical on how to make the database rendered useless without having it on the host machine. The host machine will be completely locked down. I will be containerizing the instance of it, which I will encrypt the data of. So if it is compromised, it cant be accessed.
Comment has been collapsed.
They would have some how use get my Yubi key off my body, my ssh key usb stick and chop my finger off. My system is turned off when not in use. Its a bit hardcore but it helps keep people away and off your computer. As for people hacking in, they would have to get through some good enterprise level hardware. Let alone find out what VLAN I am using.
Comment has been collapsed.
My point was, you are still the variable element. A potential customer must trust you in this scenario. This will likely be your biggest hurdle.
Comment has been collapsed.
Edit: Don't forget to actually register an account and set default pastes to private if you're going to use PB, else it'll be publicly viewable.
Comment has been collapsed.
Sorry to tell you but such a program already exists. I can't really tell you more about it because I don't use it but I remember it being promoted here on SG.
Comment has been collapsed.
Must have been during my time being away from here. I havent been able to find one when I tried googling it. Its why the idea come to mind. Plus I didnt plan on being the first to do something, I mean sure its a great feeling but you can always improve a current system.
Comment has been collapsed.
I tried if I can find did but "key database" and "storing keys" comes up empty.
Plus I didnt plan on being the first to do something, I mean sure its a great feeling but you can always improve a current system.
That's true of course I just wanted to point it out ;)
Comment has been collapsed.
45 Comments - Last post 20 minutes ago by Abletoburn
1 Comments - Last post 5 hours ago by lostsoul67
71 Comments - Last post 6 hours ago by lostsoul67
76 Comments - Last post 8 hours ago by Reidor
765 Comments - Last post 9 hours ago by grimfandango8888
43 Comments - Last post 10 hours ago by Qnemes
12 Comments - Last post 11 hours ago by orono
539 Comments - Last post 13 seconds ago by D3vilsCry
4 Comments - Last post 3 minutes ago by MarvashMagalli
2,179 Comments - Last post 9 minutes ago by Pebbletool
28,501 Comments - Last post 11 minutes ago by GuiDoteiro
8 Comments - Last post 18 minutes ago by Kappaking
11 Comments - Last post 18 minutes ago by lext
38 Comments - Last post 32 minutes ago by yoko666
So I thought about possibly making a small public system to where you can keep track of all your keys. If you tend to buy some bundles and have left over keys, it can be hard to keep track of it.
The whole idea behind it, is to add an easier and more automated way of managing your keys. Like easy way to add them, remove them, etc
Comment has been collapsed.