More and more web applications are storing sensitive data for their users, a trend of which Wesabe is certainly a part. Security breaches like the RockYou hack show what can happen when a popular web application stores sensitive data unencrypted and then has a lapse: millions of people can be affected at once. As some of the coverage of the attack pointed out, it was a good reminder not to store sensitive data unencrypted.
Wesabe has worked hard to come up with tools to protect our members’ data, both because the nature of our application requires that we ask for extremely sensitive information, and because we believe that all web applications should take security seriously. Today we’re open sourcing a piece of software, Grendel, that we think can help many sites (not just financial applications) protect users’ data from a RockYou-style mass disclosure in a simple way. Grendel is a new project that combines ideas we’ve used on Wesabe for years with other pieces we believe should be common infrastructure for web applications.
Nearly all web sites keep all of a user’s data unencrypted. In many cases this is a necessity, since the web site intentionally publishes that data; an encrypted blog wouldn’t have many readers. In other cases, though, the only time the data is used is when the user is logged in, such as in a word processing web application.
The idea of Grendel is to provide an internal (behind-the-firewall) REST-based web service to keep a user’s data encrypted and ensure its integrity when the user isn’t using it. Grendel uses OpenPGP to store data, with the user’s password encrypting an OpenPGP keyset. That model makes it easy for a web site to store data safely and only decrypt it when the user is logged into the site. Since only the user has their password, once they log out, their data is safe, even if the web site’s database is compromised or stolen. Of course this isn’t an infallible protection — there is no such thing — and in particular it doesn’t protect against web site developers acting in bad faith. It does, though, protect against an attacker getting access to all the secrets stored by users in one step.
Of course, data on web sites is usually shared with at least some other people in some way. Sometimes a user might want to share their information with the web site support staff, so the staff can help solve a problem or fix a bug. Or, the user might want to share their sensitive data with selected other users on the site, such as coworkers or family members. Grendel allows this, letting you encrypt data with multiple keys so that more than one user’s password can gain access.
It’s very easy to screw up when building a cryptography system — check out Nate Lawson’s excellent Google Tech Talk on common crypto flaws, or Matasano’s Socratic dialog on similar topics, for a map of the pitfalls available to you, and us. We’ve been fortunate at Wesabe to have a number of people who think very carefully about security, and they’ve put a lot of effort into designing and building Grendel. That said, we have two goals in open sourcing Grendel: first, to make a tool available to others that could help make “cloud” applications in general much safer for everyone, and second, to open up what we’ve built so others can review and help us improve it. We would love comments on any aspect of Grendel, security or otherwise.
Grendel is available on GitHub now, thanks to the efforts of Coda Hale (also the author of bcrypt-ruby) and Sam Quigley, who designed and built it. If you’re building a web site that stores sensitive data for users, go check it out, and if you’re of a mind to, help us make it better. We’d love to see “cloud” applications have an easy time treating users’ data securely, and we hope Grendel will be a useful tool for that purpose.