Description: Build a secure web application for managing access to passwords that must be shared across individuals and teams. Mentor: Joe Stevensen Duration: 200 hours Requirements: Python web application development skills, understanding of gpg and data encryption Goals: Build a web application that allows secure storage of passwords. The application would grant a password owner(s) to grant/revoke per user access to various passwords. Passwords must be encrypted using gpg. Server should (almost) never see the passwords.
Whiteboard: [mentorship] → [mentorship][firstname.lastname@example.org][lang=python]
Hi, I am interested in working on this, however I did not know python and gpg. Can I learn them on the go? I have fixed some bugs on bugzilla and know how to learn things on my own.
Hi Zeyu, I sent you an email to follow up on this!
Hi Yvan, I am also interested in this project and I've sent you the application :)
I think the article :freddyb posted makes a lot of sense. And most of the concerns pointed out are valid. To make the crypto system secure, one would probably have build the entire system as part of the core browser code itself so that it is not susceptible the pitfalls pointed out in the article.
The initial pass for the app would likely leverage existing JS crypto libraries, but with input from our security engineering team on how to structure things to leverage the upcoming html5 crypto apis. Bottom line, js crypto has weaknesses, but that becomes a discussion of risk acceptance and risk management before we make a go/no-go decision.
Hi, I have no prior experience working but I am good at Java. I am interested in working on this, however I don't know python, but I am willing to learn. Or can you suggest something to work on to newbie. I tried looking at the bugs for beginner but couldn't find anything to work on.
This project screams FirefoxOS to me, or rather a Password Management Web App that runs on all WebRT platforms. Just a thought. Actually mobile in general really, where security of data at rest at increased risk.
Interesting and very relevant paper (what not to do!): http://moscova.inria.fr/~karthik/pubs/host_proof_woot12.pdf
Saw this on hacker news -- https://yithlibrary.herokuapp.com/ """Yith Library is an online password manager. It will help you to keep your secrets under control in a secure and easy way. Your online data is too valuable to avoid protecting it seriously.""" Might be useful to check out?
Hi Yvan, The Mentee assigned to this project is Chen Zeyu. Could you assign it to him ? Azzeddine
is this a [good first bug]. I am willing to take it up if someone can mentor. Disclaimer: Newbie, self taught Python enthusiast from India. No experience developing web apps so this is going to be a first (if not already assigned).
(In reply to Rahul Nair from comment #13) > is this a [good first bug]. I am willing to take it up if someone can > mentor. Disclaimer: Newbie, self taught Python enthusiast from India. No > experience developing web apps so this is going to be a first (if not > already assigned). This is not a bug for first bug, this is part of our mentorship program (https://wiki.mozilla.org/Security/Mentorship). We appreciate your interest but a mentee has been assigned for this bug already (comment 12). If you have an interest in our mentorship program please check out the wiki and submit an application.
Whiteboard: [mentorship][email@example.com][lang=python] → [mentorship][lang=python]
You need to log in before you can comment on or make changes to this bug.