Comments on: LockBin: An OpenID Password Vault http://ajaxian.com/archives/lockbin-an-openid-password-vault Cleaning up the web with Ajax Thu, 09 Feb 2012 06:55:33 +0000 hourly 1 http://wordpress.org/?v=3.2 By: Matt http://ajaxian.com/archives/lockbin-an-openid-password-vault/comment-page-1#comment-246602 Matt Sat, 27 Jan 2007 21:24:41 +0000 http://ajaxian.com/?p=2043#comment-246602 Raw OpenID is just that, the user's openID. But it is not located anywhere on the LockBin server. This is the problem with most seed-based encryption schemes. The seed is sitting in a script file on the server somewhere. But in this case, the seed is elsewhere. Raw OpenID is just that, the user’s openID. But it is not located anywhere on the LockBin server. This is the problem with most seed-based encryption schemes. The seed is sitting in a script file on the server somewhere. But in this case, the seed is elsewhere.

]]> By: Marco Barulli http://ajaxian.com/archives/lockbin-an-openid-password-vault/comment-page-1#comment-246468 Marco Barulli Wed, 24 Jan 2007 09:58:22 +0000 http://ajaxian.com/?p=2043#comment-246468 Hi, in the inaugural post of LockBin forums, the author says that he had these design constraints: <i>"- The key which encrypts their information must be unique to each user. </i> <i>- These keys must not be anywhere on LockBin's server, impossible for even the system admin (me) to figure out. "</i> and his solution was using OpenID. <i>"OpenID is the perfect key with which to encrypt a user's information. The raw OpenID is not saved on LockBin's server. It is unique for every user, and it cannot be guessed because the user must be authenticated by the OpenID server when they login. </i> Wouldn't be nice if he provided more information about what exactly is the "raw OpenID", how it is retrieved and stored, which kind of cipher has been used, ...? Many thanks, Marco Hi,
in the inaugural post of LockBin forums, the author says that he had these design constraints:

“- The key which encrypts their information must be unique to each user.
- These keys must not be anywhere on LockBin’s server, impossible for even the system admin (me) to figure out. “

and his solution was using OpenID.

“OpenID is the perfect key with which to encrypt a user’s information. The raw OpenID is not saved on LockBin’s server. It is unique for every user, and it cannot be guessed because the user must be authenticated by the OpenID server when they login.

Wouldn’t be nice if he provided more information about what exactly is the “raw OpenID”, how it is retrieved and stored, which kind of cipher has been used, …?

Many thanks,
Marco

]]> By: Jeremy http://ajaxian.com/archives/lockbin-an-openid-password-vault/comment-page-1#comment-246464 Jeremy Wed, 24 Jan 2007 07:44:23 +0000 http://ajaxian.com/?p=2043#comment-246464 <link href='http://www.myopenid.com/server' rel='openid.server'> <link href='http://jeremy1.myopenid.com/' rel='openid.delegate'/> <link href=’http://www.myopenid.com/server’ rel=’openid.server’>
<link href=’http://jeremy1.myopenid.com/’ rel=’openid.delegate’/>

]]> By: Jeremy http://ajaxian.com/archives/lockbin-an-openid-password-vault/comment-page-1#comment-246463 Jeremy Wed, 24 Jan 2007 07:43:12 +0000 http://ajaxian.com/?p=2043#comment-246463 Not sure you support openid.delegate. My openid is http://www.4coderz.com/, and I have the following in my page. This works when i log into zooomr.com: Not sure you support openid.delegate. My openid is http://www.4coderz.com/, and I have the following in my page. This works when i log into zooomr.com:

]]>