Loopion

Hi,
could you please be more specific on the "many problems and security issues"? We are really eager to investigate and solve all of them.

And as long as trust is concerned, I just wanted to add that _all_ Clipperz source code is available from our website along with checksums to verify its integrity. Further instructions about performing a security code review of Clipperz are available here:
http://www.clipperz.com/learn_more/reviewing_the_code

Furthermore we released under a BSD license the core crypto functions, the Clipperz Crypto Library is available here: http://code.google.com/p/clipperz.

So check for yourself! :-)
Transparency is the only way for us! We are paranoid about it.
Otherwise how can we expect people to trust us?

Thanks for the review,
best regards,
Marco

PS
Show me one single point where Clipperz security is weaker than Passpack and I’ll buy you a drink!
(Not to mention features: offline version, secure automated login, …)

;-)

Thanks for this article. I'm glad that you choose PassPack. You said Clipperz seems more user friendly to you. I'd be happy to hear your suggestions on how to make PassPack easier to use - please email me.

We're also creating a bookmarklet for auto-login from your PassPack account. You can see the demo here:
http://passpack.wordpress.com/2007/03/22/passpa...

Thanks again - and cheers!
Tara

@Marco Barulli,

When I added a new card, and then tried to add a simple password. After adding my password just do a CTRL+A (select all) on the stars that hide the password and we can clearly see the password, this is a basic security issue. In PassPack the password is never shown. But you have an advantage on PassPack it's in your philosophy (openning source code and distribute your crypto functions with a BSD Licence) and your GUI is cool (it's more graphic :) stupid notice :) but important). Be careful for the understanding with "card". And finally, isn't it another source of dismay for the users to know that crypto functions are put at the disposal of all? Very delicate subject.

@Tara,

What Clipperz want to communicate is more the security. You both don't play with the same cards (french quote :)). Clipperz try the security/psychological card and you try to convince advanced user (like me) who are more confident on what you did and addind new huge cool features. When I say Clipperz is more user friendly, it's maybe by colors, less help on how to use those type of online password storage application (my sister know to log into GMail but with PassPack she's lost and Clipperz she's gonna read all help before understand how to use it) and maybe a design monotony.
Personally, I really don't care. I prefer like, I said, more features and when it's more user friendly, that's why I choose your webapp, I left my Keepass software :p. It's only my advice for novice users. That's why I compare you both. :D
Furthermore, you need to prove that your webapp is secure. :)

It's the beginning ! And I trust it will be recognized by others novices.

If you need a French translation... :D

Hello Emmanuel,
Thank you - that's great feedback. You are absolutely right about us needing help documents! We are writing the first ones now with the help of kind user. Once they are ready, maybe your sister can try PassPack too. :)

And we need to prove our web app is secure... ok, we'll try and make that more clear. Where do you think this should be done? In the blog, or while using the application?

Thanks and cheers,
Tara

Hi, just a warning about proxies.
A lot of web proxies are born and die every day. They are a common way for malicious programmers to capture all the traffic of users in order to make bad use of it.
So never use a proxy to connect to critical sites.
Ciao,
Francesco

There is an
alternative:
Shibbo (www.shibbo.com)
Not only an online
service. It is also
a PortableApp version.