Home

Welcome to the passman wiki!

This is a web browser based password manager with client side encryption. I'm going to make a tiny explanation of what this means and how it works. But if anyone has any questions regarding the password manager that are not explained in the wiki, it's welcome to open an issue in the github bugtracker (https://github.com/brantje/passman/issues).

Firs of all. This app requieres ownCloud and a MySQL or MariaDB database to work, in which everything will be stored.

Now for the security part of this application:

• This app cypher every sensitive information (usernames, passwords, etc.) on the client side (that means, web browser) before it's sent to the oc server, using javascrip cryptographic library SJCL.
• The cypher used it's the default of sjcl meaning: 128 bits salted AES CCM (planned to change to 256 bits).
• Thanks to sjcl, it also strengths the user master password by a factor of 1000 using a PBKDF2 password strengthener.

Q) What does all this mean for the ones that does not understand that much about cypher?
A) Passman offers a safe and centralized way to store you and your users passwords under your own servers safely by using the most secure cypher used nowdays in protocols such as https and approved by governments to protect classified information

Q) Should I take some extra measures, or is passman safe enough by itself?
A) For the server admins, you should use ssl to avoid passman scripts to get altered by a man in the middle attack
A) For the client users, use it only on trusted computers.