Close

Whitepaper

INFORMATION

This site is designed to manage and share your passwords. They can be passwords for your mail account, online shopping, network or something else you use at work or for private purposes. Best of all it is completely free and open for private use! You only have to remember a single master password to have fast and convenient access to all your other passwords. This site was created with security and privacy in mind. Every possible action has been taken to ensure that your data is really private and in your control. At the same time we have tried to create a site that is easy to use.

HOW IT WORKS

Data you enter is encrypted and decrypted via Javascript in your browser! This means that only encrypted data is sent over the internet to and from the server. Encryption and decryption is done with 256 bit standard AES or ECC inside your browser on your own PC. The master password you enter during login is never transmitted over the internet. The master password is only stored in your browser as long as the window is open and you are logged in. This is not the case with other online password systems where encryption and decryption is performed on the server and the password needs to be transferred to the server. For this to be secure the transmission over the internet needs to be protected with SSL connections (https) and you have to trust the service provider not to peek into your data. All of these problems are solved with Password Crypt because all processing is performed in your browser! If you forget your username or password, all your data is lost. There is no way for us to remind you or change something to access your data.

SECURITY

Nobody knows for sure how secure this site is, but we trust the system with our online bank password! If somebody finds a way to break AES and ECC encryption or an implementation error is made – security may be compromised. If somebody installs a modified browser or key logger on your PC, they may have the possibility to see your passwords – but only your passwords. It is possible for everybody to check the security and protection by viewing the source code in your own browser. The system does not rely on SSL connections (https) for security as all data is encrypted in the browser before it is transmitted over the internet. Your master password is never sent over the internet – it stays on your computer!

LICENSE

The core pcrypt code/library is released as Open Source (GNU General Public License – GPL) and also in a commercial version. The dual license model is designed to meet the development and distribution needs of both commercial distributors (such as OEMs, ISVs and VARs) and also open source projects. If you want to use the pcrypt system in a commercial project (not open source) please contact us. Standard tools as Javascript, PHP and MySQL have been used to create the complete system. The source code for pcrypt is available on Github. Please feel free to browse the source code in your browser and use it as inspiration for your own project (as a demonstration of pcrypt use). The Password crypt site is not open source, but free for private use. Password Crypt may not be used commercially. If you need company related use – please contact us.

WHY?

We created this for the same reason that so many other systems have been made – We were not satisfied with what was there in the first place. We created this system as a hobby project to get a secure and private system with import and export possibility. We have been working on and off on this for more than 2 years before releasing it. Why not log in with your Google, Facebook etc. account you might ask – because they track where and when you log in and may use and sell this information about you behavior.

COMPATIBILITY

This site works with all common browsers – also with a wide range of smart phones. Because of the design you will need to enable Javascript to make it work. The system will work with cookies disabled. If you need help – please see the forum.

In the hope that you will find it useful…

The team behind Pcrypt
Benny Nissen, Amin Durani & Raf Andersson