#710 design / security defense documentation?

closed
nobody
None
1
2013-11-23
2013-08-05
Thomas Waldmann
No

Just a vague idea, but something I really missed a bit while looking for a good password manager: some sort of documentation where the software's authors / architects somehow "defend" it:

Why do they think it is secure?

What does the software precisely do to be as secure as it gets? (this could include rather low level details, e.g. can the process memory get paged out to mass storage, so the cleartext passwords would be persisted there?)

What do the developers do else (not in the sw itself) to increase security / trust? (e.g. open development, sign releases/commits, code review?)

Known weaknesses? (e.g. clipboard? - maybe with references to issue tracker)

Why is it safe? (as in "not losing data")

...

I know writing docs is quite some work, but I bet that especially in the case of a password manager, this would be really a killer feature - especially, as it is open source, so the claims can be actually proven / verified.

Discussion

  • Rony Shapiro
    Rony Shapiro
    2013-11-23

    • status: open --> closed
     
  • Rony Shapiro
    Rony Shapiro
    2013-11-23

    Thanks for the suggestion. I've taken a stab at this here:
    http://pwsafe.org/readmore.shtml