Protecting "Cloud" Secrets With Grendel

Operations 209/210
Average rating: ***..
(3.00, 12 ratings)

More and more web applications are storing sensitive data for their users, a trend of which Wesabe is certainly a part. Security breaches like the RockYou hack show what can happen when a popular web application stores sensitive data unencrypted and then has a lapse: millions of people can be affected at once. As some of the coverage of the attack pointed out, it was a good reminder not to store sensitive data unencrypted.

Wesabe has worked hard to come up with tools to protect our members’ data, both because the nature of our application requires that we ask for extremely sensitive information, and because we believe that all web applications should take security seriously. We have open sourced a piece of software, Grendel, that we think can help many sites (not just financial applications) protect users’ data from a RockYou-style mass disclosure in a simple way. Grendel is a new project that combines ideas we’ve used on Wesabe for years with other pieces we believe should be common infrastructure for web applications.

Nearly all web sites keep all of a user’s data unencrypted. In many cases this is a necessity, since the web site intentionally publishes that data; an encrypted blog wouldn’t have many readers. In other cases, though, the only time the data is used is when the user is logged in, such as in a word processing web application.

The idea of Grendel is to provide an internal (behind-the-firewall) REST-based web service to keep a user’s data encrypted and ensure its integrity when the user isn’t using it. Grendel uses OpenPGP to store data, with the user’s password encrypting an OpenPGP keyset. That model makes it easy for a web site to store data safely and only decrypt it when the user is logged into the site. Since only the user has their password, once they log out, their data is safe, even if the web site’s database is compromised or stolen. Of course this isn’t an infallible protection — there is no such thing — and in particular it doesn’t protect against web site developers acting in bad faith. It does, though, protect against an attacker getting access to all the secrets stored by users in one step.

Of course, data on web sites is usually shared with at least some other people in some way. Sometimes a user might want to share their information with the web site support staff, so the staff can help solve a problem or fix a bug. Or, the user might want to share their sensitive data with selected other users on the site, such as coworkers or family members. Grendel allows this, letting you encrypt data with multiple keys so that more than one user’s password can gain access.

This talk will cover the motivations and ideas behind Grendel, how and where to use it, and its limitations and future directions.

Photo of Sam Quigley

Sam Quigley

Square, Inc

Sam Quigley is the founder and principal consultant at Emerose Advisory Services. Before starting Emerose, Sam was Vice President of Security and Operations at Wesabe, the first online personal finance startup. Over the past nine years, Sam has held a variety of positions in web and network security, including serving (in 2001) as a founding member of the first commercial security and privacy services group at EDS (now HP Enterprise Services); communications manager and open-source developer at Astaro, a leading security appliance vendor; and as the sole security person at Xign (now JP Morgan Treasury Services), a pioneering financial software-as-a-service application.
Sam can be reached at

Photo of Coda Hale

Coda Hale

Yammer, Inc.

Coda Hale is a software engineer and a cyclist. He lives in Berkeley, CA, and works for Yammer, an enterprise messaging service, as their messaging architect. Prior to Yammer, he was one of the first engineers at Wesabe, a personal finance web app.

Photo of Marc Hedlund

Marc Hedlund


Marc Hedlund is co-founder and CEO of Wesabe, a personal finance community helping consumers manage and get the most from their money. Before starting Wesabe, Marc was an entrepreneur-in-residence at O’Reilly Media. Prior to that, he was VP of Engineering at Sana Security, co-founder and CEO of Popular Power, a distributed computing startup, and founder and general manager of Lucas Online, the internet subsidiary of Lucasfilm, Ltd. During his early career, Marc was Director of Engineering at Organic Online, and was CTO at Webstorm, where he wrote one of the Internet’s first shopping cart applications in 1994. He is a graduate of Reed College.

Comments on this page are now closed.


Picture of Ernest Mueller
Ernest Mueller
06/24/2010 7:43am PDT

Speaking as “an OWASP guy,” great session! I think we have a Grendel use case in house already. Very interesting. My session notes for those who are interested:

For Velocity China sponsorship information for companies outside China, contact Yvonne Romaine at

  • Google
  • Strangeloop
  • Yahoo! Inc.
  • Dyn Inc.
  • Facebook
  • Schooner Information Technology
  • Tilera
  • AlertSite
  • AppDynamics
  • Aptimize
  • CDNetworks
  • Circonus
  • Cloudscaling
  • Clustrix
  • Coradiant
  • Dell
  • DTO Solutions
  • MaxiScale
  • Neustar
  • Nokia
  • NorthScale, Inc.
  • Shopzilla
  • Splunk
  • Virident
  • Zoompf
  • Neustar

For information on exhibition and sponsorship opportunities at the conference, contact Yvonne Romaine at

Download the Velocity Sponsor/Exhibitor Prospectus

Download the Media & Promotional Partner Brochure (PDF) for information on trade opportunities with O'Reilly conferences or contact mediapartners@

For media-related inquiries, contact Maureen Jennings at

To stay abreast of conference news and to receive email notification when registration opens, please sign up for the Velocity Conference bulletin (login required)

View a complete list of Velocity contacts