Mitro

Not to be confused with Mi$tro.
Mitro
Repository
TypePassword manager
License2014: GPL-3.0-only[a]
2012: Proprietary
Websitemitro.co

Mitro was a password manager for individuals and teams that securely saved users' logins, and allowed users to log in and share access.

On October 6, 2015, the Mitro service shut down.[1]

The successor to Mitro is named Passopolis; this is a password manager built upon the Mitro source code.

History

Mitro was founded in 2012 by Vijay Pandurangan, Evan Jones, and Adam Hilss. Mitro was backed by $1.2 million in seed funding from Google Ventures and Matrix Partners.[2]

On July 31, 2014, the Mitro team announced that they would join Twitter, and at the same time, they released the source code for Mitro on GitHub as free software under GPL.[3][4]

The Mitro team announced the shuttering of the Mitro service with the following timeline:[1]

  • July 11, 2015: Initial announcement that Mitro would be shut down
  • July 18, 2015: Creating new accounts was disabled
  • August 4, 2015: Final email warning about imminent shutdown was sent
  • September 24, 2015: Mitro become read-only
  • October 6, 2015: Mitro service was turned off
  • October 31, 2015: All Mitro user data permanently destroyed

The Mitro team explained the reason for shutting down the service was that the cost and administrative burden to maintain the service in their spare time with their own money had become too much. Given that they could not properly manage a service that people rely on for their security, they needed to stop running it.[1]

Former customers were encouraged to move to Passopolis, and independent project that uses the open source Mitro code, or use alternatives such as 1Password, Dashlane, or LastPass.

On October 5, 2015, Mitro was officially terminated by Twitter.[5][6][7]

Security

Mitro uses Google's Keyczar on the server and Keyczar JS implementation on the browser.[8]

  • Master key is a 128-bit AES key derived using PBKDF2 (SHA-1; 50000 iterations; 16 salt bytes)
  • RSA with 2048-bit keys using OAEP-SHA1 (separate signing and encryption keys)
  • AES with 128-bit keys in CBC mode with PKCS5 padding
  • All encrypted data includes a MAC (HMAC-SHA1)

See also

Notes

  1. ^ GPL-3.0-only since 2014-07-31.

References

  1. ^ a b c "Mitro is Shutting Down October 6th, 2015". Mitro Labs. November 3, 2015.
  2. ^ Cutler, Kim-Mai (Sep 5, 2013). "Get Your Friends, Co-Workers Out Of "Password Remembering Hell" With Matrix-Backed Mitro". TechCrunch.
  3. ^ "Mitro is joining Twitter and is now open source". Mitro Labs. Jul 31, 2014. Archived from the original on 2014-08-04.
  4. ^ Eckersley, Peter (Jul 31, 2014). "Mitro Releases a New Free & Open Source Password Manager". Electronic Frontier Foundation.
  5. ^ Novet, Jordan (11 July 2015). "Twitter will shut down password manager Mitro on Aug. 31 after buying it last year". Venture Beat.
  6. ^ "FAQ". Passopolis.
  7. ^ "Mitro is shutting down October 6, 2015". Mitro.
  8. ^ "Why Mitro Is Secure: Security FAQs for Experts".