I am working on a project that needs to store the user's login
credentials for multiple other sites so that I can go and grab
information for them. I am trying to figure out how to do this
securely, but still make this fairly simple for the user. Here's what
I have come up with so far:
-Store the username and password of the remote system by encrypting
them using a two-way encryption algorithm.
-Use a passphrase defined by the user as part of the encryption process.
-The same passphrase will be used for all of their credentials for all
the different sites.
-The user will enter their passphrase in each time they want to use
the functionality that logs in at different sites. The passphrase
will not be stored in my system.
Does this approach seem reasonable? Is there anything important I am
overlooking that would make this system crackable?
If this system would work, which ruby packages would you suggest to do