Domain: clipperz.com
Stories and comments across the archive that link to clipperz.com.
Comments · 21
-
Re:This is too simple to fix
You're using an online password manager service, operated by someone else, on servers you don't control, to store login credentials for lots of other sites in one place? That seems like a disasterpiece waiting to happen.
Yes, I did review their site, including their security and privacy page. After digesting that information and reading over everything else on their site once more, I still see this is a pretty bad move. My primary concerns don't rest with the cryptographic algorithms being used, but relate much more to how those algorithms are implemented and how their infrastructure is controlled. That said, use whatever you like.
-
Re:This is too simple to fix
You can always use a password manager (ex: http://www.clipperz.com/ ). I actually don't even know most of my passwords. Don't need to.
-
Have a look at Clipperz
Have a look at Clipperz, more specifically their community edition. Client side encryption in javascript using standard security algorithms that you can also send over SSL if you want.
-
Have a look at Clipperz
Have a look at Clipperz, more specifically their community edition. Client side encryption in javascript using standard security algorithms that you can also send over SSL if you want.
-
Re:TL; DR
Use a password manager and you can getaway with remembering one, this is the case for me these days.
Local files with syncing:
http://keepass.info/ http://passwordsafe.sourceforge.net/
Hosted
http://clipperz.com/ (can host it yourself if you rather want that) http://sourceforge.net/projects/webkeepass/
Furthermore, if you are developing apps, an easy way to (currently) protect against bruteforce is to use something like PBKDF2 with 10 000 or more loops (provided there is a sane password policy behind).
The SHA2 functions are made for speed, a GTX-400 series card with oclHashcat can easily reach 300million SHA2-256 / sec. -
Re:Bad passwords are not always the user's fault.
Online password manager with client-side encryption and secure password generation: http://clipperz.com/
-
Clipperz
I like Clipperz. You don't need to have anything installed, which is nice. They host your passwords in encrypted form.
-
you could try some online password managers...
-
Clipperz
Clipperz is both a service, and a downloadable webapp you can run on your own server. It's the closest thing I've found that approximates the features of 1Pass (for Macs) on Linux. Now I just need to get a data plan for my phone.
-
Clipperz.com
I use clipperz, a free and anonymous online password manager which comes in an offline version too. It is based on open standards, proven encryption technologies, and has no vendor lock-in, and full anonymity.
I like the philosophy behind it and the people who have developed it.
If you use it, please consider a donation =)
-
zero-knowledge web applications
Have a look at http://www.clipperz.com/about. The application knows nothing about you actual data but you can do stuff on your data, like searching (which is atm not possible, but would be).
-
More steganography aheadIn the US the fifth amendment, which is part of the Bill of Rights, asserts: No person [...] shall be compelled in any criminal case to be a witness against himself. The Italian law has a very similar provision, the "nemo tenetur se detegere" principle. It states that a person under investigation can refuse to make declarations.
But what if the encrypted files are disguised as innocent family pictures?
No police or judge can request a key if they don't know or cannot reasonably prove that a key exists. It's easy to imagine a mass adoption of steganographic tools where secret documents and communications are hidden inside irreproachable pictures. Similarly, tools like TrueCrypt can conceal encrypted material in a way that prevent its detection.
More on this issue in this post: More steganography ahead on the Clipperz online password manager blog. -
More steganography aheadIn the US the fifth amendment, which is part of the Bill of Rights, asserts: No person [...] shall be compelled in any criminal case to be a witness against himself. The Italian law has a very similar provision, the "nemo tenetur se detegere" principle. It states that a person under investigation can refuse to make declarations.
But what if the encrypted files are disguised as innocent family pictures?
No police or judge can request a key if they don't know or cannot reasonably prove that a key exists. It's easy to imagine a mass adoption of steganographic tools where secret documents and communications are hidden inside irreproachable pictures. Similarly, tools like TrueCrypt can conceal encrypted material in a way that prevent its detection.
More on this issue in this post: More steganography ahead on the Clipperz online password manager blog. -
Identity != reputation
The assumption that reputation management should be tightly coupled with identity management is often non properly stated
.. (no matter what Dick Hardt keep saying in his beautiful speeches ...) I recently wrote few posts on this topic on the Clipperz password manager blog. -
Identity != reputation
The assumption that reputation management should be tightly coupled with identity management is often non properly stated
.. (no matter what Dick Hardt keep saying in his beautiful speeches ...) I recently wrote few posts on this topic on the Clipperz password manager blog. -
Old news: never heard of Freenigma?!
Freenigma is adding GPG encryption to Gmail and several other webmails since last summer! If you are interested in Freenigma read my interview with its main developer Stefan Richter on the Clipperz password manager blog.
-
Old news: never heard of Freenigma?!
Freenigma is adding GPG encryption to Gmail and several other webmails since last summer! If you are interested in Freenigma read my interview with its main developer Stefan Richter on the Clipperz password manager blog.
-
Re:javascript RSA cryptography demoIf you are interested in browser based cryptography try the Clipperz Crypto Library, a JavaScript library to provide web developers with an extensive and efficient set of cryptographic functions. The library presently includes:
- SRP authentication protocol
- SHA2 hash functions
- AES symmetric encryption
- Fortuna PRNG
-
Online password manager anyone?Using a password manager is not merely convenient, it's an effective way to adopt better security practices without too much stress. It basically sums up to: 1) never re-use the same password, 2) use strong passwords.
Software products are certainly an option, but you could also consider a web based solution. Yes, I'm a tad biased being the co-founder of Clipperz...
Clipperz is an online password manager that can do much more than simply storing your passwords.
- ubiquitous access
- direct login to online services
- offline version
- bookmarklet for quick data entry
- nothing to install or backup
- free
- completely anonymous
Clipperz does solve the password management problem, but it mainly gives a practical demonstration of a new breed of web applications: the zero-knowledge web apps. Applications where the provider is simply in charge of delivering the Ajax code to the user's browser and then storing user's data in an encrypted form on its servers. Clipperz lets you submit confidential information into your browser, but your data are locally encrypted by the browser itself before being uploaded.
Detailed information about the crypto foundations are available here: http://www.clipperz.com/learn_more/crypto_foundat
i onsClipperz does not use homemade cryptographic algorithms but implements standard strong encryption schemes (AES, SHA2, Fortuna, SRP,
...). Since Clipperz is a huge Javascript application, you can review the source code anytime you like. The whole source code is downloaded to your browser before you sign-in, so you can easily check if it is a genuine version.More info about performing a security code review is available here: http://www.clipperz.com/learn_more/reviewing_the_
c odeYou can even include the Javascript code of our crypto primitives in your web applications since we packed them into the Clipperz Crypto Library, released under a BSD license. Download it here: http://code.google.com/p/clipperz
For any further information visit the discussion group http://groups.google.com/group/clipperz
Marco
Clipperz co-founder -
Online password manager anyone?Using a password manager is not merely convenient, it's an effective way to adopt better security practices without too much stress. It basically sums up to: 1) never re-use the same password, 2) use strong passwords.
Software products are certainly an option, but you could also consider a web based solution. Yes, I'm a tad biased being the co-founder of Clipperz...
Clipperz is an online password manager that can do much more than simply storing your passwords.
- ubiquitous access
- direct login to online services
- offline version
- bookmarklet for quick data entry
- nothing to install or backup
- free
- completely anonymous
Clipperz does solve the password management problem, but it mainly gives a practical demonstration of a new breed of web applications: the zero-knowledge web apps. Applications where the provider is simply in charge of delivering the Ajax code to the user's browser and then storing user's data in an encrypted form on its servers. Clipperz lets you submit confidential information into your browser, but your data are locally encrypted by the browser itself before being uploaded.
Detailed information about the crypto foundations are available here: http://www.clipperz.com/learn_more/crypto_foundat
i onsClipperz does not use homemade cryptographic algorithms but implements standard strong encryption schemes (AES, SHA2, Fortuna, SRP,
...). Since Clipperz is a huge Javascript application, you can review the source code anytime you like. The whole source code is downloaded to your browser before you sign-in, so you can easily check if it is a genuine version.More info about performing a security code review is available here: http://www.clipperz.com/learn_more/reviewing_the_
c odeYou can even include the Javascript code of our crypto primitives in your web applications since we packed them into the Clipperz Crypto Library, released under a BSD license. Download it here: http://code.google.com/p/clipperz
For any further information visit the discussion group http://groups.google.com/group/clipperz
Marco
Clipperz co-founder -
Online password manager anyone?Using a password manager is not merely convenient, it's an effective way to adopt better security practices without too much stress. It basically sums up to: 1) never re-use the same password, 2) use strong passwords.
Software products are certainly an option, but you could also consider a web based solution. Yes, I'm a tad biased being the co-founder of Clipperz...
Clipperz is an online password manager that can do much more than simply storing your passwords.
- ubiquitous access
- direct login to online services
- offline version
- bookmarklet for quick data entry
- nothing to install or backup
- free
- completely anonymous
Clipperz does solve the password management problem, but it mainly gives a practical demonstration of a new breed of web applications: the zero-knowledge web apps. Applications where the provider is simply in charge of delivering the Ajax code to the user's browser and then storing user's data in an encrypted form on its servers. Clipperz lets you submit confidential information into your browser, but your data are locally encrypted by the browser itself before being uploaded.
Detailed information about the crypto foundations are available here: http://www.clipperz.com/learn_more/crypto_foundat
i onsClipperz does not use homemade cryptographic algorithms but implements standard strong encryption schemes (AES, SHA2, Fortuna, SRP,
...). Since Clipperz is a huge Javascript application, you can review the source code anytime you like. The whole source code is downloaded to your browser before you sign-in, so you can easily check if it is a genuine version.More info about performing a security code review is available here: http://www.clipperz.com/learn_more/reviewing_the_
c odeYou can even include the Javascript code of our crypto primitives in your web applications since we packed them into the Clipperz Crypto Library, released under a BSD license. Download it here: http://code.google.com/p/clipperz
For any further information visit the discussion group http://groups.google.com/group/clipperz
Marco
Clipperz co-founder