In the US the fifth amendment, which is part of the Bill of Rights, asserts:
No person [...] shall be compelled in any criminal case to be a witness against himself. The Italian law has a very similar provision, the "nemo tenetur se detegere" principle. It states that a person under investigation can refuse to make declarations.
But what if the encrypted files are disguised as innocent family pictures?
No police or judge can request a key if they don't know or cannot reasonably prove that a key exists. It's easy to imagine a mass adoption of steganographic tools where secret documents and communications are hidden inside irreproachable pictures. Similarly, tools like TrueCrypt can conceal encrypted material in a way that prevent its detection.
More on this issue in this post: More steganography ahead on the Clipperz online password manager blog.
The assumption that reputation management should be tightly coupled with identity management is often non properly stated..
(no matter what Dick Hardt keep saying in his beautiful speeches...)
I recently wrote few posts on this topic on the Clipperz password manager blog.
If you are interested in browser based cryptography try the Clipperz Crypto Library, a JavaScript library to provide web developers with an extensive and efficient set of cryptographic functions. The library presently includes:
SRP authentication protocol
SHA2 hash functions
AES symmetric encryption
Fortuna PRNG
The library is relesead under a BSD license and it's derived from the code behind Clipperz password manager.
Using a password manager is not merely convenient, it's an effective way to adopt better security practices without too much stress. It basically sums up to: 1) never re-use the same password, 2) use strong passwords.
Software products are certainly an option, but you could also consider a web based solution. Yes, I'm a tad biased being the co-founder of Clipperz...
Clipperz is an online password manager that can do much more than simply storing your passwords.
ubiquitous access
direct login to online services
offline version
bookmarklet for quick data entry
nothing to install or backup
free
completely anonymous
Clipperz lets you submit confidential information into your browser, but your data are locally encrypted by the browser itself before being uploaded. The key for the encryption process is a passphrase known only to you. Clipperz simply hosts your sensitive data in encrypted form and could never actually access the data in its plain form.
Clipperz does solve the password management problem, but it mainly gives a practical demonstration of a new breed of web applications: the zero-knowledge web apps. Applications where the provider is simply in charge of delivering the Ajax code to the user's browser and then storing user's data in an encrypted form on its servers. Clipperz lets you submit confidential information into your browser, but your data are locally encrypted by the browser itself before being uploaded.
Clipperz does not use homemade cryptographic algorithms but implements standard strong encryption schemes (AES, SHA2, Fortuna, SRP,...). Since Clipperz is a huge Javascript application, you can review the source code anytime you like. The whole source code is downloaded to your browser before you sign-in, so you can easily check if it is a genuine version.
You can even include the Javascript code of our crypto primitives in your web applications since we packed them into the Clipperz Crypto Library, released under a BSD license. Download it here: http://code.google.com/p/clipperz
Slashdot Mirror
But what if the encrypted files are disguised as innocent family pictures?
No police or judge can request a key if they don't know or cannot reasonably prove that a key exists. It's easy to imagine a mass adoption of steganographic tools where secret documents and communications are hidden inside irreproachable pictures. Similarly, tools like TrueCrypt can conceal encrypted material in a way that prevent its detection.
More on this issue in this post: More steganography ahead on the Clipperz online password manager blog.
The assumption that reputation management should be tightly coupled with identity management is often non properly stated ..
(no matter what Dick Hardt keep saying in his beautiful speeches ...)
I recently wrote few posts on this topic on the Clipperz password manager blog.
Freenigma is adding GPG encryption to Gmail and several other webmails since last summer! If you are interested in Freenigma read my interview with its main developer Stefan Richter on the Clipperz password manager blog.
- SRP authentication protocol
- SHA2 hash functions
- AES symmetric encryption
- Fortuna PRNG
The library is relesead under a BSD license and it's derived from the code behind Clipperz password manager.Software products are certainly an option, but you could also consider a web based solution. Yes, I'm a tad biased being the co-founder of Clipperz...
Clipperz is an online password manager that can do much more than simply storing your passwords.
- ubiquitous access
- direct login to online services
- offline version
- bookmarklet for quick data entry
- nothing to install or backup
- free
- completely anonymous
Clipperz lets you submit confidential information into your browser, but your data are locally encrypted by the browser itself before being uploaded. The key for the encryption process is a passphrase known only to you. Clipperz simply hosts your sensitive data in encrypted form and could never actually access the data in its plain form.Clipperz does solve the password management problem, but it mainly gives a practical demonstration of a new breed of web applications: the zero-knowledge web apps. Applications where the provider is simply in charge of delivering the Ajax code to the user's browser and then storing user's data in an encrypted form on its servers. Clipperz lets you submit confidential information into your browser, but your data are locally encrypted by the browser itself before being uploaded.
Detailed information about the crypto foundations are available here: http://www.clipperz.com/learn_more/crypto_foundati ons
Clipperz does not use homemade cryptographic algorithms but implements standard strong encryption schemes (AES, SHA2, Fortuna, SRP, ...). Since Clipperz is a huge Javascript application, you can review the source code anytime you like. The whole source code is downloaded to your browser before you sign-in, so you can easily check if it is a genuine version.
More info about performing a security code review is available here: http://www.clipperz.com/learn_more/reviewing_the_c ode
You can even include the Javascript code of our crypto primitives in your web applications since we packed them into the Clipperz Crypto Library, released under a BSD license. Download it here: http://code.google.com/p/clipperz
For any further information visit the discussion group http://groups.google.com/group/clipperz
Marco
Clipperz co-founder