[liberationtech] PGP is hard to use and needs stuff installed on your computer. Use PassLok instead.
Scenario: you, Alice, realize you're under NSA surveillance. You need to get a crucial bit of information to your friend Bob, right away. You've been using PGP, but now you suspect the NSA may have installed a bug on your machine. Your keystrokes are being recorded. What can you do? Use PassLok instead. I wrote PassLok with three guiding principles in mind: 1. Absolutely nothing should be installed or even written in the computer. Alice should be able to go to the local library or borrow someone else's smartphone, and leave no traces behind. 2. Best security available. No compromises. 3. Graphical interface. Only one screen, as clean as possible. Therefore, PassLok is written entirely in javascript. Once you load the page at https://passlok.site44.com (http://passlok.com redirects you there), you can save the file and you have PassLok even offline. You can view the source and convince yourself that it is not connecting with any server. If you know some cryptography, you can see that it is using the well-known SJCL routines for AES encryption/decryption and elliptic curve functions. Since the elliptic curves implemented in the current version of SJCL only go up to the 384-bit NIST curve, I added the 521-bit NIST curve (equivalent to a 15000-bit RSA key in predicted security) so that PassLok uses that as a default. Even at 521 bits, the public keys are small, as you can see from my lock (public key) below. PassLok performs public-key cryptography using the Diffie-Hellman key exchange rather than RSA, so you can use whatever secret key you want. Hopefully something that is both very hard to guess and easy to remember, so you never have to write it down. PassLok will help you to come up with a strong key, but won't force you in any way. PassLok can sign and verify signatures, too (many PGP implementations, such as Mailvelope, cannot), and can also include a second secret message under a separate key, to beat the "rubberhose attack." If you are not sure about the authenticity of something, PassLock can make a short ID that you can read over the phone. All of it from a single screen. I want people to use PassLok and uncover any bugs it might still have, before I move on to a Gmail plugin based on its engine. I believe it is already very secure and easy to use by those who know a little cryptography. Hopefully the metaphor used throughout PassLok, about locks and keys rather than private/public key pairs, will also make it usable by novices. I'll appreciate any feedback you can give me. The link is repeated at the bottom. Thanks! -- Francisco Ruiz Associate Professor MMAE department Illinois Institute of Technology my PassLok lock: PL12lok=KpYv+bqJ7pq0eqC664UlIcwfl1P8f8p12NUqFdg2bQ2gTQTBuOo09BQs3GGiYOQUuQmtnoceAxJoSzjvYEYOM0q=PL12lok get the PassLok privacy app at: http://passlok.com -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] PGP is hard to use and needs stuff installed on your computer. Use PassLok instead.
Francisco Ruiz writes: >Scenario: you, Alice, realize you're under NSA surveillance. You need >to get a crucial bit of information to your friend Bob, right away. >You've been using PGP, but now you suspect the NSA may have installed >a bug on your machine. Your keystrokes are being recorded. > >What can you do? Use PassLok instead. > >I wrote PassLok with three guiding principles in mind: >1. Absolutely nothing should be installed or even written in the >computer. Alice should be able to go to the local library or borrow >someone else's smartphone, and leave no traces behind. >2. Best security available. No compromises. >3. Graphical interface. Only one screen, as clean as possible. > >Therefore, PassLok is written entirely in javascript. Once you load >the page at https://passlok.site44.com (http://passlok.com redirects >you there), you can save the file and you have PassLok even offline. >You can view the source and convince yourself that it is not >connecting with any server. If you know some cryptography, you can see >that it is using the well-known SJCL routines for AES >encryption/decryption and elliptic curve functions. Since the elliptic >curves implemented in the current version of SJCL only go up to the >384-bit NIST curve, I added the 521-bit NIST curve (equivalent to a >15000-bit RSA key in predicted security) so that PassLok uses that as >a default. Even at 521 bits, the public keys are small, as you can see >from my lock (public key) below. > >PassLok performs public-key cryptography using the Diffie-Hellman key >exchange rather than RSA, so you can use whatever secret key you want. >Hopefully something that is both very hard to guess and easy to >remember, so you never have to write it down. PassLok will help you to >come up with a strong key, but won't force you in any way. > >PassLok can sign and verify signatures, too (many PGP implementations, >such as Mailvelope, cannot), and can also include a second secret >message under a separate key, to beat the "rubberhose attack." If you >are not sure about the authenticity of something, PassLock can make a >short ID that you can read over the phone. All of it from a single >screen. > >I want people to use PassLok and uncover any bugs it might still have, >before I move on to a Gmail plugin based on its engine. I believe it >is already very secure and easy to use by those who know a little >cryptography. Hopefully the metaphor used throughout PassLok, about >locks and keys rather than private/public key pairs, will also make it >usable by novices. > >I'll appreciate any feedback you can give me. The link is repeated at >the bottom. > >Thanks! Francisco, thanks for posting this. At the PassLok site, some text can be clicked on to cause expandable/contractable instructions to appear. It would be nice if there were an icon (like a turnable triangle icon or something) that made this more obvious -- otherwise, the title words just look like normal text and one might not think to click on it. (Yes, you say so at the top, but I think users tend to only read text that looks like it's relevant to the immediate task at hand, not general instructions that appear at the top of the page, far away from the targets to which they apply.) Also, it will not be obvious to many people that "View Source" on the page is how they get the code for inspection and possible self-hosting. Maybe you could put up an explicit instruction about that, in the same place where other sites might have (say) a GitHub link? -Karl -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] PGP is hard to use and needs stuff installed on your computer. Use PassLok instead.
You should use ContentSecurityPolicy to help avoid XSS attacks: http://content-security-policy.com/ https://people.mozilla.com/~bsterne/content-security-policy/ Regards, David On Fri, 26 Jul 2013 15:42:02 -0500, Francisco Ruiz wrote: > Scenario: you, Alice, realize you're under NSA surveillance. You need to > get a crucial bit of information to your friend Bob, right away. > You've been using PGP, but now you suspect the NSA may have installed a bug > on your machine. Your keystrokes are being recorded. > > What can you do? Use PassLok instead. > > I wrote PassLok with three guiding principles in mind: > 1. Absolutely nothing should be installed or even written in the computer. > Alice should be able to go to the local library or borrow someone else's > smartphone, and leave no traces behind. > 2. Best security available. No compromises. > 3. Graphical interface. Only one screen, as clean as possible. > > Therefore, PassLok is written entirely in javascript. Once you load the > page at https://passlok.site44.com (http://passlok.com redirects you > there), you can save the file and you have PassLok even offline. You can > view the source and convince yourself that it is not connecting with any > server. If you know some cryptography, you can see that it is using the > well-known SJCL routines for AES encryption/decryption and elliptic curve > functions. Since the elliptic curves implemented in the current version of > SJCL only go up to the 384-bit NIST curve, I added the 521-bit NIST curve > (equivalent to a 15000-bit RSA key in predicted security) so that PassLok > uses that as a default. Even at 521 bits, the public keys are small, as you > can see from my lock (public key) below. > > PassLok performs public-key cryptography using the Diffie-Hellman key > exchange rather than RSA, so you can use whatever secret key you want. > Hopefully something that is both very hard to guess and easy to remember, > so you never have to write it down. PassLok will help you to come up with a > strong key, but won't force you in any way. > > PassLok can sign and verify signatures, too (many PGP implementations, such > as Mailvelope, cannot), and can also include a second secret message under > a separate key, to beat the "rubberhose attack." If you are not sure about > the authenticity of something, PassLock can make a short ID that you can > read over the phone. All of it from a single screen. > > I want people to use PassLok and uncover any bugs it might still have, > before I move on to a Gmail plugin based on its engine. I believe it is > already very secure and easy to use by those who know a little > cryptography. Hopefully the metaphor used throughout PassLok, about locks > and keys rather than private/public key pairs, will also make it usable by > novices. > > I'll appreciate any feedback you can give me. The link is repeated at the > bottom. > > Thanks! > > -- > Francisco Ruiz > Associate Professor > MMAE department > Illinois Institute of Technology > > my PassLok lock: > > PL12lok=KpYv+bqJ7pq0eqC664UlIcwfl1P8f8p12NUqFdg2bQ2gTQTBuOo09BQs3GGiYOQUuQmtnoceAxJoSzjvYEYOM0q=PL12lok > > get the PassLok privacy app at: http://passlok.com > -- > Too many emails? Unsubscribe, change to digest, or change password by > emailing moderator at compa...@stanford.edu or changing your settings at > https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] PGP is hard to use and needs stuff installed on your computer. Use PassLok instead.
On Fri, Jul 26, 2013 at 1:42 PM, Francisco Ruiz wrote: > Scenario: you, Alice, realize you're under NSA surveillance. You need to > get a crucial bit of information to your friend Bob, right away. > You've been using PGP, but now you suspect the NSA may have installed a bug > on your machine. Your keystrokes are being recorded. > Can I play devil's advocate for the NSA here, since you've evoked a battle with a state-level entity? The NSA is coordinating with the FBI to actively surveil every single movement of Alice and Bob, 24/7, no matter where they go. Alice's home is bugged. Bob's home is bugged. Every single piece of equipment they own has either been compromised with a zero day known to the NSA but not to the public, or through direct physical bugs that the FBI added to these devices while Alice and Bob were sleeping. > What can you do? Use PassLok instead. > PassLok is probably not effective in the above scenario. > Alice should be able to go to the local library > The FBI surveils Alice as she goes to the library, notes what computer in the library she is about to sit down at, and relays this information to the NSA. The NSA bypasses the library firewall with a zero day, looks up the IP address of this computer promptly uses a zero day to take complete control of this computer. or borrow someone else's smartphone > The NSA has already owned the cell phones of every one of Alice's friends using their enormous library of zero days. Alice can't win against a state-level adversary, sorry. This isn't an indictment of PassLok so much as evoking the NSA as an adversary in this sort of scenario. You won't win, sorry. -- Tony Arcieri -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] PGP is hard to use and needs stuff installed on your computer. Use PassLok instead.
If you assume communications are monitored and your machine is compromised, this has some fundamental flaws: - How do I communicate a password to Bob? Before I "get a crucial bit of information" to Bob, I need to first get a crucial bit of information to Bob? - You assumed a keylogger is installed. If I type the password in the browser, isn't it compromised? - JavaScript is delivered from your server. How do I know it's not already compromised? Yes, I know you plan to write a plugin. Why not do that from the start instead of something immediately broken? - You modified SJCL and added a 521-bit curve. How do I trust your changes? "You can audit my code" is not the answer I'm looking for -- I don't want to proof-read curve values from NIST documents. - No source. No docs. Untrusted third-party dependency on qrcode.js. - I've seen dozens of JavaScript crypto projects like this over the years. How is this approach different from all the others that failed? On Fri, Jul 26, 2013 at 1:42 PM, Francisco Ruiz wrote: > Scenario: you, Alice, realize you're under NSA surveillance. You need to get > a crucial bit of information to your friend Bob, right away. > You've been using PGP, but now you suspect the NSA may have installed a bug > on your machine. Your keystrokes are being recorded. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] PGP is hard to use and needs stuff installed on your computer. Use PassLok instead.
..on Fri, Jul 26, 2013 at 03:42:02PM -0500, Francisco Ruiz wrote: > Scenario: you, Alice, realize you're under NSA surveillance. You need to > get a crucial bit of information to your friend Bob, right away. > You've been using PGP, but now you suspect the NSA may have installed a bug > on your machine. Your keystrokes are being recorded. > > What can you do? Use PassLok instead. > > I wrote PassLok with three guiding principles in mind: > 1. Absolutely nothing should be installed or even written in the computer. > Alice should be able to go to the local library or borrow someone else's > smartphone, and leave no traces behind. > 2. Best security available. No compromises. > 3. Graphical interface. Only one screen, as clean as possible. > > Therefore, PassLok is written entirely in javascript. Once you load the > page at https://passlok.site44.com (http://passlok.com redirects you > there), you can save the file and you have PassLok even offline. You can > view the source and convince yourself that it is not connecting with any > server. If you know some cryptography, you can see that it is using the > well-known SJCL routines for AES encryption/decryption and elliptic curve > functions. Since the elliptic curves implemented in the current version of > SJCL only go up to the 384-bit NIST curve, I added the 521-bit NIST curve > (equivalent to a 15000-bit RSA key in predicted security) so that PassLok > uses that as a default. Even at 521 bits, the public keys are small, as you > can see from my lock (public key) below. > > PassLok performs public-key cryptography using the Diffie-Hellman key > exchange rather than RSA, so you can use whatever secret key you want. > Hopefully something that is both very hard to guess and easy to remember, > so you never have to write it down. PassLok will help you to come up with a > strong key, but won't force you in any way. > > PassLok can sign and verify signatures, too (many PGP implementations, such > as Mailvelope, cannot), and can also include a second secret message under > a separate key, to beat the "rubberhose attack." If you are not sure about > the authenticity of something, PassLock can make a short ID that you can > read over the phone. All of it from a single screen. > > I want people to use PassLok and uncover any bugs it might still have, > before I move on to a Gmail plugin based on its engine. I believe it is > already very secure and easy to use by those who know a little > cryptography. Hopefully the metaphor used throughout PassLok, about locks > and keys rather than private/public key pairs, will also make it usable by > novices. > > I'll appreciate any feedback you can give me. The link is repeated at the > bottom. I haven't given it an audit but so far it appears to be a very nice implementation. Congratulations. And yes, it passed the offline, locally hosted test ;) I feel clicking on the title 'Key / Lock Conbination' for instructions would baffle most people. The 'step by step instructions' page is good, but I think it could be more helpfully integrated. Perhaps you could have a drop-down menu for each use case, with instructions appearing as hints in each field. Again, great work and a great contribution! Cheers, -- Julian Oliver PGP B6E9FD9A http://julianoliver.com http://criticalengineering.org -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] PGP is hard to use and needs stuff installed on your computer. Use PassLok instead.
Thanks for your excellent feedback, David, PassLok 1.2 is a perfectly static page. Therefore, I don't believe it is vulnerable to the standard XSS attack, as CERT says: "A web page contains both text and HTML markup that is generated by the server and interpreted by the client browser. Web sites that generate only static pages are able to have full control over how the browser interprets these pages. Web sites that generate dynamic pages do not have complete control over how their outputs are interpreted by the client. The heart of the issue is that if mistrusted content can be introduced into a dynamic page, neither the web site nor the client has enough information to recognize that this has happened and take protective actions." (CERT Coordination Center). Now, I am worried about an attacker replacing the original page with another page with broken or backdoor encryption. This is why requests to download PassLok are redirected to https. I've tried to hide the identity of the server as best as I could but there is still the possibility that someone might find the server, hack it somehow, and change the code, even replacing the self-check string in the help file. I think the best defense against this is mirroring, so an attacker would have to hack multiple unrelated servers to get away with it. It would be great if people could provide some mirrors. I would list them all in the help page (or even the index page, if they are not too many), and let the user download several and do a file comparison. Again, any ideas in this respect will be greatly appreciated. Francisco On Fri, Jul 26, 2013 at 3:59 PM, wrote: > You should use ContentSecurityPolicy to help avoid XSS attacks: > http://content-security-policy.com/ > https://people.mozilla.com/~bsterne/content-security-policy/ > > Regards, > > David > > On Fri, 26 Jul 2013 15:42:02 -0500, Francisco Ruiz wrote: > > > Scenario: you, Alice, realize you're under NSA surveillance. You need to > > get a crucial bit of information to your friend Bob, right away. > > You've been using PGP, but now you suspect the NSA may have installed a > bug > > on your machine. Your keystrokes are being recorded. > > > > What can you do? Use PassLok instead. > > > > I wrote PassLok with three guiding principles in mind: > > 1. Absolutely nothing should be installed or even written in the > computer. > > Alice should be able to go to the local library or borrow someone else's > > smartphone, and leave no traces behind. > > 2. Best security available. No compromises. > > 3. Graphical interface. Only one screen, as clean as possible. > > > > Therefore, PassLok is written entirely in javascript. Once you load the > > page at https://passlok.site44.com (http://passlok.com redirects you > > there), you can save the file and you have PassLok even offline. You can > > view the source and convince yourself that it is not connecting with any > > server. If you know some cryptography, you can see that it is using the > > well-known SJCL routines for AES encryption/decryption and elliptic curve > > functions. Since the elliptic curves implemented in the current version > of > > SJCL only go up to the 384-bit NIST curve, I added the 521-bit NIST curve > > (equivalent to a 15000-bit RSA key in predicted security) so that PassLok > > uses that as a default. Even at 521 bits, the public keys are small, as > you > > can see from my lock (public key) below. > > > > PassLok performs public-key cryptography using the Diffie-Hellman key > > exchange rather than RSA, so you can use whatever secret key you want. > > Hopefully something that is both very hard to guess and easy to remember, > > so you never have to write it down. PassLok will help you to come up > with a > > strong key, but won't force you in any way. > > > > PassLok can sign and verify signatures, too (many PGP implementations, > such > > as Mailvelope, cannot), and can also include a second secret message > under > > a separate key, to beat the "rubberhose attack." If you are not sure > about > > the authenticity of something, PassLock can make a short ID that you can > > read over the phone. All of it from a single screen. > > > > I want people to use PassLok and uncover any bugs it might still have, > > before I move on to a Gmail plugin based on its engine. I believe it is > > already very secure and easy to use by those who know a little > > cryptography. Hopefully the metaphor used throughout PassLok, about locks > > and keys rather than private/public key pairs, will also make it usable > by > > novices. > > > > I'll appreciate any feedback you can give me. The link is repeated at the > > bottom. > > > > Thanks! > > > > -- > > Francisco Ruiz > > Associate Professor > > MMAE department > > Illinois Institute of Technology > > > > my PassLok lock: > > > > > PL12lok=KpYv+bqJ7pq0eqC664UlIcwfl1P8f8p12NUqFdg2bQ2gTQTBuOo09BQs3GGiYOQUuQmtnoceAxJoSzjvYEYOM0q=PL12lok > > > > get the PassLok privacy app at: http://passlok.com > > --
Re: [liberationtech] PGP is hard to use and needs stuff installed on your computer. Use PassLok instead.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 26/07/13 21:42, Francisco Ruiz wrote: > PassLok performs public-key cryptography using the Diffie-Hellman > key exchange rather than RSA, so you can use whatever secret key > you want. Hopefully something that is both very hard to guess and > easy to remember, so you never have to write it down. PassLok will > help you to come up with a strong key, but won't force you in any > way. Hi Francisco, It looks like you're generating a Diffie-Hellman key pair from a passphrase using PBKDF2 with no salt and a single iteration. That's a bad idea - the resulting key pair will be susceptible to a dictionary attack by anyone who knows the public key, or a message encrypted with the public key, or a message signed with the private key. Worse, because you don't use salt, the dictionary attack can be carried out in advance by building a rainbow table. Cheers, Michael -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJR9DYyAAoJEBEET9GfxSfMNzsH/jU6WrzE7Y9jeLTtMBTahhJX KpzdmHSYp3D457YxLj2WVP4hj0fqf2ygaers3N9O2QRNU69tkv/eZZdbezCGcdWr FQ/Dg/hp7nMEKZTJEmkzKfxQUQkB7WRWxJsk9Bl15UehctsEPNkEcLT0SA75I8Q+ cWoEyfOF4/+jY+JgAoWi/rsU/G1Frlg/dwqS0MNvGTDLTvAeOPjJqlx+RWTG00kA 5SpoYYJJobxyR9b1GkbvapwaOSviuNGVYG8vNi5mNv/C55OGCWGIBm+L/RItf6Yl 8XNaSY9XJaVC1k6+q1QQTFlav8SzTBfzFLUoFcX+fOWd3gPgPtAjwfLv1moOuDc= =DJzx -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] PGP is hard to use and needs stuff installed on your computer. Use PassLok instead.
..on Fri, Jul 26, 2013 at 03:59:34PM -0500, dd...@nulltxt.se wrote: > You should use ContentSecurityPolicy to help avoid XSS attacks: > http://content-security-policy.com/ > https://people.mozilla.com/~bsterne/content-security-policy/ The page appears to be entirely static to me, which I thought was one of the advantages of this implementation. More so, it can be used offline, in a locally hosted session. Cheers, Julian > On Fri, 26 Jul 2013 15:42:02 -0500, Francisco Ruiz wrote: > > > Scenario: you, Alice, realize you're under NSA surveillance. You need to > > get a crucial bit of information to your friend Bob, right away. > > You've been using PGP, but now you suspect the NSA may have installed a bug > > on your machine. Your keystrokes are being recorded. > > > > What can you do? Use PassLok instead. > > > > I wrote PassLok with three guiding principles in mind: > > 1. Absolutely nothing should be installed or even written in the computer. > > Alice should be able to go to the local library or borrow someone else's > > smartphone, and leave no traces behind. > > 2. Best security available. No compromises. > > 3. Graphical interface. Only one screen, as clean as possible. > > > > Therefore, PassLok is written entirely in javascript. Once you load the > > page at https://passlok.site44.com (http://passlok.com redirects you > > there), you can save the file and you have PassLok even offline. You can > > view the source and convince yourself that it is not connecting with any > > server. If you know some cryptography, you can see that it is using the > > well-known SJCL routines for AES encryption/decryption and elliptic curve > > functions. Since the elliptic curves implemented in the current version of > > SJCL only go up to the 384-bit NIST curve, I added the 521-bit NIST curve > > (equivalent to a 15000-bit RSA key in predicted security) so that PassLok > > uses that as a default. Even at 521 bits, the public keys are small, as you > > can see from my lock (public key) below. > > > > PassLok performs public-key cryptography using the Diffie-Hellman key > > exchange rather than RSA, so you can use whatever secret key you want. > > Hopefully something that is both very hard to guess and easy to remember, > > so you never have to write it down. PassLok will help you to come up with a > > strong key, but won't force you in any way. > > > > PassLok can sign and verify signatures, too (many PGP implementations, such > > as Mailvelope, cannot), and can also include a second secret message under > > a separate key, to beat the "rubberhose attack." If you are not sure about > > the authenticity of something, PassLock can make a short ID that you can > > read over the phone. All of it from a single screen. > > > > I want people to use PassLok and uncover any bugs it might still have, > > before I move on to a Gmail plugin based on its engine. I believe it is > > already very secure and easy to use by those who know a little > > cryptography. Hopefully the metaphor used throughout PassLok, about locks > > and keys rather than private/public key pairs, will also make it usable by > > novices. > > > > I'll appreciate any feedback you can give me. The link is repeated at the > > bottom. > > > > Thanks! > > > > -- > > Francisco Ruiz > > Associate Professor > > MMAE department > > Illinois Institute of Technology > > > > my PassLok lock: > > > > PL12lok=KpYv+bqJ7pq0eqC664UlIcwfl1P8f8p12NUqFdg2bQ2gTQTBuOo09BQs3GGiYOQUuQmtnoceAxJoSzjvYEYOM0q=PL12lok > > > > get the PassLok privacy app at: http://passlok.com > > -- > > Too many emails? Unsubscribe, change to digest, or change password by > > emailing moderator at compa...@stanford.edu or changing your settings at > > https://mailman.stanford.edu/mailman/listinfo/liberationtech > -- > Too many emails? Unsubscribe, change to digest, or change password by > emailing moderator at compa...@stanford.edu or changing your settings at > https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Julian Oliver PGP B6E9FD9A http://julianoliver.com http://criticalengineering.org -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] PGP is hard to use and needs stuff installed on your computer. Use PassLok instead.
@SteveWeis: - How do I communicate a password to Bob? Before I "get a crucial bit of information" to Bob, I need to first get a crucial bit of information to Bob? Alice should send her Lock (public key) to Bob rather than anything secret. - You assumed a keylogger is installed. If I type the password in the browser, isn't it compromised? Alice uses someone else's machine, or even stops someone on the street and uses his smartphone. Because PassLok doesn't need anything to be installed, this will work as well as if she used her own machine (except for the keylogger). - JavaScript is delivered from your server. How do I know it's not already compromised? Yes, I know you plan to write a plugin. Why not do that from the start instead of something immediately broken? This is the toughest problem, IMO. If Alice does not have a genuine copy of PassLok stashed in a cloud service somewhere, she will have to get it from a server, then verify it before use. I am publishing the SHA256 of the source code in the help.html companion page, which she can check using a separate utility. In order to prevent an attacker from changing this string as he changes the program, it would be best if they can be accessed from multiple sources or mirrors, so the attacker would have to change all of them. Any suggestions on this will be highly appreciated, for I realize this is a weakness. - You modified SJCL and added a 521-bit curve. How do I trust your changes? "You can audit my code" is not the answer I'm looking for -- I don't want to proof-read curve values from NIST documents I submitted the 521-bit parameters to the SJCL Google group a few months ago. Hopefully they will check them and eventually add them to the official SJCL code. In any case, having the wrong parameters would not necessarily make the code insecure, only non-standard as far as test vectors etc., which is a minor concern for one-to-one encryption. - No source. No docs. Untrusted third-party dependency on qrcode.js. qrcode.js is not called from a separate server, but is actually a part of the code so it can be inspected. PassLok does not call any external code at all. Not even images. The code is all in the one source file. I wonder about the usefulness of the QR code function, though, for it makes the program larger by about 30k and harder to inspect. Maybe you can tell me if having the ability to transfer public keys from phone to phone without Internet is worth the trouble. I also wonder whether using SHA512 instead of SHA256 for stamps (signatures) is worth the extra 10k of code that it entails. - I've seen dozens of JavaScript crypto projects like this over the years. How is this approach different from all the others that failed? I'm quite new to this, so I can't quite answer this question. I'm only familiar with Javascrypt, by John Walker, which only had symmetric AES encryption. PassLok started as an attempt to add public-key functions to Javascrypt. But if I had to guess, I'd say one problem they might have had is needing to contact outside servers or load outside code, which should be a no-no IMO. Excellent comments, though. I'm correcting the code based on all this feedback. Any other suggestions will be greatly appreciated. F. Ruiz On Fri, Jul 26, 2013 at 5:51 PM, Steve Weis wrote: > If you assume communications are monitored and your machine is > compromised, this has some fundamental flaws: > - How do I communicate a password to Bob? Before I "get a crucial bit > of information" to Bob, I need to first get a crucial bit of information > to Bob? > > - You assumed a keylogger is installed. If I type the password in the > browser, isn't it compromised? > > - JavaScript is delivered from your server. How do I know it's not > already compromised? Yes, I know you plan to write a plugin. Why not > do that from the start instead of something immediately broken? > > - You modified SJCL and added a 521-bit curve. How do I trust your > changes? "You can audit my code" is not the answer I'm looking for -- > I don't want to proof-read curve values from NIST documents. > > - No source. No docs. Untrusted third-party dependency on qrcode.js. > > - I've seen dozens of JavaScript crypto projects like this over the > years. How is this approach different from all the others that failed? > > On Fri, Jul 26, 2013 at 1:42 PM, Francisco Ruiz wrote: > > Scenario: you, Alice, realize you're under NSA surveillance. You need to > get > > a crucial bit of information to your friend Bob, right away. > > You've been using PGP, but now you suspect the NSA may have installed a > bug > > on your machine. Your keystrokes are being recorded. > -- > Too many emails? Unsubscribe, change to digest, or change password by > emailing moderator at compa...@stanford.edu or changing your settings at > https://mailman.stanford.edu/mailman/listinfo/liberationtech > -- Francisco Ruiz Associate Professor MMAE department Illinois Institute of Technology PL12lok=KpYv+bqJ7
Re: [liberationtech] PGP is hard to use and needs stuff installed on your computer. Use PassLok instead.
@JulianOliver: I've thought about having a more polished interface, including multilevel menus, etc. They've told me all of this would be possible with jquery. But then PassLok would have to call a (large) piece of outside code, which would violate the offline rule. It can probably be done with pure javascript, but my knowledge of the language doesn't go that far. Any suggestions will be appreciated. Thanks for your great comments. On Sat, Jul 27, 2013 at 8:07 AM, Julian Oliver wrote: > ..on Fri, Jul 26, 2013 at 03:42:02PM -0500, Francisco Ruiz wrote: > > Scenario: you, Alice, realize you're under NSA surveillance. You need to > > get a crucial bit of information to your friend Bob, right away. > > You've been using PGP, but now you suspect the NSA may have installed a > bug > > on your machine. Your keystrokes are being recorded. > > > > What can you do? Use PassLok instead. > > > > I wrote PassLok with three guiding principles in mind: > > 1. Absolutely nothing should be installed or even written in the > computer. > > Alice should be able to go to the local library or borrow someone else's > > smartphone, and leave no traces behind. > > 2. Best security available. No compromises. > > 3. Graphical interface. Only one screen, as clean as possible. > > > > Therefore, PassLok is written entirely in javascript. Once you load the > > page at https://passlok.site44.com (http://passlok.com redirects you > > there), you can save the file and you have PassLok even offline. You can > > view the source and convince yourself that it is not connecting with any > > server. If you know some cryptography, you can see that it is using the > > well-known SJCL routines for AES encryption/decryption and elliptic curve > > functions. Since the elliptic curves implemented in the current version > of > > SJCL only go up to the 384-bit NIST curve, I added the 521-bit NIST curve > > (equivalent to a 15000-bit RSA key in predicted security) so that PassLok > > uses that as a default. Even at 521 bits, the public keys are small, as > you > > can see from my lock (public key) below. > > > > PassLok performs public-key cryptography using the Diffie-Hellman key > > exchange rather than RSA, so you can use whatever secret key you want. > > Hopefully something that is both very hard to guess and easy to remember, > > so you never have to write it down. PassLok will help you to come up > with a > > strong key, but won't force you in any way. > > > > PassLok can sign and verify signatures, too (many PGP implementations, > such > > as Mailvelope, cannot), and can also include a second secret message > under > > a separate key, to beat the "rubberhose attack." If you are not sure > about > > the authenticity of something, PassLock can make a short ID that you can > > read over the phone. All of it from a single screen. > > > > I want people to use PassLok and uncover any bugs it might still have, > > before I move on to a Gmail plugin based on its engine. I believe it is > > already very secure and easy to use by those who know a little > > cryptography. Hopefully the metaphor used throughout PassLok, about locks > > and keys rather than private/public key pairs, will also make it usable > by > > novices. > > > > I'll appreciate any feedback you can give me. The link is repeated at the > > bottom. > > I haven't given it an audit but so far it appears to be a very nice > implementation. Congratulations. And yes, it passed the offline, locally > hosted > test ;) > > I feel clicking on the title 'Key / Lock Conbination' for instructions > would > baffle most people. The 'step by step instructions' page is good, but I > think it > could be more helpfully integrated. Perhaps you could have a drop-down > menu for > each use case, with instructions appearing as hints in each field. > > Again, great work and a great contribution! > > Cheers, > > -- > Julian Oliver > PGP B6E9FD9A > http://julianoliver.com > http://criticalengineering.org > -- > Too many emails? Unsubscribe, change to digest, or change password by > emailing moderator at compa...@stanford.edu or changing your settings at > https://mailman.stanford.edu/mailman/listinfo/liberationtech > -- Francisco Ruiz Associate Professor MMAE department Illinois Institute of Technology PL12lok=KpYv+bqJ7pq0eqC664UlIcwfl1P8f8p12NUqFdg2bQ2gTQTBuOo09BQs3GGiYOQUuQmtnoceAxJoSzjvYEYOM0q=PL12lok get the PassLok privacy app at: http://passlok.com -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] PGP is hard to use and needs stuff installed on your computer. Use PassLok instead.
On Sun, Jul 28, 2013 at 1:32 PM, Francisco Ruiz wrote: > - How do I communicate a password to Bob? Before I "get a crucial bit > of information" to Bob, I need to first get a crucial bit of information > to Bob? > > Alice should send her Lock (public key) to Bob rather than anything > secret. > How? At the very least Alice/Bob need an authenticated/trusted channel for this. If Alice sends Bob her "public key" over an untrusted channel, it can be intercepted by an MitM posing as Bob who can then intercept all traffic between Alice/Bob -- Tony Arcieri -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] PGP is hard to use and needs stuff installed on your computer. Use PassLok instead.
Or the Man in the middle can pose as Alice to Bob and Bob would think all subsequent communication with that person would be going to Alice. On Sun, Jul 28, 2013 at 5:01 PM, Tony Arcieri wrote: > On Sun, Jul 28, 2013 at 1:32 PM, Francisco Ruiz wrote: > >> - How do I communicate a password to Bob? Before I "get a crucial bit >> of information" to Bob, I need to first get a crucial bit of information >> to Bob? >> >> Alice should send her Lock (public key) to Bob rather than anything >> secret. >> > > How? At the very least Alice/Bob need an authenticated/trusted channel for > this. > > If Alice sends Bob her "public key" over an untrusted channel, it can be > intercepted by an MitM posing as Bob who can then intercept all traffic > between Alice/Bob > > -- > Tony Arcieri > > -- > Too many emails? Unsubscribe, change to digest, or change password by > emailing moderator at compa...@stanford.edu or changing your settings at > https://mailman.stanford.edu/mailman/listinfo/liberationtech > -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] PGP is hard to use and needs stuff installed on your computer. Use PassLok instead.
Tony Arcieri writes: >How? At the very least Alice/Bob need an authenticated/trusted channel >for this. > >If Alice sends Bob her "public key" over an untrusted channel, it can >be intercepted by an MitM posing as Bob who can then intercept all >traffic between Alice/Bob In the real world, one often has a temporary-but-secure channel with someone (e.g., you meet them in person briefly somewhere, with a trusted intermediary who knows both of you). Then later, you want to communicate securely with your new acquaintance. It doesn't mean MitM never happens. But let's not deny away real world scenarios by imposing theoretical limitations where they don't necessarily apply. Often when you want to communicate with someone, you already have some shared bit of context that allows you to bootstrap authenticated identities. -K -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] PGP is hard to use and needs stuff installed on your computer. Use PassLok instead.
@Tony On Sun, Jul 28, 2013 at 1:32 PM, Francisco Ruiz https://mailman.stanford.edu/mailman/listinfo/liberationtech>> wrote: >* - How do I communicate a password to Bob? Before I "get a crucial bit*>* of >information" to Bob, I need to first get a crucial bit of information*>* to >Bob?*>**>* Alice should send her Lock (public key) to Bob rather than >anything*>* secret.*>** How? At the very least Alice/Bob need an authenticated/trusted channel for this. If Alice sends Bob her "public key" over an untrusted channel, it can be intercepted by an MitM posing as Bob who can then intercept all traffic between Alice/Bob -- Tony Arcieri Hi Tony, I actually worried about this quite a bit. The best solution I could think of is making a hashed ID of the public key (PassLok has a button for that), which Alice/Bob can dictate over the phone, thus authenticating the key. Any other ideas? Francisco -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] PGP is hard to use and needs stuff installed on your computer. Use PassLok instead.
Hi. I think you're slowly reinventing PGP. Just to summarize what you have so far: 1. Alice and Bob each generate key pairs locally. 2. Both securely store their private keys. 3. Both generate hash values of their public keys. 4. Both mutually exchange public keys over an untrusted channel. 5. Both use some existing trusted communication channel to manually verify their keys. 6. Alice encrypts a password with Bob's public key and sends it to Bob. 7. Alice uses the password to encrypt a message using server-side code. 8. Bob decrypts the message with the password using server-side code. #1-#3 require client-side software and secure key storage. #5 assumes that there is a safe communications channel already. #6 is not forward secure. #7-#8 are vulnerable to attacks on the server. #8 is vulnerable to phishing. On Mon, Jul 29, 2013 at 1:52 PM, Francisco Ruiz wrote: > Hi Tony, I actually worried about this quite a bit. The best solution I > could think of is making a hashed ID > of the public key (PassLok has a button for that), which Alice/Bob can > dictate over the phone, thus authenticating > the key. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
