I have written a fairly long article, entitled “Can a Tabula Recta provide security in the XXI Century?” combining several posts from this website. The overarching assumption is that, in a world where connected computers are everywhere, we may get to a point where no electronic means within a given person’s reach can be trusted. What then? Use low-tech means that have been tweaked and optimized using computers, to stand against computer-aided attack if if comes to that. You can find the article here.
Some time ago, a user named Steven uncovered a weakness in the FibonaRNG cipher, leading to this other post as a reply. At that time, I did not think that FibonaRNG needed to be strengthened, but recently I have realized that it would not be very difficult to remove that weakness. The result is PolyCrypt. The “Poly” bit comes from the fact that it can not only add security, but also remove it, making it a good platform to test classic human-computable ciphers.
I confess that the development of PassLok learned a lot from a competing app called MiniLock, by Nadim Kobeissi. That app got a lot of press when it was launched 9 years ago but is now defunct. In fact, its successor is also defunct, and so is its successor’s successor. Meanwhile PassLok continues delivering various crypto-related functions and spawning new children. This post collects some of that history and tries to get at the root causes for such a diverse outcome. Morale: sometimes slower is better.
I have mentioned my new app for adding zero-knowledge encryption to file sharing services that don’t have it natively in this and this other post. Right now I have a group of alpha testers uncovering bugs, and the first one coming in is that the instructions on the app itself are rather terse. This post hopefully will help users as well as group administrators.
Problem: A well-defined group of people formerly working at a single location used to pass along pieces of paper containing confidential information so group members could comment and expand. But after covid they find it hard to get together in one place and, since every member has a computer, they would like to be able to do it online. But confidentiality remains very important, along with integrity of the information. What can they do?
Chances are that by now many readers will have moved on to Two-Factor Authentication (2FA) for their most sensitive logins. The industry has been relentless in its support of this feature, sometimes forcing it on you for your own good. But not everything has been a field of daisies. I had a near-miss this very morning, which encouraged me to write this cautionary tale and offer some solutions you may find useful.
It’s a fairly small change, but one that may mean much. The versions I just pushed out include an icon on the toolbar, plus sometimes a special button, in order to download encrypted and decrypted files loaded in the box as a link. This gets around the file size restriction of the right-click and “save as…” method that was used until now, especially on Chrome. I’ve been able to load and save files over 1 GB in size. Then you can attach them to a regular email, for instance. This affects the following apps: PassLok Privacy, PassLok for Email, PassLok Universal, FusionKey, SeeOnce, and URSA.
It’s been a while without an update, but now here’s one that may be bigger than it appears at first. PassLok has moved to version 2.5, which allows users to share their Locks with friends nearby via a QR code. The picture here contains my Lock, in case you want to communicate with me through PassLok.