PassLok did it first, and now SeeOnce and URSA have followed. Both are available as extension/addon at the Chrome and Firefox web stores. They are just one click away, and are protected from interference by other code running on the browser. These are the links for SeeOnce: Chrome, Firefox, and for URSA: Chrome, Firefox. And, for good measure, PassLok: Chrome, Firefox, and PassLok for Email: Chrome, Firefox. Read More
Category: Crypto
Cryptography, steganography, and related apps
We’re doing passwords wrong!
You suspected it all along, and now it’s official: the “experts” have been forcing us to use passwords the wrong way. Among those practices that actually decrease security: adding weird characters to your text-based password, forcing people to change their password after a certain number of days or logins. The revelation comes from a recent document from NIST. Now there’s only hope that Government websites will start adopting the new guidelines (they’re the worst perpetrators).
In this article, I am repeating much of what I already said in this other article, but with less technical jargon and a few more months available for testing.
Page Cage released
Ever got a funny feeling when your password manager popped up offering to save a login that you thought was really, really confidential? Well, you should get it, because this is a sign that the app is able to see everything you’re doing. The developer of this app could get hacked (or the developer of any add-on or extension you’re using, for that matter), and then all your precious logins would be sent to some hacker’s computer without your noticing anything amiss. That is, until you look at your bank account and find that all your life’s savings have been sent to an account in Cayman Islands.
Page Cage is here to help you with that. It won’t work always, but it will work with a number of sites. Read More
PassLok Privacy becomes an extension/addon
PassLok has had a Chrome app version since 2.0, but now Google has announced that packaged Chrome apps will be discontinued in early 2018. Rather than wait for the blade to fall, we have worked hard to keep the nice features of hosting PassLok though Chrome, and we are adding Firefox in the process. Read More
Cryptanalyzing FibonaRNG
Sorry about the title. This post is motivated by Steven’s comments to the “What is Randomness?” post, where he describes a way that the current paper-and-pencil cipher champion, FibonaRNG, could be broken. Rather than responding with more comments, I thought a whole new post on the issue would make more sense, since it’s going to be rather long. For those who prefer the short version: yes, what Steven says would work, but not very well, although it looks like it should. Read on if you prefer the long version.
Read More
Current version of URSA
Current version of URSA is: 4.2.3
Made on 10/8/18
Main source: https://passlok.com/ursa
SHA256 string for web source (single html file):
4170-5554-df6d-056b-9b3a-c32c-7b92-10c2-4ab9-71b7-21c9-1d7a-81b1-60a2-639f-424a
See the author reading this:
Low-tech high-security passwords
You’ve seen this advice many times: use a different password for each website you log into, including lowercase, capitals, numbers, and special symbols. Change it often. If you don’t, a hacker that breaks into one of those websites might be able to get into your bank account and your Facebook page, emptying the first of money and filling the second with child porn. But I’d bet you don’t do it because it’s just too hard to come up with a good password for each website, and then remember it. In this post, I’ll be telling you a paper-and-pencil trick derived from one whose author is none other than Turing award winner Manuel Blum, but far less taxing on your brain. Read More
PassLok in the News
PassLok is once again getting some attention in the news, so I thought it would be a good idea to collect some of the things that have been said in a post. Some of the titles from major tech outlets: “PassLok Simplifies Email Encryption so Anyone Can Use It” (lifehacker.com), “PassLock (sic): Easy Email Encryption for Everyone” (makeuseof.com). Read More
Tabula Prava
In Latin, “Tabula Prava” means “crooked table.” This is a play on “Tabula Recta” (straight table), which is a grid full of letters used in a number of classic ciphers, including the Vigenère cipher. Tabula Prava is the straightforward combination of a high-entropy key derivation algorithm, which I published earlier on this blog, and the FibonaRNG cipher, also published here. The result is a very secure cipher that is still quite fast and easy to use with pencil and paper. Read More
Et Tu, WhatsApp
The “unthinkable” has happened: it is alleged that WhatsApp has a backdoor in its end-to-end encryption, and nobody has actually been getting any security all along. All of this while using the acclaimed “open source” Signal protocol. This article will not break any news, but hopefully will make you think and be safer as a result.
Hint: it has all to do with the quotes in the first two sentences. Read More