PassLok for Email updated to v. 0.5

It doesn’t look like much judging by the number, but this is a huge update, which deserves a special announcement. As usual, you can add it to your browser from these links:

Chrome: https://chrome.google.com/webstore/detail/passlok-for-email/ehakihemolfjgbbfhkbjgahppbhecclh

Firefox: https://addons.mozilla.org/en-US/firefox/addon/passlok-for-email/

PassLok for Email has grown to over 1000 users, which puts it in the 90th percentile for Chrome and Firefox extensions. Thanks to all users for their continued support. Since version 0.4.16 looked like it could not be polished further, I worked on removing a vulnerability that might be serious at some point, as the app becomes more and more popular. It is this: the windows and dialogs generated by the app were injected into the email page itself, which is very convenient for programming and looks nice, but exposes users’ passwords and decrypted data to the code of the email page itself. In other words if, say, Google started getting peeved at being unable to read what Gmail users are sending each other, it could add code to the Gmail page to read the data contained in PassLok’s screens. Not the code or the data held in memory, though, only what is displayed, but this is bad enough. I don’t think Google (or Yahoo, or Microsoft) have PassLok in their radar yet, but this is a vulnerability nonetheless.

So I moved the code out of the email page and into a separate popup window, which also collects passwords and displays everything else. This was easier said than done because now the code was split into three different parts (content script, background script, and the popup itself), that had to talk to each other reliably. It took me over a month of intensive coding, but now it’s done (with bugs I haven’t yet found, no doubt) and available as version 0.5, which should update automatically if PassLok for Email s already installed. Users will notice that the PassLok dialogs can move out of the email window, and little else. No need to re-sync the Lock database or do anything unusual.

But version 0.5 adds a few further enhancements for free. The first is the Anonymous encryption mode, which is the default in PassLok Privacy but was not previously included in PassLok for Email. Anonymous mode is selected via a radio button before clicking any of the Encrypt buttons (default is still Signed mode), and is automatically detected when decrypting. In anonymous mode, encrypted messages do not contain the sender’s Lock (PassLok’s lingo for “public key”), and indeed is pretty much impossible to tell who sent them. This can come in handy when the sender is using a dummy email account, if he/she suspects his regular account is being monitored. Recipients do not have an automatic way to confirm that the sender is who he/she claims to be, however, so they should handle Anonymous mode messages with care. The heading of the message tells recipients what kind it is, plus PassLok reminds them that they just decrypted an Anonymous message.

And, then, PassLok for Email 0.5 allows the use of a shared Password to encrypt the message, rather than rely on the automatic exchange of Locks (or public keys). Unlike the user Password that PassLok requests when decrypting a Signed, Read-once, Anonymous, or Chat-starting message, which is never to be shared with anyone else, shared Passwords are expected to be known to both sender and recipients. This, of course, begs the question of how is this password is going to be shared securely, to begin with, but it is possible that there have been a previous face-to-face meeting where this password has been agreed upon, so why not have the option available? Shared Password mode is also selected via a radio button prior to encryption, and pops an additional dialog to request the shared Password (which is never stored anywhere, even temporarily) as soon as encryption or decryption begins.

Shared Password mode is in fact a collection of three very different encryption methods, which are selected automatically depending on how the shared Password is constructed:

  1. Most shared Passwords will trigger the regular method, which uses the well-known, and so far believed to be secure Xsalsa20 stream cipher (a part of the NaCl encryption suite, also in use in the regular PassLok modes).
  2. A very long shared Password (around 5 times the length of the message itself) triggers Pad mode, where the long password (typically, a piece of text extracted from an agreed-upon source) is hashed into a pseudorandom keystream. This method is similar to that of the “one time pads” used by spies during the Cold War, and invented by the guy on the right, which has been proven to absolutely impossible to crack, no matter how many millions of years of computer time you throw at it. To be used where utmost security against a powerful adversary (say, the NSA or the KGB) is needed.
  3. A shared Password consisting of three pieces of text joined by tildes (example: “short but very~powerful~password”) triggers Human mode, which can actually be performed by hand, with pencil and paper. The underlying algorithm is very similar to that of the FibonaRNG cipher, presented some time ago on this blog. You can learn all the details, with your own examples, at this web page: https://passlok.com/human . Who would use this mode? It might be you, if you find that your computer, or the recipient’s on the other side, is bugged and you can do nothing about it. If you encrypt (or decrypt) by hand using this mode, even if you transmit the encrypted message by regular email using a compromised machine the buggers will never get your secret, no matter how hard they try.

All of these modes have been available in PassLok Privacy, URSA, and FusionKey for a while, so you may be familiar with them already. The implementation in PassLok for Email is compatible with those so that messages encrypted in those apps can be decrypted in PassLok for Email, and vice-versa.

Now that PassLok for Email 0.5 is released, work will concentrate on “PassLok Universal,” a new app melding PassLok for Email and SynthPass, much like FusionKey melded PassLok Privacy and SynthPass. It will feel a lot like PassLok for Email 0.5, except that it will work with any web mail service, not just Gmail, Yahoo and Outlook, and will fill passwords as well. Should be out in a month or so.

Please report any bugs you encounter, so I can fix them. Enjoy!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.