clipperz

Authentication is an essential part of any web application. But why are web service providers so secretive about their authentication protocols and procedures? Why they are not disclosing any information about how users’ credentials are communicated, verified and stored?

Clipperz Compact is a stripped down version of Clipperz online password manager designed to be opened in the Firefox sidebar. Its purpose is to keep your collection of “direct logins” always at hand. [UPDATE - Clipperz Compact works smoothly also in Opera’s panel.]

Clipperz online password manager is a cryptographic system designed and built to achieve a 128-bit security level. This could be an obscure statement and I will try to clarify it.

Recently we received several inquiries about our business model. How is Clipperz going to make money? From a security point of view this is a very sensible question to ask. The basic answer is: we really don’t know yet.

Many things happened in the last two weeks! You have probably seen many small and big changes at Clipperz website. As a result www.clipperz.com is no longer just a blog, but the home of a new online password manager. So, it’s time for a brief recap.

Slashdot says that NIST is planning to augment and revise the current Secure Hash Standard. Due to recent attacks on the SHA-1 hash function specified in FIPS 180-2, Secure Hash Standard, NIST is initiating an effort to develop one or more additional hash algorithms through a public competition, similar to the development process for the Advanced Encryption Standard (AES). In a recent interview to this blog, Vincent Rijmen of AES fame declared to be working mostly on hash functions: “[…] there are very interesting developments going on in the cryptanalysis of hash functions.

Vincent Rijmen is the belgian cryptographer that, together with Joan Daemen, developed the Rijndael block cipher. Their achievement was so remarkable that it was chosen by the National Institute of Standards and Technology of the United States (NIST) and ratified as a new standard, the Advanced Encryption Standard or simply AES.

At Clipperz we are huge fan of cryptography as a tool to empower users and protect freedom, therefore we are beholden to all the people who contributed to the development of this science. Among them a special thanks goes to Tom Wu who invented SRP, the Secure Remote Password protocol, at Stanford University during the late nineties. Today SRP is a widely appreciate authentication method and it is our choice for Clipperz online password manager. Tom Wu was so kind to answer some of our questions about SRP and its chances to gain even more traction in the future.

Prof. Eugene Spafford in his latest post talks about MyBlackBook, an unusual web service whose mission is “to provide people with a place to store their sexual history, partners, and experiences in a safe, secure and confidential place”. This New York based venture moved from the assumption that “one out of three people have some kind of sex log” mostly kept on paper. A solution that is hard to maintain and troublesome to protect from prying eyes.

During the last two days I had a chance to test drive Freenigma, the recently released email encryption service for webmail users. What I like more of Freenigma is its “Johnny can encrypt” approach. For the average Johnny, cryptography is insanely complex, while Freenigma makes a point of hiding this complexity under a very simple user interface.