Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
clipperz: zero-knowledge web application
Search
Giulio Cesare Solaroli
January 20, 2011
Technology
1
160
clipperz: zero-knowledge web application
how JavaScript may help turning cloud privacy upside-down
Giulio Cesare Solaroli
January 20, 2011
Tweet
Share
More Decks by Giulio Cesare Solaroli
See All by Giulio Cesare Solaroli
Building Single Page Web Applications - JSDay 2013
gcsolaroli
2
1.6k
Other Decks in Technology
See All in Technology
Tech-Verse 2025 Keynote
lycorptech_jp
PRO
0
1.6k
製造業からパッケージ製品まで、あらゆる領域をカバー!生成AIを利用したテストシナリオ生成 / 20250627 Suguru Ishii
shift_evolve
PRO
1
160
Connect 100+を支える技術
kanyamaguc
0
170
OPENLOGI Company Profile
hr01
0
67k
無意味な開発生産性の議論から抜け出すための予兆検知とお金とAI
i35_267
2
8.9k
Lazy application authentication with Tailscale
bluehatbrit
0
140
高速なプロダクト開発を実現、創業期から掲げるエンタープライズアーキテクチャ
kawauso
2
6.3k
FOSS4G 2025 KANSAI QGISで点群データをいろいろしてみた
kou_kita
0
350
rubygem開発で鍛える設計力
joker1007
3
360
整頓のジレンマとの戦い〜Tidy First?で振り返る事業とキャリアの歩み〜/Fighting the tidiness dilemma〜Business and Career Milestones Reflected on in Tidy First?〜
bitkey
1
11k
改めてAWS WAFを振り返る~業務で使うためのポイント~
masakiokuda
1
210
Lambda Web Adapterについて自分なりに理解してみた
smt7174
5
150
Featured
See All Featured
Visualization
eitanlees
146
16k
Optimising Largest Contentful Paint
csswizardry
37
3.3k
Designing Experiences People Love
moore
142
24k
Fantastic passwords and where to find them - at NoRuKo
philnash
51
3.3k
Into the Great Unknown - MozCon
thekraken
39
1.9k
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
tammyeverts
5
240
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
29
9.5k
RailsConf 2023
tenderlove
30
1.1k
Adopting Sorbet at Scale
ufuk
77
9.4k
It's Worth the Effort
3n
185
28k
How to Think Like a Performance Engineer
csswizardry
24
1.7k
The Cost Of JavaScript in 2023
addyosmani
51
8.5k
Transcript
zero-knowledge web application turning cloud privacy upside-down clipperz Giulio Cesare
SOLAROLI
[email protected]
jse2011 - Paris, January 20 2011 Thursday, January 20, 2011 how JavaScript may help
clipperz project Thursday, January 20, 2011
clipperz project store (and share) personal data Thursday, January 20,
2011
clipperz project store (and share) personal data •reliable Thursday, January
20, 2011
clipperz project store (and share) personal data •reliable •secure Thursday,
January 20, 2011
clipperz project store (and share) personal data •reliable •secure •convenient
Thursday, January 20, 2011
reliable Thursday, January 20, 2011
reliable the “cloud” is definitely the most reliable way to
store data Thursday, January 20, 2011
secure Thursday, January 20, 2011
secure “host proof hosting” Thursday, January 20, 2011
secure “host proof hosting” concept defined around 2005 to merge
the reliability of cloud based storage and the security achievable using cryptography Thursday, January 20, 2011
convenient Thursday, January 20, 2011
convenient since GMail, convenient means “web based” Thursday, January 20,
2011
convenient since GMail, convenient means “web based” •nothing to install
Thursday, January 20, 2011
convenient since GMail, convenient means “web based” •nothing to install
•nothing to configure Thursday, January 20, 2011
clipperz project Thursday, January 20, 2011
clipperz project Thatʼs easy Thursday, January 20, 2011
clipperz project Thatʼs easy, isnʼt it? Thursday, January 20, 2011
clipperz project Thatʼs easy almost! , isnʼt it? Thursday, January
20, 2011
clipperz project Thatʼs easy almost! the devil hides in the
details , isnʼt it? Thursday, January 20, 2011
clipperz challenges Thursday, January 20, 2011
clipperz challenges achieve convenience Thursday, January 20, 2011
clipperz challenges achieve convenience keeping the system secure Thursday, January
20, 2011
clipperz challenges achieve convenience keeping the system secure •never trade
security for convenience Thursday, January 20, 2011
clipperz challenges achieve convenience keeping the system secure •never trade
security for convenience •being paranoid “only the paranoid survive” Thursday, January 20, 2011
cryptography very short compendium Thursday, January 20, 2011
cryptography Thursday, January 20, 2011
symmetric encryption scheme cryptography Thursday, January 20, 2011
symmetric encryption scheme •message cryptography Thursday, January 20, 2011
symmetric encryption scheme •message •algorithm cryptography Thursday, January 20, 2011
symmetric encryption scheme •message •algorithm •secret key cryptography Thursday, January
20, 2011
cryptography symmetric encryption Thursday, January 20, 2011
cryptography symmetric encryption Thursday, January 20, 2011
cryptography symmetric encryption Thursday, January 20, 2011
cryptography symmetric encryption Thursday, January 20, 2011
cryptography symmetric encryption Thursday, January 20, 2011
cryptography symmetric encryption Thursday, January 20, 2011
cryptography symmetric encryption Thursday, January 20, 2011
cryptography symmetric encryption Thursday, January 20, 2011
cryptography symmetric encryption Thursday, January 20, 2011
application anatomy Thursday, January 20, 2011
application anatomy zero-knowledge web app Thursday, January 20, 2011
application anatomy zero-knowledge web app aka host proof app Thursday,
January 20, 2011
application anatomy zero-knowledge web app aka host proof app •verifiable
codebase Thursday, January 20, 2011
application anatomy zero-knowledge web app aka host proof app •verifiable
codebase •no tampering Thursday, January 20, 2011
application anatomy zero-knowledge web app aka host proof app •verifiable
codebase •no tampering •wise password handling Thursday, January 20, 2011
verifiable codebase Thursday, January 20, 2011
verifiable codebase •all source code available for inspection https://github.com/clipperz Thursday,
January 20, 2011
verifiable codebase •all source code available for inspection https://github.com/clipperz •app
served as a single, static, HTML file Thursday, January 20, 2011
verifiable codebase •all source code available for inspection https://github.com/clipperz •app
served as a single, static, HTML file •browsers do not support checksum verification #fail Thursday, January 20, 2011
no tampering Thursday, January 20, 2011
no tampering application code should not be modifiable by any
data returned by the server Thursday, January 20, 2011
no tampering application code should not be modifiable by any
data returned by the server •javascript is very dynamic Thursday, January 20, 2011
no tampering application code should not be modifiable by any
data returned by the server •javascript is very dynamic •eval(…) is your enemy here Thursday, January 20, 2011
password handling Thursday, January 20, 2011
password handling password should never be sent to server Thursday,
January 20, 2011
password handling password should never be sent to server •SRP
authentication Thursday, January 20, 2011
password handling password should never be sent to server •SRP
authentication •only verifiers are stored and exchanged Thursday, January 20, 2011
security tradeoffs Thursday, January 20, 2011
security tradeoffs features Thursday, January 20, 2011
security tradeoffs features security Thursday, January 20, 2011
security tradeoffs features security Thursday, January 20, 2011
security tradeoffs features security Thursday, January 20, 2011
being paranoid Thursday, January 20, 2011
being paranoid clipperz does not store neither the password, Thursday,
January 20, 2011
being paranoid clipperz does not store neither the password, nor
the username Thursday, January 20, 2011
being paranoid clipperz does not store neither the password, nor
the username •users can still login! #ftw Thursday, January 20, 2011
being paranoid clipperz does not store neither the password, nor
the username •users can still login! #ftw •multiple accounts can share the same username! #wtf Thursday, January 20, 2011
features?! Thursday, January 20, 2011
features?! password manager Thursday, January 20, 2011
features?! password manager playground to test how far this architecture
could go Thursday, January 20, 2011
features?! password manager playground to test how far this architecture
could go • features Thursday, January 20, 2011
features?! password manager playground to test how far this architecture
could go • features • convenience Thursday, January 20, 2011
features?! password manager playground to test how far this architecture
could go • features • convenience • reliability Thursday, January 20, 2011
features!! Thursday, January 20, 2011
features!! direct logins Thursday, January 20, 2011
features!! direct logins one-click access to most sites #ftw Thursday,
January 20, 2011
features!! direct logins one-click access to most sites ✘ some
#cool ✓ Thursday, January 20, 2011
features!! Thursday, January 20, 2011
features!! one time password Thursday, January 20, 2011
features!! one time password access your data without typing your
password Thursday, January 20, 2011
features!! one time password access your data without typing your
password great for using clipperz from an internet caffè Thursday, January 20, 2011
features!! Thursday, January 20, 2011
features!! offline copy Thursday, January 20, 2011
features!! offline copy full application (including your own data) packed
into a single html file Thursday, January 20, 2011
features!! offline copy full application (including your own data) packed
into a single html file no external resources used Thursday, January 20, 2011
features!! Thursday, January 20, 2011
hidden features!! Thursday, January 20, 2011
hidden features!! hashcash Thursday, January 20, 2011
hidden features!! hashcash avoid bots access without bothering users with
nasty capcha puzzles Thursday, January 20, 2011
odd side effects!! Thursday, January 20, 2011
odd side effects!! no page reload Thursday, January 20, 2011
odd side effects!! no page reload otherwise credential values are
lost, and the user needs to type them in again #fail Thursday, January 20, 2011
odd side effects!! Thursday, January 20, 2011
odd side effects!! no fancy web-2.0 mash-ups Thursday, January 20,
2011
odd side effects!! no fancy web-2.0 mash-ups difficult to integrate
into other products without relaxing security concerns Thursday, January 20, 2011
odd side effects!! no fancy web-2.0 mash-ups difficult to integrate
into other products without relaxing security concerns and we are paranoid! Thursday, January 20, 2011
clipperz http://www.clipperz.com
[email protected]
THANKS Thursday, January 20, 2011