Upgrade to Pro — share decks privately, control downloads, hide ads and more …

clipperz: zero-knowledge web application

Avatar for Giulio Cesare Solaroli Giulio Cesare Solaroli
January 20, 2011
Technology
1
170

clipperz: zero-knowledge web application

how JavaScript may help turning cloud privacy upside-down

Avatar for Giulio Cesare Solaroli

Giulio Cesare Solaroli

January 20, 2011
Tweet

More Decks by Giulio Cesare Solaroli

See All by Giulio Cesare Solaroli
Building Single Page Web Applications - JSDay 2013
Avatar for Giulio Cesare Solaroli gcsolaroli
2
1.6k

Other Decks in Technology

See All in Technology
業務の煩悩を祓うAI活用術108選 / AI 108 Usages
Avatar for 株式会社スマートバンク smartbank
9
19k
チームで安全にClaude Codeを利用するためのプラクティス / team-claude-code-practices
Avatar for tomoki10 tomoki10
6
2.6k
プロンプトエンジニアリングを超えて:自由と統制のあいだでつくる Platform × Context Engineering
Avatar for yuriemori yuriemori
0
160
テストセンター受験、オンライン受験、どっちなんだい?
Avatar for Yuuki Yamashita yama3133
0
200
2025年 山梨の技術コミュニティを振り返る
Avatar for しみず ゆうき yuukis
0
150
Bill One 開発エンジニア 紹介資料
Avatar for Sansan, Inc. sansan33
PRO
4
17k
Qiita Bash アドカレ LT #1
Avatar for Kaoru okaru
0
170
ECS_EKS以外の選択肢_ROSA入門_.pdf
Avatar for モブエンジニア(Masaki Okuda) masakiokuda
1
120
ハッカソンから社内プロダクトへ AIエージェント ko☆shi 開発で学んだ4つの重要要素
Avatar for Tech Leverages leveragestech
0
560
1万人を変え日本を変える!!多層構造型ふりかえりの大規模組織変革 / 20260108 Kazuki Mori
Avatar for SHIFT EVOLVE shift_evolve
PRO
5
820
2025年の医用画像AI/AI×medical_imaging_in_2025_generated_by_AI
Avatar for YoshihiroTodoroki tdys13
0
310
Oracle Database@Google Cloud:サービス概要のご紹介
Avatar for oracle4engineer oracle4engineer
PRO
1
830

Featured

See All Featured
Mozcon NYC 2025: Stop Losing SEO Traffic
Avatar for Sam Torres samtorres
0
110
Stewardship and Sustainability of Urban and Community Forests
Avatar for Eric Wiseman pwiseman
0
92
Building AI with AI
Avatar for Ines Montani inesmontani
PRO
1
610
Darren the Foodie - Storyboard
Avatar for Kevinho.art khoart
PRO
1
2.1k
Applied NLP in the Age of Generative AI
Avatar for Ines Montani inesmontani
PRO
3
2k
New Earth Scene 8
Avatar for Sydney Stone popppiees
0
1.3k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
Avatar for Vitaly Friedman smashingmag
254
22k
Breaking role norms: Why Content Design is so much more than writing copy - Taylor Woolridge
Avatar for UX Y'all uxyall
0
130
The browser strikes back
Avatar for Jono Alderson jonoalderson
0
290
From π to Pie charts
Avatar for Rasagy Sharma rasagy
0
100
Paper Plane (Part 1)
Avatar for Katie Cordina Lindsey katiecoart
PRO
0
2.8k
Game over? The fight for quality and originality in the time of robots
Avatar for Wayne Barker wayneb77
1
74

Transcript

  1. zero-knowledge web application turning cloud privacy upside-down clipperz Giulio Cesare

    SOLAROLI [email protected] jse2011 - Paris, January 20 2011 Thursday, January 20, 2011 how JavaScript may help

  2. clipperz project Thursday, January 20, 2011

  3. clipperz project store (and share) personal data Thursday, January 20,

    2011

  4. clipperz project store (and share) personal data •reliable Thursday, January

    20, 2011

  5. clipperz project store (and share) personal data •reliable •secure Thursday,

    January 20, 2011

  6. clipperz project store (and share) personal data •reliable •secure •convenient

    Thursday, January 20, 2011

  7. reliable Thursday, January 20, 2011

  8. reliable the “cloud” is definitely the most reliable way to

    store data Thursday, January 20, 2011

  9. secure Thursday, January 20, 2011

  10. secure “host proof hosting” Thursday, January 20, 2011

  11. secure “host proof hosting” concept defined around 2005 to merge

    the reliability of cloud based storage and the security achievable using cryptography Thursday, January 20, 2011

  12. convenient Thursday, January 20, 2011

  13. convenient since GMail, convenient means “web based” Thursday, January 20,

    2011

  14. convenient since GMail, convenient means “web based” •nothing to install

    Thursday, January 20, 2011

  15. convenient since GMail, convenient means “web based” •nothing to install

    •nothing to configure Thursday, January 20, 2011

  16. clipperz project Thursday, January 20, 2011

  17. clipperz project Thatʼs easy Thursday, January 20, 2011

  18. clipperz project Thatʼs easy, isnʼt it? Thursday, January 20, 2011

  19. clipperz project Thatʼs easy almost! , isnʼt it? Thursday, January

    20, 2011

  20. clipperz project Thatʼs easy almost! the devil hides in the

    details , isnʼt it? Thursday, January 20, 2011

  21. clipperz challenges Thursday, January 20, 2011

  22. clipperz challenges achieve convenience Thursday, January 20, 2011

  23. clipperz challenges achieve convenience keeping the system secure Thursday, January

    20, 2011

  24. clipperz challenges achieve convenience keeping the system secure •never trade

    security for convenience Thursday, January 20, 2011

  25. clipperz challenges achieve convenience keeping the system secure •never trade

    security for convenience •being paranoid “only the paranoid survive” Thursday, January 20, 2011

  26. cryptography very short compendium Thursday, January 20, 2011

  27. cryptography Thursday, January 20, 2011

  28. symmetric encryption scheme cryptography Thursday, January 20, 2011

  29. symmetric encryption scheme •message cryptography Thursday, January 20, 2011

  30. symmetric encryption scheme •message •algorithm cryptography Thursday, January 20, 2011

  31. symmetric encryption scheme •message •algorithm •secret key cryptography Thursday, January

    20, 2011

  32. cryptography symmetric encryption Thursday, January 20, 2011

  33. cryptography symmetric encryption Thursday, January 20, 2011

  34. cryptography symmetric encryption Thursday, January 20, 2011

  35. cryptography symmetric encryption Thursday, January 20, 2011

  36. cryptography symmetric encryption Thursday, January 20, 2011

  37. cryptography symmetric encryption Thursday, January 20, 2011

  38. cryptography symmetric encryption Thursday, January 20, 2011

  39. cryptography symmetric encryption Thursday, January 20, 2011

  40. cryptography symmetric encryption Thursday, January 20, 2011

  41. application anatomy Thursday, January 20, 2011

  42. application anatomy zero-knowledge web app Thursday, January 20, 2011

  43. application anatomy zero-knowledge web app aka host proof app Thursday,

    January 20, 2011

  44. application anatomy zero-knowledge web app aka host proof app •verifiable

    codebase Thursday, January 20, 2011

  45. application anatomy zero-knowledge web app aka host proof app •verifiable

    codebase •no tampering Thursday, January 20, 2011

  46. application anatomy zero-knowledge web app aka host proof app •verifiable

    codebase •no tampering •wise password handling Thursday, January 20, 2011

  47. verifiable codebase Thursday, January 20, 2011

  48. verifiable codebase •all source code available for inspection https://github.com/clipperz Thursday,

    January 20, 2011

  49. verifiable codebase •all source code available for inspection https://github.com/clipperz •app

    served as a single, static, HTML file Thursday, January 20, 2011

  50. verifiable codebase •all source code available for inspection https://github.com/clipperz •app

    served as a single, static, HTML file •browsers do not support checksum verification #fail Thursday, January 20, 2011

  51. no tampering Thursday, January 20, 2011

  52. no tampering application code should not be modifiable by any

    data returned by the server Thursday, January 20, 2011

  53. no tampering application code should not be modifiable by any

    data returned by the server •javascript is very dynamic Thursday, January 20, 2011

  54. no tampering application code should not be modifiable by any

    data returned by the server •javascript is very dynamic •eval(…) is your enemy here Thursday, January 20, 2011

  55. password handling Thursday, January 20, 2011

  56. password handling password should never be sent to server Thursday,

    January 20, 2011

  57. password handling password should never be sent to server •SRP

    authentication Thursday, January 20, 2011

  58. password handling password should never be sent to server •SRP

    authentication •only verifiers are stored and exchanged Thursday, January 20, 2011

  59. security tradeoffs Thursday, January 20, 2011

  60. security tradeoffs features Thursday, January 20, 2011

  61. security tradeoffs features security Thursday, January 20, 2011

  62. security tradeoffs features security Thursday, January 20, 2011

  63. security tradeoffs features security Thursday, January 20, 2011

  64. being paranoid Thursday, January 20, 2011

  65. being paranoid clipperz does not store neither the password, Thursday,

    January 20, 2011

  66. being paranoid clipperz does not store neither the password, nor

    the username Thursday, January 20, 2011

  67. being paranoid clipperz does not store neither the password, nor

    the username •users can still login! #ftw Thursday, January 20, 2011

  68. being paranoid clipperz does not store neither the password, nor

    the username •users can still login! #ftw •multiple accounts can share the same username! #wtf Thursday, January 20, 2011

  69. features?! Thursday, January 20, 2011

  70. features?! password manager Thursday, January 20, 2011

  71. features?! password manager playground to test how far this architecture

    could go Thursday, January 20, 2011

  72. features?! password manager playground to test how far this architecture

    could go • features Thursday, January 20, 2011

  73. features?! password manager playground to test how far this architecture

    could go • features • convenience Thursday, January 20, 2011

  74. features?! password manager playground to test how far this architecture

    could go • features • convenience • reliability Thursday, January 20, 2011

  75. features!! Thursday, January 20, 2011

  76. features!! direct logins Thursday, January 20, 2011

  77. features!! direct logins one-click access to most sites #ftw Thursday,

    January 20, 2011

  78. features!! direct logins one-click access to most sites ✘ some

    #cool ✓ Thursday, January 20, 2011

  79. features!! Thursday, January 20, 2011

  80. features!! one time password Thursday, January 20, 2011

  81. features!! one time password access your data without typing your

    password Thursday, January 20, 2011

  82. features!! one time password access your data without typing your

    password great for using clipperz from an internet caffè Thursday, January 20, 2011

  83. features!! Thursday, January 20, 2011

  84. features!! offline copy Thursday, January 20, 2011

  85. features!! offline copy full application (including your own data) packed

    into a single html file Thursday, January 20, 2011

  86. features!! offline copy full application (including your own data) packed

    into a single html file no external resources used Thursday, January 20, 2011

  87. features!! Thursday, January 20, 2011

  88. hidden features!! Thursday, January 20, 2011

  89. hidden features!! hashcash Thursday, January 20, 2011

  90. hidden features!! hashcash avoid bots access without bothering users with

    nasty capcha puzzles Thursday, January 20, 2011

  91. odd side effects!! Thursday, January 20, 2011

  92. odd side effects!! no page reload Thursday, January 20, 2011

  93. odd side effects!! no page reload otherwise credential values are

    lost, and the user needs to type them in again #fail Thursday, January 20, 2011

  94. odd side effects!! Thursday, January 20, 2011

  95. odd side effects!! no fancy web-2.0 mash-ups Thursday, January 20,

    2011

  96. odd side effects!! no fancy web-2.0 mash-ups difficult to integrate

    into other products without relaxing security concerns Thursday, January 20, 2011

  97. odd side effects!! no fancy web-2.0 mash-ups difficult to integrate

    into other products without relaxing security concerns and we are paranoid! Thursday, January 20, 2011

  98. clipperz http://www.clipperz.com [email protected] THANKS Thursday, January 20, 2011