Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
clipperz: zero-knowledge web application
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Giulio Cesare Solaroli
January 20, 2011
Technology
170
1
Share
clipperz: zero-knowledge web application
how JavaScript may help turning cloud privacy upside-down
Giulio Cesare Solaroli
January 20, 2011
More Decks by Giulio Cesare Solaroli
See All by Giulio Cesare Solaroli
Building Single Page Web Applications - JSDay 2013
gcsolaroli
2
1.6k
Other Decks in Technology
See All in Technology
Do Ruby::Box dream of Modular Monolith?
joker1007
1
310
Introduction to Sansan for Engineers / エンジニア向け会社紹介
sansan33
PRO
6
74k
Claude Code を安全に使おう勉強会 / Claude Code Security Basics
masahirokawahara
2
21k
AIを共同作業者にして書籍を執筆する方法 / How to Write a Book with AI as a Co-Creator
ama_ch
2
130
猫でもわかるKiro CLI(CDKコーディング編)
kentapapa
1
130
みんなで作るAWS Tips 100連発 (FinOps編)
schwrzktz
1
280
60分で学ぶ最新Webフロントエンド
mizdra
PRO
34
18k
AI バイブコーティングでキーボード不要?!
samakada
0
280
Revisiting [CLS] and Patch Token Interaction in Vision Transformers
yu4u
0
330
No Types Needed, Just Callable Method Check
dak2
1
110
ハーネスエンジニアリングの概要と設計思想
sergicalsix
9
4.2k
Introduction to Bill One Development Engineer
sansan33
PRO
0
410
Featured
See All Featured
The innovator’s Mindset - Leading Through an Era of Exponential Change - McGill University 2025
jdejongh
PRO
1
160
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
12
1.6k
Making the Leap to Tech Lead
cromwellryan
135
9.8k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
16
1.9k
KATA
mclloyd
PRO
35
15k
Become a Pro
speakerdeck
PRO
31
5.9k
Why Your Marketing Sucks and What You Can Do About It - Sophie Logan
marketingsoph
0
130
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
25
1.9k
Believing is Seeing
oripsolob
1
110
How to Ace a Technical Interview
jacobian
281
24k
Color Theory Basics | Prateek | Gurzu
gurzu
0
290
Code Reviewing Like a Champion
maltzj
528
40k
Transcript
zero-knowledge web application turning cloud privacy upside-down clipperz Giulio Cesare
SOLAROLI
[email protected]
jse2011 - Paris, January 20 2011 Thursday, January 20, 2011 how JavaScript may help
clipperz project Thursday, January 20, 2011
clipperz project store (and share) personal data Thursday, January 20,
2011
clipperz project store (and share) personal data •reliable Thursday, January
20, 2011
clipperz project store (and share) personal data •reliable •secure Thursday,
January 20, 2011
clipperz project store (and share) personal data •reliable •secure •convenient
Thursday, January 20, 2011
reliable Thursday, January 20, 2011
reliable the “cloud” is definitely the most reliable way to
store data Thursday, January 20, 2011
secure Thursday, January 20, 2011
secure “host proof hosting” Thursday, January 20, 2011
secure “host proof hosting” concept defined around 2005 to merge
the reliability of cloud based storage and the security achievable using cryptography Thursday, January 20, 2011
convenient Thursday, January 20, 2011
convenient since GMail, convenient means “web based” Thursday, January 20,
2011
convenient since GMail, convenient means “web based” •nothing to install
Thursday, January 20, 2011
convenient since GMail, convenient means “web based” •nothing to install
•nothing to configure Thursday, January 20, 2011
clipperz project Thursday, January 20, 2011
clipperz project Thatʼs easy Thursday, January 20, 2011
clipperz project Thatʼs easy, isnʼt it? Thursday, January 20, 2011
clipperz project Thatʼs easy almost! , isnʼt it? Thursday, January
20, 2011
clipperz project Thatʼs easy almost! the devil hides in the
details , isnʼt it? Thursday, January 20, 2011
clipperz challenges Thursday, January 20, 2011
clipperz challenges achieve convenience Thursday, January 20, 2011
clipperz challenges achieve convenience keeping the system secure Thursday, January
20, 2011
clipperz challenges achieve convenience keeping the system secure •never trade
security for convenience Thursday, January 20, 2011
clipperz challenges achieve convenience keeping the system secure •never trade
security for convenience •being paranoid “only the paranoid survive” Thursday, January 20, 2011
cryptography very short compendium Thursday, January 20, 2011
cryptography Thursday, January 20, 2011
symmetric encryption scheme cryptography Thursday, January 20, 2011
symmetric encryption scheme •message cryptography Thursday, January 20, 2011
symmetric encryption scheme •message •algorithm cryptography Thursday, January 20, 2011
symmetric encryption scheme •message •algorithm •secret key cryptography Thursday, January
20, 2011
cryptography symmetric encryption Thursday, January 20, 2011
cryptography symmetric encryption Thursday, January 20, 2011
cryptography symmetric encryption Thursday, January 20, 2011
cryptography symmetric encryption Thursday, January 20, 2011
cryptography symmetric encryption Thursday, January 20, 2011
cryptography symmetric encryption Thursday, January 20, 2011
cryptography symmetric encryption Thursday, January 20, 2011
cryptography symmetric encryption Thursday, January 20, 2011
cryptography symmetric encryption Thursday, January 20, 2011
application anatomy Thursday, January 20, 2011
application anatomy zero-knowledge web app Thursday, January 20, 2011
application anatomy zero-knowledge web app aka host proof app Thursday,
January 20, 2011
application anatomy zero-knowledge web app aka host proof app •verifiable
codebase Thursday, January 20, 2011
application anatomy zero-knowledge web app aka host proof app •verifiable
codebase •no tampering Thursday, January 20, 2011
application anatomy zero-knowledge web app aka host proof app •verifiable
codebase •no tampering •wise password handling Thursday, January 20, 2011
verifiable codebase Thursday, January 20, 2011
verifiable codebase •all source code available for inspection https://github.com/clipperz Thursday,
January 20, 2011
verifiable codebase •all source code available for inspection https://github.com/clipperz •app
served as a single, static, HTML file Thursday, January 20, 2011
verifiable codebase •all source code available for inspection https://github.com/clipperz •app
served as a single, static, HTML file •browsers do not support checksum verification #fail Thursday, January 20, 2011
no tampering Thursday, January 20, 2011
no tampering application code should not be modifiable by any
data returned by the server Thursday, January 20, 2011
no tampering application code should not be modifiable by any
data returned by the server •javascript is very dynamic Thursday, January 20, 2011
no tampering application code should not be modifiable by any
data returned by the server •javascript is very dynamic •eval(…) is your enemy here Thursday, January 20, 2011
password handling Thursday, January 20, 2011
password handling password should never be sent to server Thursday,
January 20, 2011
password handling password should never be sent to server •SRP
authentication Thursday, January 20, 2011
password handling password should never be sent to server •SRP
authentication •only verifiers are stored and exchanged Thursday, January 20, 2011
security tradeoffs Thursday, January 20, 2011
security tradeoffs features Thursday, January 20, 2011
security tradeoffs features security Thursday, January 20, 2011
security tradeoffs features security Thursday, January 20, 2011
security tradeoffs features security Thursday, January 20, 2011
being paranoid Thursday, January 20, 2011
being paranoid clipperz does not store neither the password, Thursday,
January 20, 2011
being paranoid clipperz does not store neither the password, nor
the username Thursday, January 20, 2011
being paranoid clipperz does not store neither the password, nor
the username •users can still login! #ftw Thursday, January 20, 2011
being paranoid clipperz does not store neither the password, nor
the username •users can still login! #ftw •multiple accounts can share the same username! #wtf Thursday, January 20, 2011
features?! Thursday, January 20, 2011
features?! password manager Thursday, January 20, 2011
features?! password manager playground to test how far this architecture
could go Thursday, January 20, 2011
features?! password manager playground to test how far this architecture
could go • features Thursday, January 20, 2011
features?! password manager playground to test how far this architecture
could go • features • convenience Thursday, January 20, 2011
features?! password manager playground to test how far this architecture
could go • features • convenience • reliability Thursday, January 20, 2011
features!! Thursday, January 20, 2011
features!! direct logins Thursday, January 20, 2011
features!! direct logins one-click access to most sites #ftw Thursday,
January 20, 2011
features!! direct logins one-click access to most sites ✘ some
#cool ✓ Thursday, January 20, 2011
features!! Thursday, January 20, 2011
features!! one time password Thursday, January 20, 2011
features!! one time password access your data without typing your
password Thursday, January 20, 2011
features!! one time password access your data without typing your
password great for using clipperz from an internet caffè Thursday, January 20, 2011
features!! Thursday, January 20, 2011
features!! offline copy Thursday, January 20, 2011
features!! offline copy full application (including your own data) packed
into a single html file Thursday, January 20, 2011
features!! offline copy full application (including your own data) packed
into a single html file no external resources used Thursday, January 20, 2011
features!! Thursday, January 20, 2011
hidden features!! Thursday, January 20, 2011
hidden features!! hashcash Thursday, January 20, 2011
hidden features!! hashcash avoid bots access without bothering users with
nasty capcha puzzles Thursday, January 20, 2011
odd side effects!! Thursday, January 20, 2011
odd side effects!! no page reload Thursday, January 20, 2011
odd side effects!! no page reload otherwise credential values are
lost, and the user needs to type them in again #fail Thursday, January 20, 2011
odd side effects!! Thursday, January 20, 2011
odd side effects!! no fancy web-2.0 mash-ups Thursday, January 20,
2011
odd side effects!! no fancy web-2.0 mash-ups difficult to integrate
into other products without relaxing security concerns Thursday, January 20, 2011
odd side effects!! no fancy web-2.0 mash-ups difficult to integrate
into other products without relaxing security concerns and we are paranoid! Thursday, January 20, 2011
clipperz http://www.clipperz.com
[email protected]
THANKS Thursday, January 20, 2011
gcsolaroli
joker1007
sansan33
masahirokawahara
ama_ch
kentapapa
schwrzktz
mizdra
samakada
yu4u
dak2
sergicalsix
jdejongh
tammyeverts
cromwellryan
reverentgeek
mclloyd
speakerdeck
marketingsoph
honnibal
oripsolob
jacobian
gurzu
maltzj
![clipperz http://www.clipperz.com [email protected] THANKS Thursday, January 20, 2011](https://files.speakerdeck.com/presentations/5013df434667b300020449f2/slide_97.jpg){kind=link}