Upgrade to Pro — share decks privately, control downloads, hide ads and more …

clipperz: zero-knowledge web application

Sponsored · SiteGround - Reliable hosting with speed, security, and support you can count on.
Avatar for Giulio Cesare Solaroli Giulio Cesare Solaroli
January 20, 2011
Technology
170
1

clipperz: zero-knowledge web application

how JavaScript may help turning cloud privacy upside-down

Avatar for Giulio Cesare Solaroli

Giulio Cesare Solaroli

January 20, 2011

More Decks by Giulio Cesare Solaroli

See All by Giulio Cesare Solaroli
Building Single Page Web Applications - JSDay 2013
Avatar for Giulio Cesare Solaroli gcsolaroli
2
1.6k

Other Decks in Technology

See All in Technology
はじめてのDatadog
Avatar for KairiM kairim0
0
270
「嘘をつくテスト」の失敗例から学ぶ 良いテストコード #frontend_phpcon_do
Avatar for asumikam asumikam
0
160
Javaで学ぶSOLID原則
Avatar for Negima negima
1
270
関西に縁あるMicrosoft MVPsが語るCopilotの未来
Avatar for Kaz Asada | しがない情シス kasada
0
1k
Ruby::Boxでできること、Refinementsでできること
Avatar for Tomohiro Hashidate joker1007
3
380
AI-DLCを活用した高品質・安全なAI駆動開発実践 / AI Driven Development with AI-DLC
Avatar for 吉田真吾 yoshidashingo
0
110
MIERUNE JCT 発表資料「宇宙から伊能忠敬ごっこ」
Avatar for じゃらしまる syuchimu
0
140
さきさん文庫の書籍ができるまで
Avatar for H.Saki sakiengineer
0
340
最低限これだけ押さえれ大丈夫_Claude Enterprise/Team企業展開ガバナンス入門
Avatar for t-kikuchi tkikuchi
1
720
ChatworkとBPaaS 異なる特性で学んだAI機能開発の ベストプラクティス
Avatar for kubell kubell_hr
2
2.3k
AIガバナンス実践 - 生成AIコネクタのデータ漏洩リスクと実務対策
Avatar for 西岡 賢一郎 (Kenichiro Nishioka) knishioka
0
170
ルールやカスタム機能、どう使う?理想の出力を引き出すために今知りたいIBM Bob 5つの機能
Avatar for mu (Mizuho Uehara) muehara
1
310

Featured

See All Featured
Max Prin - Stacking Signals: How International SEO Comes Together (And Falls Apart)
Avatar for Tech SEO Connect techseoconnect
PRO
0
170
The Art of Programming - Codeland 2020
Avatar for Erika Heidi erikaheidi
57
14k
Prompt Engineering for Job Search
Avatar for Mfonobong Umondia mfonobong
0
330
Making the Leap to Tech Lead
Avatar for Ryan Cromwell cromwellryan
135
9.9k
Lightning Talk: Beautiful Slides for Beginners
Avatar for Ines Montani inesmontani
PRO
2
570
Practical Orchestrator
Avatar for Shlomi Noach shlominoach
191
11k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
Avatar for Chris Coyier chriscoyier
508
140k
Abbi's Birthday
Avatar for Violet Bock coloredviolet
2
7.9k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
Avatar for Vitaly Friedman smashingmag
254
22k
Building Applications with DynamoDB
Avatar for Matt Wood mza
96
7.1k
A Soul's Torment
Avatar for Nat Ma seathinner
6
2.9k
Building Flexible Design Systems
Avatar for Yesenia Perez-Cruz yeseniaperezcruz
330
40k

Transcript

  1. zero-knowledge web application turning cloud privacy upside-down clipperz Giulio Cesare

    SOLAROLI [email protected] jse2011 - Paris, January 20 2011 Thursday, January 20, 2011 how JavaScript may help

  2. clipperz project Thursday, January 20, 2011

  3. clipperz project store (and share) personal data Thursday, January 20,

    2011

  4. clipperz project store (and share) personal data •reliable Thursday, January

    20, 2011

  5. clipperz project store (and share) personal data •reliable •secure Thursday,

    January 20, 2011

  6. clipperz project store (and share) personal data •reliable •secure •convenient

    Thursday, January 20, 2011

  7. reliable Thursday, January 20, 2011

  8. reliable the “cloud” is definitely the most reliable way to

    store data Thursday, January 20, 2011

  9. secure Thursday, January 20, 2011

  10. secure “host proof hosting” Thursday, January 20, 2011

  11. secure “host proof hosting” concept defined around 2005 to merge

    the reliability of cloud based storage and the security achievable using cryptography Thursday, January 20, 2011

  12. convenient Thursday, January 20, 2011

  13. convenient since GMail, convenient means “web based” Thursday, January 20,

    2011

  14. convenient since GMail, convenient means “web based” •nothing to install

    Thursday, January 20, 2011

  15. convenient since GMail, convenient means “web based” •nothing to install

    •nothing to configure Thursday, January 20, 2011

  16. clipperz project Thursday, January 20, 2011

  17. clipperz project Thatʼs easy Thursday, January 20, 2011

  18. clipperz project Thatʼs easy, isnʼt it? Thursday, January 20, 2011

  19. clipperz project Thatʼs easy almost! , isnʼt it? Thursday, January

    20, 2011

  20. clipperz project Thatʼs easy almost! the devil hides in the

    details , isnʼt it? Thursday, January 20, 2011

  21. clipperz challenges Thursday, January 20, 2011

  22. clipperz challenges achieve convenience Thursday, January 20, 2011

  23. clipperz challenges achieve convenience keeping the system secure Thursday, January

    20, 2011

  24. clipperz challenges achieve convenience keeping the system secure •never trade

    security for convenience Thursday, January 20, 2011

  25. clipperz challenges achieve convenience keeping the system secure •never trade

    security for convenience •being paranoid “only the paranoid survive” Thursday, January 20, 2011

  26. cryptography very short compendium Thursday, January 20, 2011

  27. cryptography Thursday, January 20, 2011

  28. symmetric encryption scheme cryptography Thursday, January 20, 2011

  29. symmetric encryption scheme •message cryptography Thursday, January 20, 2011

  30. symmetric encryption scheme •message •algorithm cryptography Thursday, January 20, 2011

  31. symmetric encryption scheme •message •algorithm •secret key cryptography Thursday, January

    20, 2011

  32. cryptography symmetric encryption Thursday, January 20, 2011

  33. cryptography symmetric encryption Thursday, January 20, 2011

  34. cryptography symmetric encryption Thursday, January 20, 2011

  35. cryptography symmetric encryption Thursday, January 20, 2011

  36. cryptography symmetric encryption Thursday, January 20, 2011

  37. cryptography symmetric encryption Thursday, January 20, 2011

  38. cryptography symmetric encryption Thursday, January 20, 2011

  39. cryptography symmetric encryption Thursday, January 20, 2011

  40. cryptography symmetric encryption Thursday, January 20, 2011

  41. application anatomy Thursday, January 20, 2011

  42. application anatomy zero-knowledge web app Thursday, January 20, 2011

  43. application anatomy zero-knowledge web app aka host proof app Thursday,

    January 20, 2011

  44. application anatomy zero-knowledge web app aka host proof app •verifiable

    codebase Thursday, January 20, 2011

  45. application anatomy zero-knowledge web app aka host proof app •verifiable

    codebase •no tampering Thursday, January 20, 2011

  46. application anatomy zero-knowledge web app aka host proof app •verifiable

    codebase •no tampering •wise password handling Thursday, January 20, 2011

  47. verifiable codebase Thursday, January 20, 2011

  48. verifiable codebase •all source code available for inspection https://github.com/clipperz Thursday,

    January 20, 2011

  49. verifiable codebase •all source code available for inspection https://github.com/clipperz •app

    served as a single, static, HTML file Thursday, January 20, 2011

  50. verifiable codebase •all source code available for inspection https://github.com/clipperz •app

    served as a single, static, HTML file •browsers do not support checksum verification #fail Thursday, January 20, 2011

  51. no tampering Thursday, January 20, 2011

  52. no tampering application code should not be modifiable by any

    data returned by the server Thursday, January 20, 2011

  53. no tampering application code should not be modifiable by any

    data returned by the server •javascript is very dynamic Thursday, January 20, 2011

  54. no tampering application code should not be modifiable by any

    data returned by the server •javascript is very dynamic •eval(…) is your enemy here Thursday, January 20, 2011

  55. password handling Thursday, January 20, 2011

  56. password handling password should never be sent to server Thursday,

    January 20, 2011

  57. password handling password should never be sent to server •SRP

    authentication Thursday, January 20, 2011

  58. password handling password should never be sent to server •SRP

    authentication •only verifiers are stored and exchanged Thursday, January 20, 2011

  59. security tradeoffs Thursday, January 20, 2011

  60. security tradeoffs features Thursday, January 20, 2011

  61. security tradeoffs features security Thursday, January 20, 2011

  62. security tradeoffs features security Thursday, January 20, 2011

  63. security tradeoffs features security Thursday, January 20, 2011

  64. being paranoid Thursday, January 20, 2011

  65. being paranoid clipperz does not store neither the password, Thursday,

    January 20, 2011

  66. being paranoid clipperz does not store neither the password, nor

    the username Thursday, January 20, 2011

  67. being paranoid clipperz does not store neither the password, nor

    the username •users can still login! #ftw Thursday, January 20, 2011

  68. being paranoid clipperz does not store neither the password, nor

    the username •users can still login! #ftw •multiple accounts can share the same username! #wtf Thursday, January 20, 2011

  69. features?! Thursday, January 20, 2011

  70. features?! password manager Thursday, January 20, 2011

  71. features?! password manager playground to test how far this architecture

    could go Thursday, January 20, 2011

  72. features?! password manager playground to test how far this architecture

    could go • features Thursday, January 20, 2011

  73. features?! password manager playground to test how far this architecture

    could go • features • convenience Thursday, January 20, 2011

  74. features?! password manager playground to test how far this architecture

    could go • features • convenience • reliability Thursday, January 20, 2011

  75. features!! Thursday, January 20, 2011

  76. features!! direct logins Thursday, January 20, 2011

  77. features!! direct logins one-click access to most sites #ftw Thursday,

    January 20, 2011

  78. features!! direct logins one-click access to most sites ✘ some

    #cool ✓ Thursday, January 20, 2011

  79. features!! Thursday, January 20, 2011

  80. features!! one time password Thursday, January 20, 2011

  81. features!! one time password access your data without typing your

    password Thursday, January 20, 2011

  82. features!! one time password access your data without typing your

    password great for using clipperz from an internet caffè Thursday, January 20, 2011

  83. features!! Thursday, January 20, 2011

  84. features!! offline copy Thursday, January 20, 2011

  85. features!! offline copy full application (including your own data) packed

    into a single html file Thursday, January 20, 2011

  86. features!! offline copy full application (including your own data) packed

    into a single html file no external resources used Thursday, January 20, 2011

  87. features!! Thursday, January 20, 2011

  88. hidden features!! Thursday, January 20, 2011

  89. hidden features!! hashcash Thursday, January 20, 2011

  90. hidden features!! hashcash avoid bots access without bothering users with

    nasty capcha puzzles Thursday, January 20, 2011

  91. odd side effects!! Thursday, January 20, 2011

  92. odd side effects!! no page reload Thursday, January 20, 2011

  93. odd side effects!! no page reload otherwise credential values are

    lost, and the user needs to type them in again #fail Thursday, January 20, 2011

  94. odd side effects!! Thursday, January 20, 2011

  95. odd side effects!! no fancy web-2.0 mash-ups Thursday, January 20,

    2011

  96. odd side effects!! no fancy web-2.0 mash-ups difficult to integrate

    into other products without relaxing security concerns Thursday, January 20, 2011

  97. odd side effects!! no fancy web-2.0 mash-ups difficult to integrate

    into other products without relaxing security concerns and we are paranoid! Thursday, January 20, 2011

  98. clipperz http://www.clipperz.com [email protected] THANKS Thursday, January 20, 2011