Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
clipperz: zero-knowledge web application
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Giulio Cesare Solaroli
January 20, 2011
Technology
1
170
clipperz: zero-knowledge web application
how JavaScript may help turning cloud privacy upside-down
Giulio Cesare Solaroli
January 20, 2011
Tweet
Share
More Decks by Giulio Cesare Solaroli
See All by Giulio Cesare Solaroli
Building Single Page Web Applications - JSDay 2013
gcsolaroli
2
1.6k
Other Decks in Technology
See All in Technology
AWS Network Firewall Proxyを触ってみた
nagisa53
1
220
ブロックテーマでサイトをリニューアルした話 / 2026-01-31 Kansai WordPress Meetup
torounit
0
460
OWASP Top 10:2025 リリースと 少しの日本語化にまつわる裏話
okdt
PRO
3
660
GitHub Issue Templates + Coding Agentで簡単みんなでIaC/Easy IaC for Everyone with GitHub Issue Templates + Coding Agent
aeonpeople
1
220
変化するコーディングエージェントとの現実的な付き合い方 〜Cursor安定択説と、ツールに依存しない「資産」〜
empitsu
4
1.4k
こんなところでも(地味に)活躍するImage Modeさんを知ってるかい?- Image Mode for OpenShift -
tsukaman
0
130
小さく始めるBCP ― 多プロダクト環境で始める最初の一歩
kekke_n
1
400
Amazon S3 Vectorsを使って資格勉強用AIエージェントを構築してみた
usanchuu
3
450
AI駆動開発を事業のコアに置く
tasukuonizawa
1
170
Frontier Agents (Kiro autonomous agent / AWS Security Agent / AWS DevOps Agent) の紹介
msysh
3
170
Azure Durable Functions で作った NL2SQL Agent の精度向上に取り組んだ話/jat08
thara0402
0
180
Claude_CodeでSEOを最適化する_AI_Ops_Community_Vol.2__マーケティングx_AIはここまで進化した.pdf
riku_423
2
550
Featured
See All Featured
Chasing Engaging Ingredients in Design
codingconduct
0
110
Applied NLP in the Age of Generative AI
inesmontani
PRO
4
2k
From π to Pie charts
rasagy
0
120
Paper Plane
katiecoart
PRO
0
46k
Visual Storytelling: How to be a Superhuman Communicator
reverentgeek
2
430
How to Build an AI Search Optimization Roadmap - Criteria and Steps to Take #SEOIRL
aleyda
1
1.9k
The browser strikes back
jonoalderson
0
370
Tips & Tricks on How to Get Your First Job In Tech
honzajavorek
0
430
jQuery: Nuts, Bolts and Bling
dougneiner
65
8.4k
Designing for humans not robots
tammielis
254
26k
New Earth Scene 8
popppiees
1
1.5k
Visualization
eitanlees
150
17k
Transcript
zero-knowledge web application turning cloud privacy upside-down clipperz Giulio Cesare
SOLAROLI
[email protected]
jse2011 - Paris, January 20 2011 Thursday, January 20, 2011 how JavaScript may help
clipperz project Thursday, January 20, 2011
clipperz project store (and share) personal data Thursday, January 20,
2011
clipperz project store (and share) personal data •reliable Thursday, January
20, 2011
clipperz project store (and share) personal data •reliable •secure Thursday,
January 20, 2011
clipperz project store (and share) personal data •reliable •secure •convenient
Thursday, January 20, 2011
reliable Thursday, January 20, 2011
reliable the “cloud” is definitely the most reliable way to
store data Thursday, January 20, 2011
secure Thursday, January 20, 2011
secure “host proof hosting” Thursday, January 20, 2011
secure “host proof hosting” concept defined around 2005 to merge
the reliability of cloud based storage and the security achievable using cryptography Thursday, January 20, 2011
convenient Thursday, January 20, 2011
convenient since GMail, convenient means “web based” Thursday, January 20,
2011
convenient since GMail, convenient means “web based” •nothing to install
Thursday, January 20, 2011
convenient since GMail, convenient means “web based” •nothing to install
•nothing to configure Thursday, January 20, 2011
clipperz project Thursday, January 20, 2011
clipperz project Thatʼs easy Thursday, January 20, 2011
clipperz project Thatʼs easy, isnʼt it? Thursday, January 20, 2011
clipperz project Thatʼs easy almost! , isnʼt it? Thursday, January
20, 2011
clipperz project Thatʼs easy almost! the devil hides in the
details , isnʼt it? Thursday, January 20, 2011
clipperz challenges Thursday, January 20, 2011
clipperz challenges achieve convenience Thursday, January 20, 2011
clipperz challenges achieve convenience keeping the system secure Thursday, January
20, 2011
clipperz challenges achieve convenience keeping the system secure •never trade
security for convenience Thursday, January 20, 2011
clipperz challenges achieve convenience keeping the system secure •never trade
security for convenience •being paranoid “only the paranoid survive” Thursday, January 20, 2011
cryptography very short compendium Thursday, January 20, 2011
cryptography Thursday, January 20, 2011
symmetric encryption scheme cryptography Thursday, January 20, 2011
symmetric encryption scheme •message cryptography Thursday, January 20, 2011
symmetric encryption scheme •message •algorithm cryptography Thursday, January 20, 2011
symmetric encryption scheme •message •algorithm •secret key cryptography Thursday, January
20, 2011
cryptography symmetric encryption Thursday, January 20, 2011
cryptography symmetric encryption Thursday, January 20, 2011
cryptography symmetric encryption Thursday, January 20, 2011
cryptography symmetric encryption Thursday, January 20, 2011
cryptography symmetric encryption Thursday, January 20, 2011
cryptography symmetric encryption Thursday, January 20, 2011
cryptography symmetric encryption Thursday, January 20, 2011
cryptography symmetric encryption Thursday, January 20, 2011
cryptography symmetric encryption Thursday, January 20, 2011
application anatomy Thursday, January 20, 2011
application anatomy zero-knowledge web app Thursday, January 20, 2011
application anatomy zero-knowledge web app aka host proof app Thursday,
January 20, 2011
application anatomy zero-knowledge web app aka host proof app •verifiable
codebase Thursday, January 20, 2011
application anatomy zero-knowledge web app aka host proof app •verifiable
codebase •no tampering Thursday, January 20, 2011
application anatomy zero-knowledge web app aka host proof app •verifiable
codebase •no tampering •wise password handling Thursday, January 20, 2011
verifiable codebase Thursday, January 20, 2011
verifiable codebase •all source code available for inspection https://github.com/clipperz Thursday,
January 20, 2011
verifiable codebase •all source code available for inspection https://github.com/clipperz •app
served as a single, static, HTML file Thursday, January 20, 2011
verifiable codebase •all source code available for inspection https://github.com/clipperz •app
served as a single, static, HTML file •browsers do not support checksum verification #fail Thursday, January 20, 2011
no tampering Thursday, January 20, 2011
no tampering application code should not be modifiable by any
data returned by the server Thursday, January 20, 2011
no tampering application code should not be modifiable by any
data returned by the server •javascript is very dynamic Thursday, January 20, 2011
no tampering application code should not be modifiable by any
data returned by the server •javascript is very dynamic •eval(…) is your enemy here Thursday, January 20, 2011
password handling Thursday, January 20, 2011
password handling password should never be sent to server Thursday,
January 20, 2011
password handling password should never be sent to server •SRP
authentication Thursday, January 20, 2011
password handling password should never be sent to server •SRP
authentication •only verifiers are stored and exchanged Thursday, January 20, 2011
security tradeoffs Thursday, January 20, 2011
security tradeoffs features Thursday, January 20, 2011
security tradeoffs features security Thursday, January 20, 2011
security tradeoffs features security Thursday, January 20, 2011
security tradeoffs features security Thursday, January 20, 2011
being paranoid Thursday, January 20, 2011
being paranoid clipperz does not store neither the password, Thursday,
January 20, 2011
being paranoid clipperz does not store neither the password, nor
the username Thursday, January 20, 2011
being paranoid clipperz does not store neither the password, nor
the username •users can still login! #ftw Thursday, January 20, 2011
being paranoid clipperz does not store neither the password, nor
the username •users can still login! #ftw •multiple accounts can share the same username! #wtf Thursday, January 20, 2011
features?! Thursday, January 20, 2011
features?! password manager Thursday, January 20, 2011
features?! password manager playground to test how far this architecture
could go Thursday, January 20, 2011
features?! password manager playground to test how far this architecture
could go • features Thursday, January 20, 2011
features?! password manager playground to test how far this architecture
could go • features • convenience Thursday, January 20, 2011
features?! password manager playground to test how far this architecture
could go • features • convenience • reliability Thursday, January 20, 2011
features!! Thursday, January 20, 2011
features!! direct logins Thursday, January 20, 2011
features!! direct logins one-click access to most sites #ftw Thursday,
January 20, 2011
features!! direct logins one-click access to most sites ✘ some
#cool ✓ Thursday, January 20, 2011
features!! Thursday, January 20, 2011
features!! one time password Thursday, January 20, 2011
features!! one time password access your data without typing your
password Thursday, January 20, 2011
features!! one time password access your data without typing your
password great for using clipperz from an internet caffè Thursday, January 20, 2011
features!! Thursday, January 20, 2011
features!! offline copy Thursday, January 20, 2011
features!! offline copy full application (including your own data) packed
into a single html file Thursday, January 20, 2011
features!! offline copy full application (including your own data) packed
into a single html file no external resources used Thursday, January 20, 2011
features!! Thursday, January 20, 2011
hidden features!! Thursday, January 20, 2011
hidden features!! hashcash Thursday, January 20, 2011
hidden features!! hashcash avoid bots access without bothering users with
nasty capcha puzzles Thursday, January 20, 2011
odd side effects!! Thursday, January 20, 2011
odd side effects!! no page reload Thursday, January 20, 2011
odd side effects!! no page reload otherwise credential values are
lost, and the user needs to type them in again #fail Thursday, January 20, 2011
odd side effects!! Thursday, January 20, 2011
odd side effects!! no fancy web-2.0 mash-ups Thursday, January 20,
2011
odd side effects!! no fancy web-2.0 mash-ups difficult to integrate
into other products without relaxing security concerns Thursday, January 20, 2011
odd side effects!! no fancy web-2.0 mash-ups difficult to integrate
into other products without relaxing security concerns and we are paranoid! Thursday, January 20, 2011
clipperz http://www.clipperz.com
[email protected]
THANKS Thursday, January 20, 2011
gcsolaroli
nagisa53
torounit
okdt
aeonpeople
empitsu
tsukaman
kekke_n
usanchuu
tasukuonizawa
msysh
thara0402
riku_423
codingconduct
inesmontani
rasagy
katiecoart
reverentgeek
aleyda
jonoalderson
honzajavorek
dougneiner
tammielis
popppiees
eitanlees
![clipperz http://www.clipperz.com [email protected] THANKS Thursday, January 20, 2011](https://files.speakerdeck.com/presentations/5013df434667b300020449f2/slide_97.jpg){kind=link}