Client side encryption

Jan 22 2013

Create a site that encrypts user/password combinations, or short pieces of text, through javascript before uploading them.
That way we can have a simple, and safe, way of handling passwords.

For storing passwords one can use for instance Keepass, which is a fat client.  It can then backup and distribute its database through, for instance, Dropbox.
This solution is good in the way that the password only exists on your machine.  If you have an open source encrypter (e.g. Keepass) you should be quite safe.  Next step is the database backup and distributor (e.g. Dropbox) which lies outside your control.  Here we rely on the encryption by the fat client being safe enough.
To use this solution one must install both Dropbox and Keepass and configure them both.  Not too big of a job but still something that must be done.

Another solution is one of the web based password storage sites.  But they all rely on us relying on them.  Security wise this is considered a bad choice.
The installation for this solution is non-existant.

Why not use the web based solution but let your password be encrypted on the client, through javascript.  Javascript is by its nature visible so it is not hard to check that the code looks ok.
I write “ok” because encryption/decryption is not something one learns over night and such code cannot be inspected and fully understood during a coffee break.  But that is what internet is for.  If a sites boasts about strong client side encryption it is not hard to inspect and if it gets some traction more eyes will inspect.

Update: it looks like Mega has done this.

No responses yet

Leave a Reply