An introduction to Clipperz online password manager

  • 24,513 views
Uploaded on

Clipperz is an online password manager that launched in April 2007 and since then gained a growing community of users and a solid reputation among privacy and security experts. …

Clipperz is an online password manager that launched in April 2007 and since then gained a growing community of users and a solid reputation among privacy and security experts.
How did that happened? 
Why is people trusting an online service with their most valuable information?
This document will present the brief but fascinating history of the first 
zero-knowledge web application.

More in: Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
24,513
On Slideshare
0
From Embeds
0
Number of Embeds
32

Actions

Shares
Downloads
28
Comments
0
Likes
7

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. f! el s ur yo to a t da ur clipperz yo ep ke online password manager discover zero-knowledge web-apps
  • 2. clipperz History of a password manager Clipperz is an online password manager that launched in April 2007 and since then gained a growing community of users and a solid reputation among privacy and security experts. How did that happened? Why is people trusting an online service with their most valuable information? This document will present the brief but fascinating history of the first zero-knowledge web application.
  • 3. clipperz A few questions ...
  • 4. clipperz #1 Would you give your health records to Google or Microsoft? ays Its Google and New Microsoft Go ogle S alth Platform Microsoft Look to Service Stores He Early Change Health Health Records Is Due In 2008 Care Online
  • 5. clipperz #2 Do you trust web casinos? How about playing poker online? AbsolutePoker probed The Absolut for insider n e cheating ightmare
  • 6. clipperz #3 Would you write your next business plan with an online word processor?
  • 7. clipperz #4, #5, #6, ... Can you have a real off-the-record conversation on the web? How do you feel about using an online personal finance manager? Would you keeping your company knowledge-base on a hosted wiki?
  • 8. clipperz The problem Web applications are very convenient. But what about privacy, security and ultimately freedom? It’s still your data! You should have exclusive ownership and control. Today you have no choice, but trust web application providers.
  • 9. clipperz A simple answer ...
  • 10. clipperz The solution Zero-knowledge web apps: online services that know nothing about their users They look and behave like regular web apps, but hide a strong cryptographic engine entirely built and executed within the browser. Nothing to install! Nothing new to learn! Nothing revealed to the server!
  • 11. clipperz How it works - 1 What happens when you use a zero-knowledge web application? The server delivers a huge block of Javascript 1 to your browser. This block contains both the application code and the crypto-engine. The key used by the crypto-engine is known 2 only by you and it’s never transmitted to the server. Once the application is loaded, all the data you 3 enter are encrypted by the browser itself before being sent to the server.
  • 12. clipperz Under the hood Clipperz uses advanced AJAX techniques to turn every browser into a strong encryption tool. Authentication protocol: SRP Symmetric encryption: AES-256 Hashing: Double SHA-256 Random number generator: Fortuna Public key encryption: Diffie-Hellman Elliptic curve cryptography (ECC) n ... Shamir secret sharing schemes s oo i ng Search on remote encrypted data C om Clipperz guarantees a 128-bit security level
  • 13. clipperz OK, but does it work? Which should be the first problem to be solved using a zero-knowledge approach? If Clipperz can convince people to store online their passwords, then I would say that zero-knowledge apps do work! OK! Let’s see!
  • 14. clipperz Enter Clipperz, the online password manager
  • 15. clipperz Password fatigue? Solved! April 2007 Clipperz launches an online password manager Clipperz is your web Rolodex: a card index where you can enter any sort of confidential data without worrying about security. It can be used to store and freely organize passwords, confidential notes, burglar alarm codes, credit and debit card details, PINs, software keys, … May 2010 40,000 subscribers, 600,000 passwords managed
  • 16. clipperz Amazing features 1-click login - Safely log into websites from your Clipperz account with just one click. No need to remember or type the password. Just click and go! offline version - Traveling a lot? Afraid of downtimes? With Clipperz offline version your data are always at hand! Co m completely anonymous iPhone version in one-time passwords tags and search g so import & export revamped interface on password generator secret sharing ... sidebar version more languages Much more than simply storing your passwords!
  • 17. clipperz Why Clipperz is different Zero learning curve Clipperz, unlike other excellent password managers, provide the highest standards of data protection while not requiring any technical literacy or understanding of cryptography issues on the users’ part. Appearing like a regular web application, it’s familiar to users. Nothing to install. Offline versions. No Java, no Flash. Ubiquitous access. Open source. Multiple languages.
  • 18. clipperz Main screen
  • 19. clipperz Card details
  • 20. clipperz Compact version for sidebar
  • 21. clipperz What they say about Clipperz
  • 22. clipperz Recent coverage /1 Clipperz, zero-knowledge apps, cloud computing and SaaS «I see a use for Clipperz technology at virtually every SaaS company. It's somewhat surprising that companies have been storing corporate data on servers belonging to Google, SugarCRM, Salesforce.com, Yahoo/ Zimbra, without these capabilities.» InfoWorld (April 22, 2008)
  • 23. clipperz Recent coverage /2 Keeping Hosted Data Secure from Its Host «The "zero-knowledge" algorithm and protocol are designed to be fully auditable by the user. The JavaScript crypto library they use is open- licensed and freely available. I'd love to see that sort of security become standard for any web application that stores user data!» Wired (April 23, 2008)
  • 24. clipperz Recent coverage /3 Richard Stallman and Clipperz promoting freedom in the cloud “Clipperz and RMS urge web developers to adopt the new AGPL license and build their applications using a 'zero-knowledge architecture'. A smooth path toward web apps based on free software that know nothing about you and your data.” Slashdot (Jun 30, 2008)
  • 25. clipperz Plotting the road ahead ...
  • 26. clipperz Strategy Personal password management it’s not easy to monetize. But it does solve a real need. Credentials and sensitive data management for organizations does have a great business potential! Therefore Clipperz plans to follow a this path ... Clipperz for end users - Improving the present 1 password management service while keeping it free (both as in beer and freedom). Clipperz for workgroups - Charge companies 2 and organizations for additional features: user and group administration, sharing policies, ...
  • 27. clipperz Different packages The two editions of Clipperz will be delivered both as hosted services and downloadable packages for local installations. Hosted Downloadable No setup. No config. Keep your sensitive No maintenance. data at home. No backups. Respect security Automatic upgrades. policies of companies. No hosting fees. Available also as virtual appliances. No freemium. Just plain free or fully paid.
  • 28. clipperz Why open source Clipperz code is available under an AGPL license «In the cryptography world, we consider open source necessary for good security; we have for decades. For us, open source isn’t just a business model, it’s smart engineering practice.» (Bruce Schneier) 1) Clipperz hugely benefits from contributions of developers and community reviews. 2) The dual licensing scheme widens the range of potential customers.
  • 29. clipperz Why now Market reasons Growing fear and suspicion of unauthorized access to personal data. (warrant-less wiretapping, identity thefts, computer crimes, ...) Increasing awareness of risks related to privacy and data security. (ambiguous terms of service and privacy policies, ...) Technology reasons Availability of new resources for browser-based cryptography. (new Javascript engines, faster processors, HTML5 browser support, ...) Ubiquitous and cheap access to the Internet.
  • 30. clipperz Ideal investment path Clipperz has not enough resources to implement its strategy. Clipperz is looking for funding from reputable and passionate investors. Seed - To provide resources for: 1 improve the underlying cryptographic engine add features to personal edition build a first release of the workgroup edition VC round - About 12 months later: 2 improve the workgroup edition attract customers and promote the brand add document editing and management
  • 31. clipperz Contacts and location Clipperz Srl Via Berti 137, 48012 Bagnacavallo (RA), Italy www.clipperz.com Marco Barulli marco@clipperz.com skype: mbarulli Giulio Cesare Solaroli giulio.cesare@clipperz.com skype:gcsolaroli