Uploaded byantitree
PPTX, PDF2,289 views

Laverna vs etherpad

- Laverna is a note taking application that stores encrypted notes locally in the browser using JavaScript rather than on a remote server. - It uses Markdown formatting and encrypts notes using PBKDF2 before optionally syncing them to services like RemoteStorage.io or Dropbox. - To use Laverna, it must be cloned from GitHub and built using Node.js, bower, and grunt with encryption handled entirely by the client side application.

Embed presentation

Download to read offline
Laverna A tangential explanation of Laverna
You are Here Laverna Markdown Crypto Pbkdf2 Unnecesssary Visualization PBKDF2 For Blue Synchronization RemoteStorage.io Markdown.md Installation Conclusions Remotestorage.0wn .su
What are these words • Laverna and Etherpad are note taking services • I won’t talk about Etherpad because • Self-hosted alternatives to cloud apps like Evernote • Security and encryption are the focus here
Laverna • Node.js based local web page • HTML + JavaScript = no server required • Information is stored in the client you’re using • Encryptomagic • Remote storage options: • RemoteStorage.io (self-hosted) • Dropbox • Installation: • git clone git@github.com/laverna-static • Done
Markdown
Why? • Easy to convert into: • HTML • LaTeX • PDF • RTF… • Who supports MD? • Github (GFM) • Notepad++ • SublimeText • Everything on the Internet
Live Demo! MarkDown!!!! http://dillinger.io/
Encryption • All encryption happens client side (there is no server) • PBKDF2 • Manually entered salt (random) • Manually entered password • Can adjust iterations (1000 default) • AES 128 or 256 • Generated ciphers are stored in the browser local storage
Crypto/Sync JSON • {"id":"0cc9da4f-a47f-c9fd-e1ba- 55cb0ddb14e7", • "title":"{ • "iv":"uSrC4YzSxgvjueOBn+kb3A==",“ • v":1,“ • iter":"1000",“ • ks":128,“ • ts":64,“ • mode":"ccm","adata":"",“ • cipher":"aes",“ • salt":"ZwuH03ajWY0=",“ • ct":"WvpHRh50YbhdGeWFORR5b1xUui Rb • UID of the app • This is the title of my note • This is the IV for the note • Supports versioning of your note • PDKDF2 iterations • Key size is 128 • Something else size is 64 • Mode is CCM stream cipher • AES • Salt that you set • The cipher text of the title itself
• DK = Derived Key • PRF = HMAC - pseudorandom function like HMAC-SHA256 • c = Salt DK = PBKDF2(PRF, P, Salt, c, dkLen)
DK = PBKDF2(PRF, P, Salt, c, dkLen) Password Salt HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA Derived Key
What this defends against “monkey” Salt HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA Different Derived key
JustBlue Takeaway * This is from the Internet. Based on font, this is probably way off now
Laverna Crypto • PBKDF2 • Server never knows your key • Server never knows your keys • Fuck the cloud • Client side Crypto
Javascript Based Crypto • Not a big deal - it’ll be fine, what could go wrong • Relying on client side crypto with a server authenticator • Relying on client side crypto to protect client side information Well Actually
Back to Laverna
Syncing • Supports Dropbox
Syncing • Support RemoteStorage.io • Self-hosted remote storage similar to dropbox
Laverna Installation • Clone repository: git clone git@github.com:Laverna/laverna.git • Switch to stable version git checkout 0.5.0 • Install dependencies: npm install && bower install • Build minified version: grunt build • Build Dependencies: node.js, bower, grunt.
Operating Environment • Can host on any web server because crypto is on the client • Does not require PHP or programming environment • If remotely hosted, should be done over HTTPS • Github provides easy hosting over https for free • Can also run on your own computer
Wait have I done a demo yet? https://laverna.cc/index.html#notes
Here’s a diagram of something Laverna Etherpad Evernote License GPL GPL No Storage RemoteStorage, Dropbox None Sync with evernote Encryption PBKDF2 (AES) None (SSL with plugin) SSL + magic? Software JavaScript: Node.js, bower, grunt JavaScript Collaboration Not Realtime Yes Supports sharing Subfolders Infinite None Only 1 subfolder allowed Stored Format Json Export supports PDF, Word, and many other formats
Conclusion • Fuck the cloud • Use laverna • Use markdown • Use PBKDF2 • Use RemoteStorage.io (remotestorage.0wn.su?)
Laverna vs etherpad

More Related Content

PPTX
Reinventing anon email
byantitree
 
PPTX
Docker Security
byantitree
 
ODP
Introduction to ethereum_public
byantitree
 
PPTX
Building Python Development Station
byBasim Aly (JNCIP-SP, JNCIP-ENT)
 
PPTX
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
byLeonardo Nve Egea
 
PPTX
Using ansible vault to protect your secrets
byExcella
 
PPTX
The Good, the Bad and the Ugly of Networking for Microservices by Mathew Lodg...
byDocker, Inc.
 
PPTX
Vert.x for Microservices Architecture
byIdan Fridman
 
Reinventing anon email
byantitree
 
Docker Security
byantitree
 
Introduction to ethereum_public
byantitree
 
Building Python Development Station
byBasim Aly (JNCIP-SP, JNCIP-ENT)
 
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
byLeonardo Nve Egea
 
Using ansible vault to protect your secrets
byExcella
 
The Good, the Bad and the Ugly of Networking for Microservices by Mathew Lodg...
byDocker, Inc.
 
Vert.x for Microservices Architecture
byIdan Fridman
 

What's hot

PDF
An Introduction to Twisted
bysdsern
 
PDF
Building real time applications with Symfony2
byAntonio Peric-Mazar
 
PPTX
Introduction to OpenStack Cinder
bySean McGinnis
 
PPTX
Node.js
byhotrannam
 
PPTX
Neutron behind the scenes
byinbroker
 
PPTX
Sysdig - Introducing a new definition of Monitoring
byRamit Surana
 
PDF
Node.js 101 with Rami Sayar
byFITC
 
PDF
Penetration Testing Resource Guide
byBishop Fox
 
PPTX
Red Team vs Blue Team on AWS - RSA 2018
by2nd Sight Lab
 
PDF
NATS: Simple, Secure and Scalable Messaging For the Cloud Native Era
bywallyqs
 
PPTX
How to Build Your First Web App in Go
byAll Things Open
 
PPTX
Neutron VEB Plugin
byBIM
 
PDF
AstriCon 2017 - Docker Swarm & Asterisk
byEvan McGee
 
PPTX
London Hug 20/6 - Vault production
byLondon HashiCorp User Group
 
PDF
Vault
bydawnlua
 
PPTX
Nous Sommes Cyber - HTB Blue
byDianaWhitney4
 
PPTX
BSides Ottawa 2019 - HTB Blue
byDianaWhitney4
 
PDF
London HUG 19/5 - Kubernetes and vault
byLondon HashiCorp User Group
 
PDF
Bridges and Tunnels a Drive Through OpenStack Networking
bymarkmcclain
 
PPTX
Orchestrating Least Privilege by Diogo Monica
byDocker, Inc.
 
An Introduction to Twisted
bysdsern
 
Building real time applications with Symfony2
byAntonio Peric-Mazar
 
Introduction to OpenStack Cinder
bySean McGinnis
 
Node.js
byhotrannam
 
Neutron behind the scenes
byinbroker
 
Sysdig - Introducing a new definition of Monitoring
byRamit Surana
 
Node.js 101 with Rami Sayar
byFITC
 
Penetration Testing Resource Guide
byBishop Fox
 
Red Team vs Blue Team on AWS - RSA 2018
by2nd Sight Lab
 
NATS: Simple, Secure and Scalable Messaging For the Cloud Native Era
bywallyqs
 
How to Build Your First Web App in Go
byAll Things Open
 
Neutron VEB Plugin
byBIM
 
AstriCon 2017 - Docker Swarm & Asterisk
byEvan McGee
 
London Hug 20/6 - Vault production
byLondon HashiCorp User Group
 
Vault
bydawnlua
 
Nous Sommes Cyber - HTB Blue
byDianaWhitney4
 
BSides Ottawa 2019 - HTB Blue
byDianaWhitney4
 
London HUG 19/5 - Kubernetes and vault
byLondon HashiCorp User Group
 
Bridges and Tunnels a Drive Through OpenStack Networking
bymarkmcclain
 
Orchestrating Least Privilege by Diogo Monica
byDocker, Inc.
 

Viewers also liked

ODP
Rtlsdr presentation by alex 1/3/2014
byDb Cooper
 
PDF
Just Mouse Jack Init
byantitree
 
PPTX
Nsa and vpn
byantitree
 
PPTX
Salander v bond 2600
byantitree
 
ODP
2600 av evasion_deuce
byDb Cooper
 
ODP
State of wifi_2016
byantitree
 
PDF
A brief history of teledildonics
byDb Cooper
 
PPTX
How [not] to throw a b sides
byantitree
 
PPTX
28c3 in 15
byantitree
 
PPTX
0x20 hack
byantitree
 
PPTX
Image based automation
byantitree
 
PPTX
Meek and domain fronting public
byantitree
 
PDF
Android Hacking
byantitree
 
PPTX
26 Disruptive & Technology Trends 2016 - 2018
byBrian Solis
 
Rtlsdr presentation by alex 1/3/2014
byDb Cooper
 
Just Mouse Jack Init
byantitree
 
Nsa and vpn
byantitree
 
Salander v bond 2600
byantitree
 
2600 av evasion_deuce
byDb Cooper
 
State of wifi_2016
byantitree
 
A brief history of teledildonics
byDb Cooper
 
How [not] to throw a b sides
byantitree
 
28c3 in 15
byantitree
 
0x20 hack
byantitree
 
Image based automation
byantitree
 
Meek and domain fronting public
byantitree
 
Android Hacking
byantitree
 
26 Disruptive & Technology Trends 2016 - 2018
byBrian Solis
 

More from antitree

ODP
Hardening ssh configurations
byantitree
 
PPTX
Salander v bond b sides detroit final v3
byantitree
 
PPTX
Pentesting embedded
byantitree
 
PPTX
Tor
byantitree
 
PPTX
Corporate Intelligence: Bridging the security and intelligence community
byantitree
 
PPTX
Lock picking barcamp
byantitree
 
PPTX
Lock picking 2600
byantitree
 
PPTX
Anti tree firesheep
byantitree
 
PPTX
Hackerspaces
byantitree
 
PDF
Intro to IPv6 by Ben Woodruff
byantitree
 
PPTX
Anonymity Systems: Tor
byantitree
 
PPTX
Dll hijacking
byantitree
 
Hardening ssh configurations
byantitree
 
Salander v bond b sides detroit final v3
byantitree
 
Pentesting embedded
byantitree
 
Tor
byantitree
 
Corporate Intelligence: Bridging the security and intelligence community
byantitree
 
Lock picking barcamp
byantitree
 
Lock picking 2600
byantitree
 
Anti tree firesheep
byantitree
 
Hackerspaces
byantitree
 
Intro to IPv6 by Ben Woodruff
byantitree
 
Anonymity Systems: Tor
byantitree
 
Dll hijacking
byantitree
 

Recently uploaded

PDF
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 
PDF
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
PDF
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
PPTX
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
PDF
HOW TO OVERCOME THE THREATS OF ARTIFICIAL INTELLIGENCE AGAINST HUMANITY.pdf
byFaga1939
 
PPTX
Tech Trends 2026: AI Agents, Quantum Computing, Robotics & Cybersecurity
byridwansassman
 
PDF
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
PDF
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
PPTX
apidays Paris 2025 | Building Agentic Workflows
byapidays
 
PDF
apidays New York 2025 | AI in Application Security
byapidays
 
PDF
apidays Paris 2025 | Zero Trust By Design
byapidays
 
PDF
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
PDF
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 
PPTX
Workflow and decision Automation with Flowable
bychakib ch
 
PDF
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
PDF
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
PPTX
The Transformative Technology in Contemporary Businesses
bygreyaudrina
 
PDF
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
PDF
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 
PDF
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
HOW TO OVERCOME THE THREATS OF ARTIFICIAL INTELLIGENCE AGAINST HUMANITY.pdf
byFaga1939
 
Tech Trends 2026: AI Agents, Quantum Computing, Robotics & Cybersecurity
byridwansassman
 
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
apidays Paris 2025 | Building Agentic Workflows
byapidays
 
apidays New York 2025 | AI in Application Security
byapidays
 
apidays Paris 2025 | Zero Trust By Design
byapidays
 
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 
Workflow and decision Automation with Flowable
bychakib ch
 
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
The Transformative Technology in Contemporary Businesses
bygreyaudrina
 
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 

Laverna vs etherpad

  • 1.
  • 2.
    You are HereLaverna Markdown Crypto Pbkdf2 Unnecesssary Visualization PBKDF2 For Blue Synchronization RemoteStorage.io Markdown.md Installation Conclusions Remotestorage.0wn .su
  • 3.
    What are thesewords • Laverna and Etherpad are note taking services • I won’t talk about Etherpad because • Self-hosted alternatives to cloud apps like Evernote • Security and encryption are the focus here
  • 4.
    Laverna • Node.js basedlocal web page • HTML + JavaScript = no server required • Information is stored in the client you’re using • Encryptomagic • Remote storage options: • RemoteStorage.io (self-hosted) • Dropbox • Installation: • git clone git@github.com/laverna-static • Done
  • 5.
  • 6.
    Why? • Easy toconvert into: • HTML • LaTeX • PDF • RTF… • Who supports MD? • Github (GFM) • Notepad++ • SublimeText • Everything on the Internet
  • 7.
  • 8.
    Encryption • All encryptionhappens client side (there is no server) • PBKDF2 • Manually entered salt (random) • Manually entered password • Can adjust iterations (1000 default) • AES 128 or 256 • Generated ciphers are stored in the browser local storage
  • 9.
    Crypto/Sync JSON • {"id":"0cc9da4f-a47f-c9fd-e1ba- 55cb0ddb14e7", •"title":"{ • "iv":"uSrC4YzSxgvjueOBn+kb3A==",“ • v":1,“ • iter":"1000",“ • ks":128,“ • ts":64,“ • mode":"ccm","adata":"",“ • cipher":"aes",“ • salt":"ZwuH03ajWY0=",“ • ct":"WvpHRh50YbhdGeWFORR5b1xUui Rb • UID of the app • This is the title of my note • This is the IV for the note • Supports versioning of your note • PDKDF2 iterations • Key size is 128 • Something else size is 64 • Mode is CCM stream cipher • AES • Salt that you set • The cipher text of the title itself
  • 10.
    • DK =Derived Key • PRF = HMAC - pseudorandom function like HMAC-SHA256 • c = Salt DK = PBKDF2(PRF, P, Salt, c, dkLen)
  • 11.
    DK = PBKDF2(PRF,P, Salt, c, dkLen) Password Salt HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA Derived Key
  • 12.
    What this defendsagainst “monkey” Salt HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA Different Derived key
  • 13.
    JustBlue Takeaway * Thisis from the Internet. Based on font, this is probably way off now
  • 14.
    Laverna Crypto • PBKDF2 •Server never knows your key • Server never knows your keys • Fuck the cloud • Client side Crypto
  • 15.
    Javascript Based Crypto •Not a big deal - it’ll be fine, what could go wrong • Relying on client side crypto with a server authenticator • Relying on client side crypto to protect client side information Well Actually
  • 16.
  • 17.
  • 18.
    Syncing • Support RemoteStorage.io •Self-hosted remote storage similar to dropbox
  • 19.
    Laverna Installation • Clonerepository: git clone git@github.com:Laverna/laverna.git • Switch to stable version git checkout 0.5.0 • Install dependencies: npm install && bower install • Build minified version: grunt build • Build Dependencies: node.js, bower, grunt.
  • 20.
    Operating Environment • Canhost on any web server because crypto is on the client • Does not require PHP or programming environment • If remotely hosted, should be done over HTTPS • Github provides easy hosting over https for free • Can also run on your own computer
  • 21.
    Wait have Idone a demo yet? https://laverna.cc/index.html#notes
  • 22.
    Here’s a diagramof something Laverna Etherpad Evernote License GPL GPL No Storage RemoteStorage, Dropbox None Sync with evernote Encryption PBKDF2 (AES) None (SSL with plugin) SSL + magic? Software JavaScript: Node.js, bower, grunt JavaScript Collaboration Not Realtime Yes Supports sharing Subfolders Infinite None Only 1 subfolder allowed Stored Format Json Export supports PDF, Word, and many other formats
  • 23.
    Conclusion • Fuck thecloud • Use laverna • Use markdown • Use PBKDF2 • Use RemoteStorage.io (remotestorage.0wn.su?)