The latest in Jon Udell's excellent podcast series is an interview with clipperz.com's Marco Barulli about the tool and its use of zero-knowledge online password management (aka the host-proof hosting pattern).

Direct MP3 link (from IT Conversations post)

Jon speaks of translucent databases, which encrypt data that can only make sense at application level. Thanks to the dramatic increases we've seen in the performance of Javascript engines, that kind of encryption technology is now feasible in the browser.

Marco also makes the point that Javascript implementations of raw encryption algorithms were already available some years ago, but peripheral tools like password generation were not, and that's come a long way too. Clipperz has its own crypto library licensed under AGPL.

Imagine a web application that would encrypt your credentials and store them in the cloud. It would deliver that encrypted store to any browser you happen to be using, along with a JavaScript engine that could decrypt it, display your credentials, and even use them to automatically log you onto any of your password-protected services. You’d trust it because its cryptographic code would be available for security pros to validate.


Related News :