Pages

Thursday, July 31, 2014

MiniLock

Earlier this month there was a small flurry of news regarding a new encryption application called miniLock. Wired Magazine had an article, that described the app as:
... an all-purpose file encryption program called miniLock, a free and open-source browser plugin designed to let even Luddites encrypt and decrypt files with practically uncrackable cryptographic protection in seconds. 
“The tagline is that this is file encryption that does more with less,” says Kobeissi, a 23-year old coder, activist and security consultant. “It’s super simple, approachable, and it’s almost impossible to be confused using it.” 
Kobeissi’s creation, which he says is in an experimental phase and shouldn’t yet be used for high security files, may in fact be the easiest encryption software of its kind. In an early version of the Google Chrome plugin tested by WIRED, we were able to drag and drop a file into the program in seconds, scrambling the data such that no one but the intended recipient—in theory not even law enforcement or intelligence agencies—could unscramble and read it. MiniLock can be used to encrypt anything from video email attachments to photos stored on a USB drive, or to encrypt files for secure storage on Dropbox or Google Drive.
The program will allow public-key encryption, but without the complexity for the user.
... There’s no need to even register or log in—every time miniLock launches, the user enters only a passphrase, though miniLock requires a strong one with as many as 30 characters or a lot of symbols and numbers. From that passphrase, the program derives a public key, which it calls a miniLock ID, and a private key, which the user never sees and is erased when the program closes. Both are the same every time the user enters the  passphrase. That trick of generating the same keys again in every session means anyone can use the program on any computer without worrying about safely storing or moving a sensitive private key. 
“No logins, and no private keys to manage. Both are eliminated. That’s what’s special,” says Kobeissi. “Users can have their identity for sending and receiving files on any computer that has miniLock installed, without needing to have an account like a web service does, and without needing to manage key files like PGP.”
For more information, here is the miniLock page. The app is still in the beta stage, but the developers hope to have a public release by August 4. Be warned, though, that the NSA appears to actively target people interested in secure computing.

No comments:

Post a Comment