Super easy encryption program is expected to appear

Source: Internet
Author: User
Keywords Google Dropbox miniLock Encryption GitHub
Tags agency clear design dropbox e-mail files google google+

In fact, encryption is not easy. Edward Snowden, former director of the National Security Agency, had previously wanted to communicate via encrypted e-mail with journalist Glenn Greenwald, who watched Snowden's 12-minute tutorial After the video, still not sure how to use the famous encryption program PGP.

Nadim Kobeissi wants to clear this learning disability. At the HOPE Hacking Conference in New York later this month, he will unveil a beta version of a multi-purpose file encryption program called miniLock, a free, open source browser plug-in designed to pass The virtually unbreakable password protection lets users encrypt and decrypt files in seconds.

Kobesi said: "Our slogan is that this is a money-saving document encryption program that does something big, easy to use, and almost impossible to use when confused."

The 23-year-old programmer and security consultant said his program is still experimental and can not be used for documents that require high security. He said his creation may actually be the simplest encryption software. WIRED magazine tested earlier versions of the Google Chrome browser plug-in for the software, dragging and dropping files into the program in seconds, disrupting data so that only the receiver can restore it to its original state and read it. miniLock can be used to encrypt files from video mail attachments to photos stored on a USB drive, or to encrypt files for safe storage on Dropbox or GoogleDrive.

Like PGP, miniLock provides so-called "public key" encryption. In a public key cryptography system, a user has two sets of keys, one is public and the other is private. They can share the public key with anyone who wants to send them securely, and any file encrypted by that key can only be decrypted by the private key.

Cobbesy's version of public key encryption removes all complex processes. Each time a miniLock is started, the user does not even need to register or log in, just enter a passcode - but miniLock requires the passcode to include up to 30 characters or more symbols and numbers. After entering the passcode, the program will obtain a public key, known as the miniLock ID, along with a private key. However, the user never sees the private key and the private key is erased when the program is closed. When users enter the same passcode, they will get the same public and private keys. This practice means that anyone can use the program on any computer without worrying about whether to store or move sensitive private keys securely.

"No need to log in, no need to manage private keys, and both have been canceled, which is special," Corbett said. "On any computer with miniLock installed, users can send and receive files using their own ID, eliminating the need to set up an account like a web service or managing keys as PGP does."

Despite so many features, miniLock may not get a warm welcome in the encrypted community. Kobesi's most famous work before is Cryptocat, a secure chat program that, like the miniLock, makes encryption much easier for even 5-year-olds. But the program also has several serious security holes that many in the security community have criticized as useless, or (worse yet) a snooze of privacy illusions for users.

However, Kobesi pointed out that these vulnerabilities have been fixed. The program now downloads nearly 750,000 downloads, and Cryptocat tops the list of security programs released by the German security firm PSW Group last month.

Matthew Green, a professor of cryptography at Johns Hopkins University, said the miniLock should not be denied despite Cryptocat's initial loophole. He previously pointed out Cryptocat's vulnerability and has now checked the miniLock design parameters.

Green is cautiously optimistic about minilock. "I will not use it now to encrypt NSA files," he said. "But it has a nice and simple password design and not a lot of mistakes ... The app may need more reviews, but it can be very safe."

Cobbesi said he also learned from the failure of Cryptocat that miniLock will not be released on the Chrome Web Store from the beginning. On the contrary, he will publish the code of the program on GitHub for evaluation, and will devote himself to keeping a detailed record of how the program works. He said: "minilock's open behavior was designed to demonstrate sound programming practices, careful password design decisions, and to make it easy to evaluate potential vulnerabilities in miniLock."

If miniLock becomes the first public-key encryption program to really be a fool, the sophisticated encryption world will welcome more new users. Green, at Johns Hopkins University, said: "PGP is too much of a hassle, and the ability to encrypt ordinary people is invaluable ... Corbett eliminated complexity and made us want to do whatever we wanted. "(Chu Shen)

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.