h a l f b a k e r yBusiness Failure Incubator
add, search, annotate, link, view, overview, recent, by name, random
news, help, about, links, report a problem
browse anonymously,
or get an account
and write.
register,
|
|
|
A web service where I can upload my personal pages, similarly to a blog. Difference is that these pages are encrypted. I have to enter a password to see them. I can enter to-do lists, personal links, address book, all my passwords, PIN numbers, etc. The point is to have these data online, so that I can
access them when needed. This way I don't have to carry pieces of paper around, which is both a burden and a security risk.
Of course, you can't trust any provider with your personal data. But you don't need to with this system. You enter/edit your data in a textbox, and it is encrypted with strong encryption within the browser, before leaving your computer. The whole thing is transparent, open source javascript encryption. The server will store only the encrypted text, when you view it you decrypt it in your browser.
After usage clear browser cache and that's it. Additional mechanisms for integrity check, backup, etc. Of course the whole system is essentially the same as encrypting your own files and uploading via public ftp, but the key is to make it both usable and secure.
John Walker's JavaScrypt
http://www.fourmilab.ch/javascrypt/ A good place to start. [jutta, Sep 18 2007]
Please log in.
If you're not logged in,
you can see what this page
looks like, but you will
not be able to add anything.
Annotation:
|
|
How does the browser decrypt the files? |
|
|
It interprets a JavaScript program (that the user can examine) that encrypts before the data leaves the browser. |
|
|
Hm, I want this to work, but I'm not quite seeing the complete chain of trust in the system. |
|
|
If you're carrying your computer around, you don't need the central place. |
|
|
So, you're somewhere else. You don't have your computer. Problem one, you need to trust the browser you're using.
Problem two, you need to trust the JavaScript. Where do you get the code? You reload it each time. Even if you've inspected it once, it may have changed. How are you going to tell? |
|
|
You can get it from a secure connection somewhere, but now you're trusting a site - so you could just have trusted the site with your secrets to begin with. |
|
|
I suppose you can kinda do this with windows' built-in 'compress and email' when you right-click a file/folder. You only get crappy WinZip password encryption with that though. |
|
|
Actually, I might start doing this to an unlimited space free email account (I'll probably use WinRar though). |
|
|
Jutta, great points, haven't thought about that the javascript code itself can be changed/manipulated in a way that the individual user can not tell. |
|
|
Of course you could access this with a personal device like a PDA or cell phone that you regularly scan for changes. |
|
|
I don't see where you need a special service for this. All your encryption is going to have to be on the equipment that you control, so all you need is an ftp site to store it. |
|
|
But then, with the incredibly low price of storage these days, why not just carry all your encrypted documents with you? An eighty GB ipod can probably store more shopping lists and porn than you are likely to need on a trip to the mall, or even a weekend at grandma's place. |
|
| |