Upload File

passlok manual 24 -...

  • Home
  • Documents
  • PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything
63
1 PassLok Privacy 2. 4 manual by F. Ruiz, updated as of version 2.4.2 on 9/7/2017 Outline: 1) What is PassLok Privacy? a) What is public-key encryption? b) What makes PassLok special? c) Keys and Locks 2) Keys and Locks a) How to make a strong Key b) Generate your matching Lock c) Spreading your Lock d) Changing your Key e) Making a directory of Locks f) The General Lock Directory 3) Encryption and Decryption a) Anonymous encrypted messages: msa b) Key-locked messages c) Signed messages d) Read-once messages 4) Encrypting files 5) Real-time Chat in PassLok 6) A walkthrough of the interface a) Tabs Main Options Help b) Dialogs Key Directory Edit New Key, email, user name Hidden message in, out Parts Image c) Buttons and Checkboxes 7) Advanced features a) Short messages b) Seals c) Pad mode

Upload: others

Post on 25-Sep-2019

3 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

1

PassLokPrivacy2.4manualbyF.Ruiz,updatedasofversion2.4.2on9/7/2017

Outline:1) WhatisPassLokPrivacy?

a) Whatispublic-keyencryption?b) WhatmakesPassLokspecial?c) KeysandLocks

2) KeysandLocksa) HowtomakeastrongKeyb) GenerateyourmatchingLockc) SpreadingyourLockd) ChangingyourKeye) MakingadirectoryofLocksf) TheGeneralLockDirectory

3) EncryptionandDecryptiona) Anonymousencryptedmessages:msab) Key-lockedmessagesc) Signedmessagesd) Read-oncemessages

4) Encryptingfiles5) Real-timeChatinPassLok6) Awalkthroughoftheinterface

a) Tabs• Main• Options• Help

b) Dialogs• Key• DirectoryEdit• NewKey,email,username• Hiddenmessagein,out• Parts• Image

c) ButtonsandCheckboxes7) Advancedfeatures

a) Shortmessagesb) Sealsc) Padmode

Page 2: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

2

d) Humanmodee) Hiddenmessagesf) Usingfaketextg) Hidingstuffinsideimagesh) Lockingandsigningfilesi) RandomKeysj) Splittingandjoiningitemsk) LockingwithListsl) MakingsurePassLokisgenuinem) Lockauthenticationviatextoremailn) Underthehood:Compression,VariableKeyStretching

8) Appendix:PassLokvs.PGP

Page 3: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

3

WhatisPassLokPrivacy?PassLokPrivacyisanencryptionandsteganographysuite,whichmeansthatitturnsregularreadabletextandfilesintounreadablegibberish,andcanalsohidethemsotheirpresenceisn’tevendetected.OnlythepersonsholdingtheappropriateKeyscanthenretrievetheoriginaltextorfiles.PassLokdoesseveraltypesofencryption,includingsymmetricandasymmetric(public-key)encryption.Additionally,PassLokhastheabilitytodisguiseitsencryptedoutputasmorenormal-lookingtext,andtohideitwithinimagefiles.PassLokalsodoesreal-timesecurechat,whichcanincludeevenvideo.Italsoincludesamodethatistheoreticallyimpossibletobreakandanothermodethatdoesnotevenneedacomputertoencryptordecrypt.ThemostessentialfunctionsofPassLokPrivacyarealsoavailableinPassLokforEmail,anextensionforChromeandFirefoxthatintegratesseamlesslywithweb-basedemailservices(currentlyGmail,Yahoomail,andOutlookonline).

Whatispublic-keyencryption?Inencryptionofanykind,youencryptatextorfileusingatextstringcalledakey.Akeymustbesuppliedduringthedecryptionprocesstorecovertheoriginalitem,orthedecryptionwillfail.Typically,thedecryptionkeyisthesameastheencryptionkey,andinthiscasewespeakofsymmetricencryption,buttherearemethodsinwhichonekey,calledthe“publickey,”isusedforencryption,andadifferent“privatekey”istheoneinvolvedindecryption.Thisisknownasasymmetricorpublic-keyencryption.Public-keyencryptionhasthehugeadvantageoversymmetricencryptionthattheencryptionkeydoesnothavetobekeptsecretandthedecryptionkeydoesnothavetotravel,whichmightexposeittoanattacker.Whensomeonewantstosendanencryptedmessage,he/sheonlyneedstogettherecipient’spublickeyfromapublicplacewheretheownerhaspostedit,anduseittoencryptthemessage.Onlytheowneroftheprivatekey,whichremainssecretandhasneverlefttheowner’spossession,candecryptthatmessage.Securecommunicationsbetweencomputersusesomesortofpublic-keyencryptiontogetitstarted,andthenmaybeswitchtotheotherkind,whichisfaster,oncethekeysinvolvedhavebeensecurelytransmitted.

WhatmakesPassLokspecial?PassLokisdesignedtopreservetheprivacyofordinarypeople,whoarenotsecretagents,aftertheyfindthemselvesinasurveillancesituation.Thatmeansprettymuchthewholeworld,aswelearnedfromthe2013SnowdenleaksonNSAsurveillanceprograms.Ifpeoplehadhadtimetocommunicateprivatelywithafriendbeforethesurveillancestarted,theywouldhavebeenabletoestablishasharedsecretkeythatwouldenablethemtocommunicateusingsymmetricencryption.Therearemanygoodprogramsoutthereforsymmetricencryption,includingsomethatarebasedonAES(AdvancedEncryptionStandard),whichtheUSGovernmentchosein2001asitsofficial

Page 4: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

4

encryptionprogram,afterayearlongcontestinvolvingadozencandidates,butthesepeoplecan’tusethembecausetheydon’thaveasharedsecretwiththeirfriends.Allpublic-keyencryptionprograms,suchasPGP(PrettyGoodPrivacy)andafewothers,allowpeopletoestablishsecurecommunicationsevenwhenithasbecomeimpossibletotransmitasecret,sincethesecretkeysneverleavetheirowners,butwhatiftheircomputersarebugged?Thisisarealconcerntoday,andPGPandmostoftherestcannothelpinthatsituationsincetheymustbeinstalledbeforetheycanrun.PassLokcanstillhelp.WhatallowsPassLoktofunctionwheretheotherscannotisitsperfectportability.PassLokisnotreallyinstalledonyourcomputer;itisnotrunningonaserver,either.Sincenothingsecretneedstobestoredanywhere,nothingsecretcanbecompromised.PassLokrunsequallywellonyourWindows,MacorLinuxmachine,yourneighborhoodlibrary’spublicPC,orapasserby’ssmartphone,anditdisappearswithoutatraceafteritdoesitsjob.ThesearetheprinciplesguidingthedesignofPassLok:o Perfectportability.Runsonanycomputerormobiledevice.o Completelyself-containedsoitrunsoffline.Noservers.o Nothingshouldbeinstalledbytheoperatingsystem.Nothingforcedtobewrittenin

thedevice.o Highest-levelsecurityateverystep.Nocompromises.o Easytounderstandandusebynovices.Simple,cleangraphicalinterface.No

cryptographicjargon.Therefore,PassLokisawebpagethatcanrunonanybrowser,whethercomputerormobile.ItiswritteninstandardJavaScriptlanguage,whichallbrowsersunderstand.Itcanbesavedandrunfromfile,ordownloadedfromthesourcewhenneeded,thenthrownaway.Itisapublic,self-containedfile,usingnooutsidelibraries.Itleavesnocookies.Itcontactsnoservers.Allprocessinghappensinthemachine,anditworksequallywelldisconnectedfromthenetwork.Userscanencryptanddecryptwhileofflineandonlyconnectwhentheirmessagesareencryptedandtheplainitemshavesecurelydeleted.Mostotherpublic-keyprogramsrelyonlongprivatekeysthatmustbestoredsomewherebecausetheyareimpossibletoremember;thepublickeysareevenlonger.PassLokallowsuserstouseanytextastheirsecretKey,preciselysotheycanrememberitwithouthavingtowriteitanywhere(observethatKeyisnowcapitalized;we’llfollowthisconventionwheneverawordhasaspecialmeaninginPassLok).IthelpsthemtomakestrongKeysandrewardsthemforthis,butitdoesn’tforceuserstouseaparticularsortofKey.OncetheuserhaschosenasecretKey,PassLokappliesasmanyas220iterationsofSCRYPTkeystretching(morethanamillion),andthen255-bitellipticcurvefunctionstoproducethematchingpublickey(equivalentto3,000-plusbitsfor

Page 5: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

5

PGPandsimilarprograms),andthencombinesbothtousetheXSalsa20streamcipher,oneofthestrongestknowntoday.Itiswellknownthatmostuserstendtochoosebadkeysorpasswords,whichahackingprogramsuchasHashcatcancrackeasily.PassLokdoesnotforceuserstocomplytoanyrulesinchoosingKeys,sothatauser’ssecretKeycanindeedbeanythinghe/shelikes.Instead,PassLokevaluatesKeystrengthandappliesavariableamounttoSCRYPTkeystretchingaccordingtotheresult.Sincealargenumberofkeystretchingiterationsalsocausesalongdelaytotheuser(whoiswarnedinanycase),thisservestoencourageuserstocomeupwithstrongerKeys,withoutforcingthemdirectly.What’sbetter,sinceallbadKeysarestillinthepool,hackersareforcedtorunthroughallofthembeforetheygettothebetterKeys,wastinglargeamountsofcomputertime,orriskmissingthementirely.IfusersdecidetousemuchmoresecurerandomKeys,PassLokhelpsinseveralways.TheeasiestistoclicktheRandombuttononthenewuserwizard,whichisseenonlywhenPassLokopensforthefirsttimeoranewuseriscreated.Thisaddsa256-bitrandomtokentotheuser’schosenKey,whichisimmediatelyencryptedwiththeKeyandstoredinthedevice.ThisprovidesultimatesecurityagainstthoseattemptingtoguesstheKey,sincethey’dhavetoguessboththeKeyandthelongrandomtoken,butunfortunatelycausestheusertobetiedtothedevicewherethetokenisstored(thisissimilartowhathappenswithPGP)exceptintheChromeappversion,whichsyncsthetokenbetweencomputers(butthenGooglehasyourtoken,encrypted).PassLokhasabuttontoexportthattokeninencryptedform,however,soitcanbeusedonadifferentdevice.PassLokcanalsogeneratealongrandomKeywiththetouchofabutton,andthisisstorednowhere.ShouldtheuserdecidetostoretheKeyforfurtheruse,PassLokcansplititintoseveralpartstobestoredatdifferentlocations,soitishardertocompromisetheKey,andthencanjointhepartsbacktogetherwhentheKeyisneeded.PassLokhasevolvedintoapowerfulprogramthatcandomanythingsbeyondsimpleencryption:self-destructmessages,files,text-andimage-basedsteganography(hiding),splittingintoparts,richtextediting,real-timechatinvolvingevenvideo,theoreticallyunbreakableencryption,high-strengthhuman-computableencryption.Andthen,PassLoksportsaverycleaninterfacewithonlyafewbuttons.ThereisaBasicmodewhereonlytheessentialbuttonsandsettingsareshown,anAdvancedmodewithallthebellsandwhistles,andanEmailmodethatmakesitfullycompatiblewithPassLokforEmail(moreonthisbelow).Helphasitsowndedicated,searchabletabthatisalwaysavailable,andmorehelppopsoutiftheuserchoosesLearnmode,sothateverybuttonpressbringsoutadialogexplainingwhatisabouttohappen.

Page 6: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

6

PassLokforEmail,mentionedearlier,isanextensionforChromeanditsderivatives,andanaddonforFirefox,whichintegratesthecorefunctionsofPassLokPrivacywithpopularweb-emailservices(asofversion0.4.2:Gmail,Yahoomail,Outlookonline).ItincludesalltheasymmetricencryptionfunctionsofPassLok,plusimagehidingandsomeformsoftexthiding.OutputproducedbyPassLokforEmailcanbeopenedinPassLokPrivacy,andvice-versa(ifgeneratedinEmailmode).Itsuserinterfaceisevenmoreminimalistic:simplyanicononyouremailpagewhich,whenclicked,opensadialogwhereyoucanencryptordecryptmessagesandfiles.

KeysandLocksConsistentwiththe“nojargon”designprinciple,PassLokreplacesthestandardtalkaboutpublicandprivatekeyswithsimplertermsdrawnfromusers’experience.Mostpeoplearefamiliarwithpadlocks.Youdon’tneedthekeytolocksomethingwithanopenpadlock,butyoudoneedthatkeytounlocksomethingwithaclosedpadlockonit.Therefore,thewordconsistentlyusedinPassLoktodesignateapublickeyis“Lock”(capitalizedinthisdocument,aseverytimeacommonwordhasaspecialmeaninginPassLok),andthewordusedforprivatekeyissimply“Key”.Therearepadlocksthatuseanumericaloralphabeticalcombinationratherthanakey.Thosewishingtoopenoneofsuchlocksmusthavethecombination,giventohim/herbythelockowner.InPassLok,thatcombinationiscalleda“sharedKey,”andcorrespondstowhatinregularcryptographicjargoniscalledasymmetrickey,usedbothtoencryptandtodecrypt.Whenasharedsecretismadefromaprivatekeyandsomeoneelse’spublickey,PassLoktalksaboutcombiningaKeyandaLocktomakeasharedKey.

Page 7: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

7

CreatingKeysandLocksThefirsttaskforanewuseristochooseasecretKey,andthenmakethematchingLock.ThentheLockhastobeexchangedwithotherusers.Ausermaywanttochangehis/herKeylateron,foravarietyofreasons.Thissectiondescribesallofthesethings.Thenewuserwizard,whichappearsthefirsttimeyouusePassLokonagivendeviceorclicktheNewUserbutton,leadsyouthroughtheKeyselectionprocessstepbystep.Here’stheexplanationofeachstep:

1. Introduction.ItisessentialtohaveaminimumknowledgeofwhatPassLokissupposedtodo.Thefirstscreencontainsanoptional,fun3-minutevideothatexplainsit.Ifyouwanttoskipthewholewizard,thereisalsoabuttontodothis,labeledExit.

2. UserName.PassLokPrivacyismulti-user(ormulti-identity).Youmustprovideanameifyouwanttostoreanythinginthepermanentdirectory,sothatdatabelongingtodifferentusersdon’tgetmixedup.Anythingnotpublicisencrypted,soonlytherightownershaveaccesstotheirdata.WhenyourestartPassLok,alltheusernamesrecordedinthedevicearedisplayedforyoutochooseone.Ifthereisonlyone,there’snoneedtochooseit.

3. SecretKey.AstrongKeyisthemostimportantelementinyoursecurity,soPassLokwilltellyouhowgooditissecurity-wiseasyoutypeitin.IfyouprefertostartfromanalreadydecentKey,abuttonwillSuggestfiverandomwordsfromPassLok’sinternaldictionary,whichyoumayormaynotchooseandarefreetomodifywhicheverwayyoulikeifyoudecidetokeepthem.PassLokdoesnotstoreyourKey,soitisimportantthatyourememberitwithouthavingtowriteitdown.

4. EmailorToken(optional).Ifyounowsupplysomepieceofdatathatisuniquetoyou,suchasyouremailorphonenumber,securitywillbegreatlyenhancedsinceahackertryingtoguessyourKey(likelyfromyourLock,whichispublic)willbeforcedtostartthecrackingprocessfromscratchwithoutthebenefitofready-madetablesofpre-crackedKeys.Thispieceofdatadoesnotneedtobesecret,justuniquetoyou.UnliketheKey,theemailwillbestoredinencryptedform,soyouonlyhavetosupplyitonce.Youalsohavetheoptiontousearandomtoken,bymeansoftheRandombutton.Doingsowillgiveyouultimatesecurity,butitwillmakeithardertousePassLokonadifferentmachine(althoughtherearewaystogetaroundthis,explainedbelow).IfyouwantyourcopyofPassLokPrivacytobecompatiblewithyourcopyofPassLokforEmail,youmustwriteyouremailaddressatthispoint,sincethisiswhatPassLokforEmailusesautomatically.

5. GenerateanddisseminateyourLock.ThelastbuttonclosesthewizardanddisplaystheLockmatchingyourKeyandadditionaldataontheMaintab.TheideaistogiveyourLocktoeveryoneyouwishtocommunicatewithyou,muchlikeaphonenumber.Tomakethistasksuper-easy,PassLokwillsenditbyemailtoyourfriendsrightaway,alongwithashortsetofinstructions,ifonlyyoucheckaboxbeforeclickingthebutton.

Page 8: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

8

HowtomakeastrongKeySincethecryptographicmethodsusedinPassLokareoverkillfortoday’scomputerpower,theweaklinkinthechainisrathertheKeychosenbytheuser.Ithasbeenshownthat80%ofuserschoosebadkeys,whichaspecializedhackingprogramsuchasHashcatcanguessinamatterofseconds.Thesameprogramrunningforanhourwouldguess99%ofpasswordsmadebyactualusers.PassLokknowstheworstEnglish1000Keysandtheirvariations,andpenalizesuserswhousethemaspartoftheirsecretKey,butitdoesn’tstophere.Itknowsthestrategiesfollowedbyhackersandmakesthemaspainfulaspossible.SincetheLockmadefromauser’sKeyispublic,ahackerwilltrytofindthesecretKeybymakingguessesandcheckingeverytimewhethertheLockderivingfromtheguessmatchestheuser’spublishedLock.Onceamatchoccurs,theKeyhasbeenrevealedandanythingencryptedorsignedwithitcanbedecryptedortamperedwith.ItturnsoutthatthereareonlysomanyreasonswhyKeyscanbebad.Hackersknowthem,andthisallowthemtoguessthekeysveryquickly.Iftheuseravoidsmakingthosemistakes,theKeylikelywon’tbecracked.Sohere’showatypicalkey-crackingprogramproceeds,andhowtothwartit:

1. Theprogramfirsttrieseverypossiblecombinationofnumbers,letters(lowercaseandcapitals)andspecialcharacterscomprisingfourorfivecharacters.Thisiscalleda“bruteforce”attack,whichcanonlybeovercomebymakingthekeylongerthanthosefewcharacters.Sixcharactersistypicallyenough.

2. Sincegoingbeyondthisinvolvesanexponentiallylongercomputingtime,thekey-guessingprogramthenswitchestoadictionaryofready-madewordsforitsguesses,towhichitmayappendorprependashortnumbersequence.Thedictionarycontainsallcommonwordsinoneormorelanguages(hackersknowwhatlanguagesyouspeak),includingvariationslikecommoncapitalization(firstletter)andmisspellings,andlettersreplacedbynumbersorsymbols,asin:appl3,b@n@n@,andsoforth.Theprogramsalsoknowkeyboardpatternslikeqwertyandqazwsxedc,sothesearenotsecureatall.Finally,anypersonalinformationthatmightbeknowntoothers(abirthday,spouse’snickname,anaddress)issuretohavebeenaddedtothedictionaryifyouarethetargetofapersonalattack.

3. Havingtriedallsinglewords,theprogramwillnowtrytwowordsatatime,beginningwithpairsthatmakegrammaticalsense:hitme,iwin,etc.(withandwithoutspaces),thenthreeormore.Itmaytryconventionalphrasesatthispoint:Iloveyou,correcthorsebatterystaple,andsoforth.

4. Beyondthispoint,thehacker’sZenmaytakehim/her/italongdifferentpaths,butitwillalwaysbefollowingpatternsandadictionary.TheuserstillhasachancetothwarttheZen.

Page 9: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

9

SohowdoesausermakearealstrongKey?Firstofall,recognizehowahackerwilltrytoguessitanddon’tfacilitatehis/her/itsjob.Thatmeans:

1. TheKeymusthavesufficientlength.PassLokwon’tacceptKeyshavingfewerthanthreecharacters,butyoushouldaimforatleastninecharacters.

2. Don’tusecommonwords,whichcanbefoundinadictionary,evenifnumbersreplacesomelettersorarecapitalized,oraremisspelledinacommonway.

3. Don’tuse(exclusivelyorinconjunctionwithcommonwords)personaldatathatothersmightalsoknow.

4. Addingnumbersattheendoratthebeginningdoesn’taddmuchsecurity.5. Ifyouhavemorethanoneword,makesurethesetdoesnotmakegrammatical

sense.Thiswouldstillbequiteeasytoremember.6. Doaddamixoflowercase,capitals,numbers,andspecialsymbols.Thiswill

forcethecrackertosiftthroughamuchlargerpoolofpossibilities,incasehe/she/ithastheabilitytobruteforcealongKey.Thisiswhywebsitesoftenforcethiscriterion,atleastpartially.PassLokdoesnotforceyou,butyou’llbepenalizedwithlongercomputingtimesifyouignorethisadvice.

ExamplesofVeryGoodkeys:

• Idw2g2s.Thm!(madewiththeinitials,withacouplenumericalswitches,of“Idon’twanttogotoschool.Theyhateme!”)

• 1+1+1+1+1=Five(yes,amathformula;mathformulasarefullofspecialsymbols;1+1+1+1=Fiveisevenbetter,thoughitisshorter,becauseitisincorrect)

• c0rrect,H0rse.st@ple;b@ttery(eventhoughcorrecthorsebatterystapleiswellknown,andthereforebadasaKey,adifferentpermutationwillwork,especiallyifitcontainsnumbers,uppercase,andsymbols;there’sjusttoomanypermutationstokeepthemallinthedictionary)

• BN32892-3782-GBa(that’stheserialnumberwrittenatthebottomofmyoldlaptop;it’slongandrandom-lookingandfullofdifferentkindsofcharacters,andnooneelseknowsit;itwillworksolongasI’mnearenoughtoreadit)

• toSerOderNão2être(funkytakeon“Tobeornottobe,”combiningEnglish,Spanish,German,Portuguese,andFrench;ahackermighthavedictionariesforallthoselanguages,buthe/she/itdoesn’tknowinwhichordertheywereusedandtherearejusttoomanypermutations)

Evenifyoufollowalltheserules,thereisstillachancethat,givenalotofcomputingtimeandoodlesofstorage,apowerfulattackermighthavepre-computedtheLocksforahugedatabaseofpossibleKeys,whatisknownasa“rainbowtable.”Butitisveryunlikelythatthisdatabaseispersonalizedtodefeatyouinparticular.Thus,addingsomepersonaldata(notnecessarilysecret)toanalreadygoodKeywilldefeattherainbowtable.ThisiswhyPassLokasksyouforyouremailaddress,orsomeotherpublicdataaboutyourself.Tomakeyourlifealittleeasier,thisinformationisstoredbetweensessions(unliketheKey,whichisneverstoredanywhere),soyoudon’thavetoenteritagaininthesamemachine.

Page 10: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

10

HowcanyoutellifyourKeyisanygood?JustwriteitintotheKeyboxofPassLok,andatextwillappeargivingyouthescoreandthetimeitwilltaketoprocessitonthatmachine.ItcangofromTerribletoOverkill,withGoodbeingthetargettohitsothingsdon’tgetsluggish.InAdvancedmodeyoualsogetanumberfortheinformationentropyoftheKey,measuredinbits.IftheKeyisaneedle,thentheinformationentropytellsyouhowbigthehaystackis.Theeffectisexponential,sothatanincreaseofjustonebitofinformationentropymeansthatthehaystackgetstwiceaslarge,anincreaseoftwobitsmakesthestackfourtimesbigger,andsoforth.Inadditiontothe1000mostcommonpasswordsmentionedearlier,forwhichPassLokgivesnocreditintermsofinformationentropy,PassLokincludesadictionaryofthe10,000mostcommonEnglishwords.Theideaistogivelesscreditforseriesofcharactersthatcanactuallybefoundinadictionary,asopposedtosequencesthataren’tthere.PassLokissmartenoughtoknowifawordhasbeens1mplym0d1fi3dbychangingafewcharacters.ForthetimebeingallthewordsareEnglish-based,butfutureversionsofPassLokwillusedifferentdictionariesbasedontheinterfacelanguage.

GenerateyourmatchingLockAfteryoutypeyoursecretKeyintothekeyinputboxandclickOK(weareassumingyouremailorwhateveradditionaldatayouenteredthefirsttimeremainsrecorded),youarereadytomakeitsmatchingLock.Todothis,justclickthemyLockbutton.TheLockwillappearintheMainbox.YoucantellitisaLockbecause:

1. itbeginswithaPL**lokorPL**ezLoktag(where**istheversionnumber),2. followedbyadoubleequalsign,3. exactly43base64alphanumericcharacters(numbersandlower-andupper-case

letters,plus+or/symbols)forregularLocks,exactly50brokenupintogroupsoffiveforezLoks,whichconstitutetheactualLockdata

4. thenanotherdoubleequalsign,5. andafinaltagliketheoneatthebeginning.Despiteitsgreatsecurity,itisshort

enoughtobesharedwithinatextmessage(160characterlimit)orpostedonTweeter(140characters).

Bydefault,PassLokwilldisplayyourezLok,whichcontainsnocapitals(except“L”,becausesmallcase“l”tendstolooktoomuchlikea“1”)andismucheasiertodictateoverthephone,butyoucandisplaytheregularversioninsteadbyuncheckingezLokintheOptionstabbeforeclickingmyLock.Eitherversioncanbeusedinterchangeably.YourLockisnotasecret;yourKeyis.Thereisaone-to-onecorrespondencebetweenaLockanditsKey,butitisnearlyimpossibletoretrievetheKeyfromitsLock.Toachieve

Page 11: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

11

this,otherthanbyguessingtheKeyuntilthecorrectLockismade,wouldinvolvefindingacomputationallyinexpensivesolutionforthe“discretelogarithm”problemoveranellipticcurve.Nosuchsolutionhasbeenfoundtodate.WhoeverachievesthisisprettysuretogettheFieldsmedal(equivalenttoaNobelPrizeinmathematics),soit’snotforlackofsmartpeopletrying.Now,thismaychangewithquantumcomputers,butwe’renotthereyet.Plus,thereisaninfinitenumberofellipticcurvesthatcanbeusedtoreplacethosethatbecometoo-shorttowithstandquantumattack,andPassLokwillusethoseastheybecomestandardized.

SpreadingyourLockPeoplewillneedyourLockinordertolockmessagesthatonlyyoucanunlockusingyourKey,soit’simperativethatyourLockbepubliclyknown.Thinkofitasaphonenumberandtreatitassuch.Yougiveittothosewhoyouwishtocallyouback.Youcangivesomeoneelse’sLocktoacommonfriend,too,andnobodygetsupset.Now,aLockisabitlongandcomplicatedforpeopletoreaditoff,letalonememorizeit,butthereareotherwaystogiveittosomeoneelse.Asmentionedabove,youcantextitandyoucanTweetit.YoucansenditbyemailbyclickingtheEmailbuttononPassLok,whichwillopenapre-formattedemailwithonlytherecipient’saddressandthetitlelefttobefilled.PressingtheSMSbuttonwillopenthedefaulttextingprogramifyouarerunningPassLokonamobiledevice.YoumustselectandcopytheLockfirst,however,becausestandardJavaScriptcodedoesnothavedirectaccesstotheclipboard.Ifyoudon’thaveconnectivity,youcanalwaysreaditaloud.AnezLokcontainsonlynumbersandlowercaseletters(except“L”),soittakesonlyabout20secondstoreaditassomeonewritesdown(thedashesarethereonlytomakeiteasiertoread,andarenotneededforfunctionality).Ifyouhaveamobiledevice,youcanalwayscopyitintoanappthatwoulddisplayaQRcode,whichanotherdevicecanreadoffthescreen,buttheprocesslikelywon’tbeasfastassimplydictatingit.WhenyoufirstusePassLok,itwilloffertosendyourLocktowhomeveryouwantbyregularemail.Theonlythingyouneedtodoisleaveacheckmarkonandsupplytheemailaddresseswhentheready-mademessageappearsinyourdefaultwebmail.Thiswayyoustartoutwithasmallnetwork,withouthavingtoworryaboutanythingbeyondstoringyourfriends’Lockswhentheyaresenttoyou.OtherwaysofspreadingyourLockare:

• Addittoyouremailsignature.ThiswayanyonewhoreceivesanemailfromyouwillalsogetyourLock.UnlikePGPpublickeys,whichalsogetspreadthisway,PassLokLocksdon’taddmuchbulktoyoursignature:barelyoneextraline.

• Writeitonyourbusinesscard.Betteryet,addaQRcodeversionofittoyourbusinesscard.PeoplewillbeabletoretrieveyourLocklongafteryoumet,andthey’llhaveareasonableassurancethatitisauthentic(moreonthislater).

Page 12: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

12

• Postitonsocialmediaaspartofyourpublicprofile.Peoplewillfinditeasilyanduseitiftheyhavesomethingconfidentialtotellyou.

• Websites,directories,younameit.ThemoreplaceshaveyourLock,theeasieritwillbeforotherstofindit,andtheharderforanattackertoswitchitwithacounterfeitLock.

• UploadittoPassLok’sGeneralDirectory(moreonthislater).UnlessyouhandyourLocktosomeoneinperson,there’salwaysthechancethatanattackermightinterceptthecommunicationandreplaceyourgenuineLockwithacounterfeitone,towhichhe/shehastheKey.Thenhe/shewillbeabletoreadsecretmessagesmeantforyou,andthenmaybepassontoyousomethingelsethatsuitshis/herevilpurposes.You’llneverknowthatthispersonhasbecomethe“maninthemiddle”betweenyouandyourfriends,sohowcanpeopleknowthataLockisgenuinelyyours?ThisiswhyyoucanattachawebaddresstoyourLockwithoutaffectingitsfunction.YoucanauthenticateyourLockbymeansofavideo,likethis:

1. CopyyourLocktoapieceofpaper.Ifitisprintedboldsoacameracanpickitup,somuchbetter.

2. ThengrabasmartphoneandmakeavideoofyourselfreadingyourLockorapartofit.Itisenoughtoreadthefirst15charactersorsoofanezLok.Ifyouhavebackgroundmusic,somuchbettersonobodycanhackthevideotopiecesandmake“you”readsomethingelse.

3. Putthevideosomewhereonlineandcopyitsaddress.4. AppendthataddresstoyourLock,preferablyonthelinerightbelowit.From

nowon,keepthetwothingstogethereverytimeyoupostyourLock.WhensomeonewhoknowsyouseesyourLockwithavideoaddressattachedtoit,he/shecanalwayscopythataddressandwatchyoureadingtheLock,whichwillassurehim/herthatitislegitimate.Noneedforwebsoftrust,certificationauthorities,oranyofthethingsthatwere(andstillare)recommendedforauthenticatingPGPkeys.Aren’tyougladyouliveinthetwenty-firstcentury?IfitisimpossibletousearichchannelsuchasvoiceorvideotoauthenticateaLock,therearestillwaystodetectbytextoremailifaman-in-the-middleisintrudingintoyourconversation.ThisisexplainedintheAdvancedsection.

ChangingyourKeyLet’ssaythat,despiteyourgreatcaretokeepyourKeysecret,neverwritingitdownanywhereandkeepingitmaskedasyoutypeit,youfearithasbeencompromised.OrmaybeyouwanttouseastrongerKeyorsimplygottiredoftheoldone.Howdoesonehandlethissituation?ProgramslikePGPhaveacomplexsystemofexpirationdates,

Page 13: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

13

revocationcertificates,etc.WhatdoesPassLokhavetoletpeopleknowthatagivenKey,andthereforetheLockderivedfromit,isnolongergood?Oneword:nothing.Whatdoyoudowhenyouchangeyourphonenumber?Doesyourphonenumberhaveanexpirationdate?Doyouneedacertificatetoletpeopleknowthatithaschanged?No?SamewithaLock.Whenyouchangeyourphonenumber,younotifyfirstthosewhoaremostlikelytouseit:family,friends,co-workers,merchants,authorities.Thenyoumightpostthenewnumberinapublicplace,suchasawebsiteorasocialnetworkprofile.Butnotnecessarily.Verylikely,knowledgeofthenewnumberwillspreadlittlebylittle,asyouandyourfriendstellotherpeople.Thosewhoneverfindoutareprobablybestleftinthedark.SamewithaLock.Still,ifyouwantthewholeworldtoknowrightawaythatyourpublicLockhaschanged,youcanheadtotheGeneralDirectoryandchangetheLockyouhavepreviouslyposted.ThisisaseasyasclickingGeneralDirectoryonthedirectoryEditdialog.Thenyouonlyhavetosupplyyouremailaddress,whichisrequiredforconfirmation,andclickPost.Afteryouclickonthelinkemailedtoyou,thechangeintheGeneralDirectoryiscomplete,sothatuserslookingforyourLockwillgettheLockmatchingyournewKey.YoucancheckthatthishashappenedbyclickingFindintheGeneralDirectoryscreenwhilebothyouraddressandyourLockaredisplayedintheirrespectiveboxes.AgreenmessagewillconfirmthatyourLockandthepostedLockmatch.ItisagoodpracticetocheckfromtimetotimeevenifyouhavenotchangedyourKey,sinceemailconfirmationisfarfromperfectandthereisalwaysachancethatsomeonemighthavepostedacounterfeitLockforyouremailaddress.ChangingyourKeyisaseasyasclickingtheChangeKeybuttonintheOptionstab(Advancedinterface).AdialogaskingyoutotypethenewKeytwiceappearsand,ifbothcopiesagree,PassLokre-encryptsallitsstoreddataunderthenewKey.Now,itmaybethatsomeonesendsyouamessagelockedwithanoldLockofyours.YouwillknowwhenyouareunabletoopenthemessagewiththecurrentKey.But,unlikephysicallocksthatcannolongerbeopenedwhenthekeyisthrownaway,youcanalwaysunlockthosemessagesusingtheoldKey,providedyoustillrememberit.PassLokwon’tletyoustartwithaKeydifferentfromthepreviousoneyouusedbecausethenyou’dstartstoringstuffencryptedwithaKeythatyoumightnotrememberagain.ButifyouclickCancelattheKeyinputscreen,itwillletyouusewhateverKeyyouwantuntilyourestartagain.Whenyoutrytounlockthemessage,youwillbeaskedagainfortheKey,andatthispointPassLokwillacceptanythingyougiveit.

Page 14: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

14

MakingadirectoryofLocksandsharedKeysAsyoucollectmoreandmoreLocksforpeoplewhomyouwishtosendprivatemessages,itcangetunwieldy.WhatisagoodwaytokeepallthoseLocksstraight?Attheriskofrepeatingmyselfoncetoomany,letmesayitagain:aLockisalotlikeaphonenumber.WhateverworksforaphonenumberwillprobablyworkforaLock,too.YoucanstoreLocksinthesameonlinedatabasethatyouareusingrightnowforphonenumbers,emailaddresses,etc.Forinstance,theGmailContactsdatabasehastheabilitytoaddcustomfields.Whynotadda“PassLok”fieldforeachpersonwhoseLockyouhave,andputtheLockthere?Locksarenotsecretinformation,soitdoesn’tmatterverymuchthatsomeonemightbeabletoreaditatsomepoint.WhatmattersisthattheLocksbefreefromtamperingbythirdparties,whichmostwebmailprovidersswearisimpossible.Ifthisweren’teasyenough,PassLokcankeepitsowndirectorywithintheprogramitself,anditdoesn’tgetdeletedwhentheappisclosedorevenifthebrowser’scacheisflushed.Whenyouwanttostoresomebody’sLockorasymmetrickeyyousharewiththatperson,youonlyneedtoclicktheEditbuttonontheMaintab,typeauniquenameinthetopboxofthedialogthatappears,thenpastetheLockintothelowerbox,andclicktheSavebutton.TheLockorsharedKeywillbepermanentlysaved,encryptedbyyoursecretKeyforgoodmeasure.Fromthenon,usingthatLockorsharedKeyisaseasyasclickingonitsnamedisplayedontheMaintab.AnotherwaytousethatLockorsharedKeyistoclicktheEditbuttonandthenstarttypingthenameonthetopboxofthenewdialog.Assoonasthefullnameappearsonthelineaboveit,youcanstoptypingandPassLokwillusetheitem.IfyoutypeEnteratthispoint,theitemwillbedecryptedinthelowerboxsoyoucanseeit.Yourdirectorydoesnotneedtostaywiththeparticulardevicewhereyouenteredit.PassLokhasaniftyMovebutton(visibleintheAdvancedinterface)whichtakestheentiredirectory,encryptsit,andputsitontheMaintab,readytobecopied,emailed,orwhatnot.PassLokwillthenoffertodeletethedirectoryfromthedevice,shouldyouwanttocoveryourtracks,butyoucancancelatthispointandthepackageddirectorywillremainintheMaintab.Eventhemostuser-friendlyPGP-basedprograms,suchasMailvelope,takemorestepsinordertodothis,becausePGPpublickeysaresolarge.What’sworse,youdon’tseewhat’sbeingdone,soyouhavetotrustthatwhatevertheyuseforstorageissafeandfreefromintrusion.(ChromeappandPassLokforEmailonly)IfyouareusingtheChromeWebStoreversionofPassLok,thereisanotherniftyfeaturethatyoushouldknowabout,andthisisthatyourdirectoryentriesareautomaticallysyncedthroughGoogleasyousavethem.Thismeansthatyoucangotoacomputer

Page 15: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

15

thatyouhaveneverusedbefore(say,atthelocallibrary),openChrome,loginwithyourGoogleaccount,andfindthePassLokappreadyforyou,directoryandall,solongasyouenterthesameusernameandKey.TheentriesremainencryptedastheyarestoredinGoogle’sservers,soyoushouldnotbetooconcernedabouttheirhavingyourdata.

TheGeneralDirectoryPassLokalsohasanofficialweb-baseddirectorywherepeoplecanposttheirLocksforotherstosee.OnlyLocks,though;sharedKeysareconfidentialbynature,soitdoesn’tmakesensetopostthem.Thisfunctionisaccessedfromthedirectoryeditdialog,bymeansofabigbuttonatthetop,labeledGeneralDirectory.Let’ssayyouwanttolockamessageforyourfriendAlicetoread,butyoudon’thaveAlice’sLock.YouheadtotheGeneralDirectoryandtypeAlice’semailaddressonthetopbox([email protected]),andthenyoutypeEnterorclicktheFindbuttononthatscreen.IfAlicehasuploadedherLocktothedirectory,itwillappearinthelowerbox.Whenyougoback,youwillfindthattheLockhasbeencopiedintothelowerboxofthedirectoryeditdialog,sotheonlythingleftistogiveitanameandsaveit.Now,youmaywonderwhetherthisisreallyAlice’sLock,ormaybesomeoneelseputthatLockinthegeneraldirectory,inwhichcaseImaybelockingmessagesforthatsomeoneelsetoread.Notgood.TheGeneralDirectoryhastwofeaturesthathelppreventthisscenario:

1. PostingaLockontheGeneralDirectoryinvolvesreplyingtoanemailcontainingaspeciallink,withoutwhichthepostingisnotcomplete.SomeonewhowantstopostafakeLockforAlicewouldalsohavetointercepttheemailthatgoestoalice@wonderland.org,inordertoclickonthatlink.

2. TheGeneralDirectoryhasspaceforaddinganauthenticatingvideotoeachLock,instructionsonhowtomakethisvideo,andabuttontoviewit.IfAlicehasaddedthatvideo,youcanjustclickthePlaybuttonandwatchAlicereadingaportionofherLock.

Thevideoisactuallyuploadedtooneofmanyvideo-hostingwebsites,suchasYouTubeorVimeo,sowhatisattachedtotheLockisashortwebaddress,whichbecomesapartoftheLockanddoesn’taffectitsfunction.Let’ssaynowyouwanttoaddyourLocktotheGeneralDirectorysothatotherscanfindit.YouopentheGeneralDirectorypage,writeyouremailaddressinthetopbox,andtheLockinthebottombox;thenyouclickthePostbutton.Amessagetellsyouthatanemailhasbeensentcontainingalinkthatyoumustclickinordertocompletetheprocess.Soyouopenyouremailclient,whichshouldbegettingthatlinkanytimenow.Sometimesemailclientsareoverzealousfilteringspam,soyoumaywanttocheckthespamfolderiftheemailtakestoolongtoshowup.Whenyougetthelink,youclickonitandanotherpagetellsyouthattheprocessiscomplete.

Page 16: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

16

Thevideocanbeaddedatthesametime,byplacingitsURLonthelinebelowtheLock,orlateron.YoucanupdateyourLockasmanytimesasyouwant,andineachcasetheupdatewon’thappenuntilyouclickonaconfirmationlinksentbyemail.ThereisalsoaRemovebuttonthatyoucanclickafterfillinginyouremailaddressifyouwishtoremoveyouremailanditsassociatedLockfromthedirectory(emailconfirmationrequired).Finally,ifsomebody’sLockisnotyetintheGeneralDirectoryyoucanremindthatpersonthatpeoplewouldliketohaveitlistedthere.ThereisanInvitebuttonthatproducesaready-madeemailwithinstructionsonhowtopostaLock.Unliketheotheremails,thisonecomesfromyourownaccount,sotheinvitedpersoncanfeelreassured.TheGeneralDirectorylooksalotliketherestofPassLok,exceptforadifferentcolorscheme.Thisistoremindyouthatyouarelookingatadifferentpage,whichconnectstoaserver.Ifsomebodyismonitoringthatserver,thismayleadtoyourlocationbeingfound,andPassLokwillwarnyouaboutthis.IntegrationwiththerestofPassLokislimitedtocopyingtheLockfoundintheGeneralDirectory.Thisisbecausewewanttokeeptheencryptioncodeentirelyseparatefromanyserver.

Page 17: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

17

EncryptionandDecryptionHavingcoveredtheessentialsofKeyandLockmanagement,wegonowtotheprocessofactuallyencryptinganddecryptingmessages(sometimeswe’llrefertothisaslockingandunlocking).Despiteitssmallsize,PassLokisonecomplexpieceofsoftware,comprisingfivedifferentencryptionmodes,withonevariantandasecondarymodethatcanbecombinedwiththemainmodes.We’llstartwiththeonlyoneavailablewiththeBasicinterface,andthenintroducetheothers.

Anonymousencryptedmessages:msaWhenamessageisencryptedwiththerecipient’sLock,sothatonlyhe/sheisabletodecryptitwithhis/hersecretKeywithouthavingtoidentifythesender,theresultisananonymousencryptedmessage.Itlookslikeapieceofgibberish,bracketedbyPL**msatags,where**istheversionnumber.Thisiswhatyoudotoencryptamessageinthismode:

1.Ifyouhaveenteredtherecipients’Locksintoyourdirectory,justselectthemonthetopboxintheMaintab.SeveralLockscanbeselectedatonce.Otherwise,clicktheEditbuttonandentertheLocks,oneperline,inthelowerboxofthedialogthatappears,thengoback.Itisokayifthetagsuptothe"="signsaremissing,orextraspaces,carriagereturns,orspecialcharactersotherthan=+or/havebeenadded.

2.WriteorpasteyourmessageintotheMaintab.ClicktheEncryptbutton.Theencryptedmessagewillreplacetheoriginalmessage.Itwillnormallyincludeidentifyingtagsatbothends,unlessthenoTagscheckboxhasbeencheckedintheOptionstabpriortolocking.CopyitandpasteitintoyourcommunicationsprogramorclickEmailtoopenyourdefaultemail.

IfyouhavereceivedanencryptedmessagewithPL**msatags,hereiswhatyoudotounlockit:

1.PastethelockedmessageintotheMaintab.Itisokayifitisbrokenupbyspaces,carriagereturns,andspecialcharactersotherthan=+or/orismissingitstags.Typicallyitwilldecryptautomatically,butifitdoesn’t,thenclicktheDecryptbutton.ThedecryptedmessagewillappearontheMaintab,replacingtheencrytpedmessage.Ifyouhaven’tenteredyourKeyorithasbeensolongsinceyouuseditthatPassLokhasforgottenit,youwillbepromptedtoentertheKey,andthenthedecryptionprocesswillcontinue.

Ifthedecryptionfails,thisislikelybecausetheencryptedmessagehasbeencorrupted(makesurethetagsareintact)orbecausetheLockusedtoencryptitdoesnotmatchyoursecretKey.Rememberonemorething,though:youwon’tnecessarilyknowforsurewhohassentthemessage.Proceedaccordingly.Inanycase,thisislikelytobethe

Page 18: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

18

mostcommonmodeusedbecauseitdoesnotrequirethosesendingamessagetohaveanysecretincommonwiththosereceivingit.

Key-lockedmessagesInPassLok,asharedKeyisacodethatboththesenderandtherecipientknow.Thismeansthatitmusthavebeensharedbeforehandfortheexchangetowork.IfyouencryptsomethingwithyoursecretKey,forinstance,therecipientwon’tbeabletodecryptthemessagebecausehe/shedoesnothaveyourKey(rememberthatyoushouldNEVERgiveyoursecretKeytoanyone,orevenwriteitdown).Sodon’tuseyoursecretKey,butadifferentKeythatyoucanaffordtosharewithsomeoneelse.AllthatwassaidaboveaboutmakinggoodsecretKeysappliestomakingsharedKeys.Inthismode,theencryptedgibberishendsupbracketedwithtagsreadingPL**ms*,where**istheversionnumberandthefinalcharactertellsyouthetypeofencryptionselectedontheMaintab,whichdoesn’treallymatter.Thetagswon’ttellyouthatasharedKeywasusedforlockingthemessage,buthopefullyyoucanfigurethisoutknowingthesender,becauseyoushareasecretwiththatperson.Here’swhatyoudotoencryptamessagewithasharedKey:

1.IfyouhaveenteredtheKeysyousharewiththerecipientsintoyourdirectory,justselectthemonthetopboxintheMaintab.SeveralsharedKeys(mixedwithLocks,too)canbeselectedatonce.Otherwise,clicktheEditbuttonandenterthesharedKeys,oneperline,inthelowerboxofthedialogthatappears,thengoback;thereisnoneedtosaveanything.

2.WriteorpastethemessageintotheMaintab.ClicktheEncryptbutton.IfyouenteredthesharedKeysdirectly,apromptwillaskyoutoconfirmthatthesearelegitimatesharedKeysbeforetheencryptionactuallytakesplace.Thentheencryptedmessagewillreplacetheoriginaltext.CopyitandpasteitintoyourcommunicationsprogramorclickEmailtoopenyourdefaultemail.

Ifyouhavereceivedamessagethatyoususpectisencryptedinthismode(remember,thetagswon’ttellyou),here’swhatyoudotodecryptit:

1.IfyouhaveenteredtheKeyyousharewiththesenderintoyourdirectory,justselectitonthetopboxintheMaintab.Otherwise,clicktheEditbuttonandpastethesharedKeyinthebottomboxofthenewdialog,thengoback.

2.PastetheencryptedmessageintotheMaintab.Itisokayifitisbrokenupbyspaces,carriagereturns,andspecialcharactersotherthan=+or/orismissingitstags.Itshoulddecryptautomatically,butifdoesn’t,thenclicktheDecryptbutton.Thedecryptedmessagewillreplacetheencryptedmessage.

Page 19: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

19

Unlikeinanonymousmode,youwouldknowwhosentyouaKey-lockedmessage,becauseonlypeopleknowingthesharedKeyareabletolockthemessagetobeginwith.Ifthedecryptionprocessfails,thisisusuallybecausetheencryptedmessagehasbeencorrupted(makesurethetagsareintact),orbecausethesharedKeyusedforencryptionisnotthesameyoutriedfordecryption.

Signedmessages:mssRecipientscannotbesureofwhohasencryptedanAnonymousmodemessage.Key-lockedmessagesdoprovideauthenticationaboutthesender,forasharedKeyisneededinordertodothedecryption,butthismeansthatthesharedKeyhasbeenagreedtobeforehandorasecurechannelexiststotransmitit(inwhichcase,whynotsendthemessagethatway,too?).Awaytoauthenticatethesource,similartohowPGPandotherprogramsdoit,istofirstsealtheplainmessagewithyoursecretKey(sealingisexplainedbelow),andthenencrypttheresultwiththerecipient’sLock.Whentherecipientgetstheencryptedmessage,he/shewilldecryptitfirstusinghis/hersecretKey,andthenseethesealedmessage,whichthenhe/shecanunsealusingyourLock.Ifitunsealsandthesealisverified,thatmeansthemessagecomesfromyou,sinceyouonlyhavetheKeythatwasusedtomaketheseal.PassLokhasawaytodothisinonestep,andthatisusingtheSignedencryptingmode.Inthismode,themessageisencryptedwithaspecialsharedKeythatderivesfromboththesender’sandtherecipient’ssecretKeys,andwhichdoesnotneedtobeexchangedbeforehand.EncryptionisdoneexactlyasintheAnonymousmode,exceptthatyoumustsettheencryptionmodeatthebottomoftheMaintabas“Signed”beforeclickingEncrypt.Decryptionisslightlymorecumbersome,sinceyoumustselecttherecipient’sLockonthedirectory(orenteritviatheEditbutton)beforeclickingDecrypt.Thereisnoneedtosetthemodewhendecrypting.PassLokwillalertyouthatyouneedtosupplythesender’sLockifyouforgettodoso.Noinformationaboutthesenderisstoredwithinthemessage,buthopefullytherecipientknowsthesourceandisabletoobtaintheappropriateLock(there’salwaystheGeneralDirectory).Themessageisdecryptedonlyifthecorrectsender’sLockisused,thusauthenticatingthesenderwithouttheneedforasealorsignature.

Read-oncemessages(mso)

Thereisonemoreencryptionmode,andthisisRead-once.Inthismode,nobodycanreadagivenencryptedmessage(includingthesenderortherecipient)afterthenextmessagehasbeendelivered.Themessageself-destructs,sotospeak.Thisisadesirablefeaturewhenoneforeseesthateitherthesender’sortherecipient’ssecretKeymightbecompromisedatsometimeinthefuture.Ifthishappens,anenemywillbeableto

Page 20: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

20

readthemessagesthatwereencryptedintheothermodes,whichhehadbeenstoring,butthemessagesencryptedinRead-oncemodewillremainunreadable.

HowdoesPassLokachievethis?BychangingthesecretKeyusedtoencryptthemessageeverytimeanewmessageisencrypted.TheLockmatchingthattemporaryKeyissentalongwiththemessage,itselfencrypted,sotherecipientcandecryptit.He/shewillbeabletodosoifhe/shestillhasthetemporaryKeyusedtoencryptthelastmessagefromhis/herside.

Toinitiateorcontinueaconversationlikethis,whichtypicallyinvolvesanumberofmessagessentbackandforth,youdothefollowing:

1.SelecttherecipientsontheMaintab.Ifthereisonlyone,youcanalsogotothedirectoryEditdialogandstarttypinghis/hernameinthetopboxuntilthefullnameappearsalongwiththecorrespondingLockorsharedKey.Read-oncemodeinvolvesstoringencrypteddataforeachrecipient,sotheyeachmusthaveanentryonthelocaldirectory.Ifyouwanttomakesurethattheconversationstartsfromscratch,perhapsbecausetheconversationhassomehowgoneoutofsync,youcandothisbyclickingtheResetbuttonwhentherecipient’snameisdisplayed.

2.NowyougototheOptionstabandselecttheRead-onceradiobutton.

3.BackintheMaintab,youenterthemessage,andclickEncrypt.Ifallgoeswell,theplainmessageisreplacedbyalockedmessagebracketedbyPL**msotags.

TounlockaRead-oncemessageyouhavereceived,youdothefollowing:

1.Selectthesender’snameontheMaintab,orclickEditandstarttypingthenameinthetopboxuntilthefullnameappears.Ifthetemporarydataneedtobereset,youmaydoitatthispointbyclickingtheResetbuttoninthedirectoryEditdialog.

2.PassLokknowsitisaRead-oncemessageevenifyoudon’tselecttheradiobuttons,sotheonlythingyouneedtodonowisputthemessageontheMaintabandclickDecryptifthedecryptiondoesnotstartautomatically.Ifsuccessful,thedecryptedmessagewillreplacetheencryptedmessage.

ThemomentyoulockanewmessageinRead-oncemode,anewtemporaryKeyismadeandthepreviousoneisoverwritten,sothepreviousmessagesintheconversationcannotbedecryptedanymore.Thismayalsohappenimmediatelyafteryoudecryptamessage,sobesuretocopywhatyouneedassoonasyoudecryptamessage,oryoumayneverbeabletodoitagain.Whenamessageisencryptedforseveralrecipients,thedatapertainingtoeachrecipientishandledseparately,soyoucancontinueconversationswitheachseparate

Page 21: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

21

recipientafterajointmessagehasbeenmade.Read-onceconversationsworkbestifeachmessagesentisfollowedbyareplyfromtheotherside,althoughitisalsopossibletomaintainanunevenexchange,whereonecorrespondentsendsseveralmessageswithoutwaitingforareply.MessageslockedinAnonymous,Key-locked,orSignedmodedonotaffectRead-onceconversations.

EncryptingfilesEncryptingtextisnice,butwhatifwhatIneedtoexchangewithsomeoneisnottext,butapictureorarecording?CanPassLokhelpwiththat?Sureitcan.Herearetwocompletelydifferentmethodstodothat.Theeasyone,whichworksevenonasmartphone.Dealwiththeitemasifitwerealargeattachmentthatyouremailprogramcannothandle.Thisistypicallywhatyou’ddo:

1. Takethepicture,recording,orwhatever,anduploadittoacloudservice.Forbestresults,archiveitlocallybeforetheupload,usinganencryptionpassword.Ifthecloudserviceisanonymous,sopeopledon’tknowwhouploadedit,somuchbetter.

2. ThecloudservicewillgiveyouashortURLtodownloadthefileyoujustuploaded.PutthatURLinPassLokandlockitinwhichevermodeyouprefer,alongwiththearchivepasswordifthereisone.Thensendthelockedresulttotherecipient.

3. Therecipientwillunlockthemessage,retrievethefilefromitscloudstoragelocation,andoptionallydecryptitusingthepassword.

Theharderone,whichinvolvesloadingthefileitselfintoPassLok:

1. DisplaytheformattingtoolbarifitisnotalreadyvisiblebyclickingtheRichbuttonthebottomoftheMaintab.Therightmosticononthattoolbaropensadialogthatwillaskyouforthefiletobeloaded.ThenthefileloadsintotheMaintabasalink.

2. Nowyoucanencryptorsealthefileasifitwereanypieceoftext.Afterlocking,itwilllookjustasrandomasanylockedtextandtherewillbenoindicationthatthisisactuallyafile.

3. Therecipientwillunlockthelockedfileinthenormalway,andwilldisplaythefileasalink.Right-clickonitinordertosaveitlocallyordisplayitonanewtab.

Page 22: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

22

Real-timeChatinPassLokSomemodernwebbrowsers,includingChrome,Firefox,andOpera(but,sadly,notyetSafariorInternetExplorer,oranythingrunningoniOS)supportaprotocolnamed“webRTC”.RTCisshortfor“RealTimeChat”.Thisoffersthepossibilitytoestablishreal-timesecureexchangesthatcanincludetext,files,audio,orevenvideo.Inordertostartachatsession,youusePassLoktomakeaninvitationinvolvingallthepeoplewhoaresupposedtobeabletoconnecttothechat.Todothis,simplyselectallthenamesinthedirectoryontheMaintab(youcanomityourself,sinceyou’llbeaddedautomaticallynomaterwhat),andthenclicktheChatbuttonatthebottomofthescreen.Thenadialogappears,offeringaselectionforthetypeofchat(textandfiles,thatplusaudio,allthatplusvideo)andaspacetoaddanoptionalshortmessage(43charactersmax)whichmightincludethetimeforthechatandotherinfo,andtheopportunitytonamethechatroomasyoulike(otherwisesomenondescriptwords,chosenrandomly,willbeusedtonameit).WhenyouclickOK,arandom-lookingitembracketedbyPL**chattagsappearsontheMaintab.Thiscanbeemailedorsentbyanyotherinsecurechannel,sinceonlythosepeopleyouselectedonthedirectorywillbeabletodecryptit.RecipientswillthenunlocktheinvitationbyplacingitontheMaintabandclickingDecryptorChatifitdoesn’tdecryptautomatically.Thesenderwilldothesame.Ifthereisamessage,apopupwilldisplayitandaskifyouwanttocontinue(maybeit’snotyetthetimeforthechat,sotherecipientmightwanttocancelandtryagainlater).Thenanewscreenwillopencontainingsomeshortinstructionsandincludingasmallboxandabutton.Thesmallboxistowritethenameyouwanttouseduringthechatsotheotherparticipantscanknowwhenyou’retypingsomethingintothecommonlog.Thebuttonwillbelabeled“Start”ifyouarethefirstparticipantarrivingatthechatroom,or“Join”ifsomeoneelsegotthereaheadofyou.Ifyouarethefirst,clickingStartwillinitializethesession.Amessagewillappeartellingyouthatyou’rewaitingforotherstojoin.ClickingJoinconnectsyoutoeachofthosealreadyinthesessionone-to-one.Theirchatnamesappearlistednearthetopofthescreen,andmessagesonthelogalertallparticipantswheneversomeonejoinsorleaves.Ifthechatinvolvesaudioorvideo,youwillbeaskedforpermissiontoaccessthosefeatures.Fromthenon,youareconnecteddirectlytoeachoneoftheparticipants,usingaseparateencryptedchannelforyourinteractionswitheachofthem.Ifyouleavethetabcontainingthechat,achimewilltellyouwhenanewmessagehasbeenposted.IfyouneedtousePassLokinthemiddleofthechatsession,thereisabuttonthatwilltakeyoubackwithoutdisturbingthechat.Togobacktothechat,clicktheChatbuttonontheMaintab.Ifsomethinggetsscrewedupduringthechat,thereisabuttonto

Page 23: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

23

resetitatthetopofthescreen,atwhichpointyouwillbeaskedagainforaname.Toreallydisconnectfromthechat,restartPassLok.Youmaybewonderingaboutthesecurityofthiswholething.AlotofitdependsonthesecurityofthewebRTCprotocolitself,whichworksmoreorlessthiswaywhenAlicewantstochatwithBob:

1. Alicecontactsanexternal“signaling”serversoshecanknowwhatherexternalIPnumberis.ThisIPnumberislikelyquitedifferentfromtheonegiventohercomputerbyherlocalnetwork,whichshecancheckwithoutcallinganyone.Unfortunately,connectionsfromoutsidethenetworkneedherIPnumberasseenfromtheoutside.

2. Aftergettingthisaddress,shesendsittoBobbyemailorsimilarprotocol,orperhapsusinga(probablydifferent)serverthatbothhaveagreeduponpreviously.

3. BobgetsAlice’srequesttoconnectandsohedoesthesameshedid,andsendsherhisexternalIPnumber.

4. Nowthatbothhaveeachother’scurrentaddress,theirrespectivebrowserscannegotiateadirectconnectionbetweenthem.Theprocess,whichinvolvesmultipleback-and-forthsteps,issimilartoSSL/TLS,whichbrowsersusetoconnectsecurelywithserverstoget“https”pages(thosewiththelittlepadlockshownnexttotheaddress).

5. Whenthenegotiationiscomplete,Alice’sandBob’sbrowsershaveadirectconnectionbetweenthem.WhateverAlicetypes/says/showsistransmittedencryptedbyarandomkey.Bobdecryptsitonhisend,andwhathesendsbackisencryptedbythesamekey.

6. Whentheydisconnect,thekeydisappearsfromtheirmachinessoevenifsomeonewasrecordingallthetrafficbetweenthem,he/she/itcannolongerdecryptit.

AnicefeatureofthewebRTCprotocolisthattheconnectionisdirectaftertheinitialexchangeofaddresses.Thirdpartiesareonlyinvolvedinsettinguptheconnectionandthendropout.Now,PassLokissupposedtocontactnoservers,sohowcanitbedoingallthis?Actuallyit’snot.Whenachatsessionbegins,PassLokloadsaseparatewebpage,fromadifferentserver,tohandlethechat.Thisway,anyroguecodethatmightfinditswayintothechatsession(notlikely,butpossibleeverytimeyouconnecttoanothercomputer)ispreventedfromseeinganyofthetrulyprivatedatathatPassLokworkswith.ThelockedinvitationmadebythemainPassLokcodecontainsfourpiecesofinformation:

1. Anoptionalshortmessage,whichmaybeused,forinstance,toannouncethetimethatthechatsessionbegins.

2. Acodeindicatingthetypeofchat:text,audio,orvideo.

Page 24: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

24

3. The“chatroomname,”whichtellsparticipantswheretogoinordertoconnect.Itcanbewhatyouchoseor,ifyoudidn’tchooseaname,oneortwonondescriptwords,chosenrandomly.Theideaistobeasinconspicuousaspossible.

4. Arandompassword,whichthecomputerinitiatingthechatwillaskofthosethatfollow.Iftheydon’tsupplythecorrectpassword,theycannotconnecttothechat.

Whenarecipientunlockstheinvitation,PassLokfirstdisplaysthemessageand,iftheuserdecidestogoahead,thenloadsthewebRTC-basedchatcodefromadifferentserverandpassestoittherestofthedatacontainedintheinvitation.Inthecurrentversion,thechatcodethenconnectstoFirebase(ahigh-volumegame-orientedsignalingserverownedbyGoogle)andgivesitthechatroomname.Forthefirstparticipant,Firebasecreatesadatabaseunderthatname,whereitstorestheexternalIPnumberforeachcomputertryingtoaccessit.Itgivesthoseaddressestocomputersjoininglater.SoFirebase’sroleislimitedtoasortofcubbyholewhereparticipantsdropintheirIPaddressessootherscanfindthem(and,ofcourse,findingthoseaddressestobeginwith,whichishardforparticipantstoknowbeforetheyconnect).Thecoderunningonthefirstparticipant’scomputerhasadditionalroles.Animportantoneisallowingorrejectingincomingparticipants.Areasonforrejectionisnotsupplyingthecorrectrandompasswordwhenconnectionisrequested.ThispasswordwasneversenttoFirebase,sotheonlywaytoknowitistounlocktheinvitation.Thus,snoopingonFirebasewon’tbeenoughtobeabletoconnecttothechat,evenasadumblistener.OncethewebRTCconnectionisestablished,thebrowser’sbuilt-inencryptioncodetakesoveruntilthesessionends.Anyoneinterceptingthedata(whichdoesn’ttravelthroughanycentralserver)needsthesessionkeyforeachpairofparticipantsinordertodecryptthedatatransmittedbetweenthem,butthiskeydisappearsthemomentoneofthemrestartsorclosesthechat.Apossiblevulnerability,whichthewebRTCcodecannotpossiblydefendagainst,isforsomeonetogetthecontentsoftheinvitationfromaparticipant(whichincludestherandompassword),andthenconnecttothechatimpersonatingsomeone.Thisisespeciallysofortext-onlychats,wheretheparticipantsdonotseeorheareachother.Topreventthispossibility,youmaywanttoestablishthefollowingprotocolforyourchatsession:1) Anewparticipanthasjustjoinedthechat.Someoneseesthat,andtypesinabunch

ofgibberishtext,likeforinstance“lkuyto[7987.”2) Thenewcomerseesthis,andunderstandshe/sheisbeingaskedforauthentication.

He/shecopiesthetext,goesbacktoPassLok,andpastesitontheMaintab.Thenhe/shesealsitbyclickingtheSealbutton,copiestheresult,goesbacktothechat,pastesitintothechatinputbox,andsendsit.

3) Eachoftheotherparticipantscopiestheresult,goesbacktoPassLok,pastesitontheMaintab,selectsthepresumedparticipant’sLockonthedirectory,andclicksUnseal,ifitdidnotunsealautomatically.Ifthenewparticipantiswhohe/she

Page 25: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

25

claimstobe(meaninghe/sheisinpossessionoftheKeymatchingtheLock),thesealwillbeverifiedandtheoriginalgibberishtextwillappearinthebox.

Thiswon’twork,obviously,ifthenewcomer’ssecretKeyhasbeencompromised.Anotherwayitwon’tworkisifthestufftobesealedispredictableaheadoftime,soaninterloperhasbeenabletoobtainavalidlysealedversionofit.

Page 26: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

26

AwalkthroughoftheinterfaceWenowdescribealltheobjectsonthePassLokscreensandwhattheydo.ThepicturesbelowarefromaniPhone,sothescreenswilllooksomewhatdifferentinotherplatforms.

Tabs

Main Options Help

MainDialogsKey DirectoryEdit

Page 27: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

27

Eachofthesetabsanddialogscontaintext-basedbuttonsandcheckboxesthatcanbeclicked,textboxesthatcanbefilled,andtext.Let’sseeadescriptionofthem:

ButtonsandCheckboxes:

DeselectThisbuttonclearstheselectionmadeinthedirectorybox.

EditThisoneopensthedirectoryEditdialog,whereLocksandsharedKeyscanbeaddedforimmediateuseofforpermanentstorage.

Encrypt/Decrypt/InviteThisbuttonhascontext-sensitivefunctionality,whichisreflectedonitslabel.IfPassLokdoesnotfindanencryptedmessageontheMaintab,itwillencryptthecontentsusingwhateverhasbeenselectedinthedirectory,orenteredviatheEditbutton.Ifanencryptedmessageisfound,itwillattempttounlockit.Thenthesuccessfullyunlockedmessageendsupreplacingthelockedmessageoriginallyinthemainbox.Ifyouhavenotselectedarecipientandthereisnokeyentereddirectly,thenthebuttonhastheInvitelabel,andclickingitproducesamessagecontainingyourLockplusthemainboxcontentsencryptedwiththatLock,asabonus(andtherefore,opentoanyonetodecrypt,sobeware).

Seal/Unseal(advanced)Thisbuttonalsohascontext-sensitiveactionsandlabels.FirstPassLoktriestofindasealeditemontheMaintab.Ifitdoesnotfindit,itconcludesthatyouwanttosealthecontentsofthebox.IfPassLokfindsthatasealeditemisalreadythere,itwillattempttounsealitusingtheLockselectedinthedirectoryorenteredviatheEditbutton.Amessagewillsaywhetherornotverificationofthesealhassucceeded.

myLock/EmailWhenyouclickthis,theLockmatchingyourKeyisdisplayed.IfyouhavenotenteredyourKeyyet,adialogwillaskyouforitandtheemail/token,andthentheLockwillbedisplayed.IfthereissomethinginthemainboxthatisalreadyaPassLokoutput,clickingthebuttonwillcallthedefaultemailsetonthebrowser.

▼(extrabuttons)Thisbuttondisplaysanewsetofbuttonsabovethemainbox,dealingwithstealthandsecretsplitting,ontheAdvancedinterface.

▲ (mainbuttons)Byclickingthis,thebuttonsdealingwithlocking,unlockingandsigning,returntothemainscreen,ontheAdvancedinterface.

Page 28: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

28

Texthide(advanced)Whenthisbuttonispressed,anyPassLokitemintheboxisconvertedintofaketext,usefultoavoiddetectionbyemailscanners.ThetypeofencodinguseddependsonradiobuttonsontheOptionstab.Toretrievetheoriginalitemfromfaketext,placeitintheboxandclickthisbuttonagain,iftheprocessdoesnottriggerautomatically.Theencodingtypeisdeterminedautomaticallyupondecoding.

Imagehide(advanced)ThisbuttonopensanewscreenwhereimagesaredisplayedsothatPassLokitemscanbehiddenwithinthem,orretrievedifpresent.

Split/Join(advanced)Whenthisbuttonispressed,apopupasksforthetotalnumberofpartstobemade,andtheminimumneededtoretrievethecontentsofthebox.PassLokperformsaShamirSecretSharingalgorithmtogeneratethoseparts,whicharethendisplayed.Thesepartscannowbestoredindifferentplacesorsenttodifferentpeople.IfasufficientnumberofpartsarepresentontheMaintabwhenthisbuttonispressed,thesamealgorithmcombinesthemtorecreatetheoriginaltext.

Rich…Plain(non-mobileonly)Thisbuttondisplaysorhidesaribbonabovethemainbox,whichcontainsbuttonsandselectionlistsforformattingtext,plusthebuttonsforenteringimagesandfilestobeencrypted.

ClearClearsthebox.

CopySelectsandcopiestheboxcontentstotheclipboard.

SMS(mobileonly)Onmobiledevices,itopensthedefaulttexting(SMS)app.SincenothingiscopiedautomaticallyfromthePassLokpage,makesuretocopyintotheclipboardwhateveryouwanttosendbeforepressingthisbutton.

ChatIftheMaintabdoesnotcontainachatinvitation,clickingthisbuttoninstructsPassLoktomakeoneforthepeopleselectedinyourdirectory(orenteredviatheEditbutton),includingashortoptionalmessage.Ifthereisachatinvitation,thisbuttonunlocksitandopensupthechatscreen,fromwhereyoucanstartthechatsessionifyouarethefirsttoarrive,orjustjoinitifalreadyincourse.Onceachatsessionhasstarted,clickingthisbuttonreturnsyoutothesessionnomatterwhatisontheMaintab.

Page 29: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

29

Beaware,however,thatnotallversionsofPassLoksupportallofthis.OniOS,forinstance,onlymakingthechatinvitationissupported.

InterfaceThisandthenextfewitemsareontheOptionstab.Theinterfaceselectorhasthreechoices:Basic,whichshowsonlythemostessentialbuttonsandsettings,Advanced,whichdisplayseverything,andEmail,whichmakesallofPassLokPrivacy’sactionscompatiblewiththePassLokforEmailextension.

ColorschemeThereareafewpresets,butuserscanalsoentertheirfavoritecolorsforeverything,incustommode,oreventryrandomcolors(notassuredtolookpretty).

OthermodesThereareanumberofadditionalmodes,dealingwithlockingaswellasotheraspects,whichareselectedindividuallyinthisarea.

Texthiding(advanced)TheseradiobuttonsselectthetypeoftexthidingusedwhentheTexthidebuttonispressed.Therearefivetypes:Letters(default)hidestheitemasvaryingencodingofsomeofthelettersandmostofthespaces;Sentencesproducescompletesentencesofvaryinglength;Wordsreplacescharacterswithpairsofwords,sotheresultusuallydoesnotmakegrammaticalsense;Spacesencodestheoriginalintothespacesintheresultingtext.Invisibleencodesitinvisibly(toahuman)betweentwolinesofeditabletext.Themodeisautomaticallyselectedduringdecoding.TherecipientdoesnotneedtohavethesamecovertextinordertoextracttheoriginalPassLokitem.

Change(advanced)Thisareacontainsbuttonsusedwhenyouwanttochangeyourusername,yourKey,ortheemail/token.

Backup/Remove(advanced)Thebuttonsinthisareamakeabackup(andoptionaldelete)ofeitheryourpersonalsettingsonly,orthecompletedirectorystoredonyourdevice.Inbothcases,anencrypteditemiscreatedontheMaintab,whichrestorestheitemsafterclickingLock/Unlock.

“Othermodes”detail

LearnWhenthisischecked,apopupexplainingwhatisabouttohappenandrequestingconfirmationtocontinuecomesupeverytimeabuttonisclicked.UsefulforlearninghowtousePassLok.

Page 30: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

30

Normal/Short/Compatible(advanced)WhenSortisselected,PassLokknowsthatlockedmessagesmustbeatmost160characterslongsotheycanfitwithinanSMStextmessage.Tagsarestrippedandthemessageitselfistruncatedsoitcanfitwithinthelimit.Amessageabovethetextboxtellstheuserhowmanycharactersareleftbeforethemessageistruncated.Itisnotnecessarytocheckthisboxforunlocking.IfCompatibleisselected,thereisnolengthlimit(sameasinNormalmode),buttheuser’sLockisprependedtotheoutputsoitcanbeopenedinSeeOnce,andKey-lockedmessagesareencryptedinaformatcompatiblewithURSA.

ezLokUncheckingthisboxcausesyourLocktobedisplayedinbase64formatwhenthemyLockbuttonisclicked,ratherthanthedefaultformatusingonlynumbersandcase-insensitiveletters.PassLokcanuseezLoksinterchangeablywithbase64Locks.

FileoutputIfchecked,theoutputofanyencryptionorsealingoperationisasafile-containinglink,whichcanbesavedlocallybyright-clickingthelink.Thisisespeciallyusefulwhentheoutputisexpectedtobelarge.Apairofradiobuttonsbelowthisboxselectwhetherthefileshouldbetextorbinary(smaller).

Hiddenmsg.CheckingthisboxcausesPassLoktoexpectasecond,hiddenmessageinadditiontothemainmessageinthemainbox,lockedunderadifferentsharedKey.Whenyouarelockingatext,apopupwillappearaskingforthespecialdecoyPasswordandthehiddenmessage.Whenunlocking,apopupasksforthedecoyPassword.Thehiddenmessageisdisplayedabovethemainboxifitissuccessfullyunlocked.Thismodeisespeciallyusefulifyoususpectthatyouorsomeoneelsemaybeforcedtorelinquishhis/herkey.Thereisnowayshortofsuccessfulunlockingtotellwhetherornotahiddenmessageispresent.

PNGHide(advanced,imagescreen)Whenthisbuttonispressed,thecontentsoftheextrascreenarehiddenwithintheleastsignificantpartofthepixelsinaPNGimage,soitisindistinguishabletohumaneyes.Youcanthensavetheimagebyright-clickingonit(longpress,onmobiledevices),andselecting“saveas…”fromthemenuthatappears.

JPGHide(advanced,imagescreen)Whenthisbuttonispressed,thecontentsoftheextrascreenarehiddenwithinthepixelsofaJPGimage,soitisindistinguishabletohumaneyes.Youcanthensavetheimagebyright-clickingonit(longpress,onmobile

Page 31: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

31

devices),andselecting“saveas…”fromthemenuthatappears.ThisfunctionisnotavailableoniOSdevices.

Reveal(advanced,imagescreen)ThisbuttondoesthereverseoftheHidebutton.IftheimagedisplayedonscreencontainsahiddenPassLokitem,pressingthisbuttonextractsitandwritesitonthemainscreen,orotherwiseamessagetellsyouthatthereisnothingtoreveal.ThisfunctionisnotactiveoniOSdevices,whichchangeimageinformationuponloading.

GeneralDirectory(directoryEditscreen)ThisandtheremainingbuttonsarefoundinthedirectoryEditdialog,whichopenswhentheEditbuttonontheMaintabispressed.ThisbuttonopenstheGeneralDirectoryscreeninaframewhichhasnodirectcommunicationwithPassLokotherthancopyingthecontentsofasuccessfulsearch.

SaveThisbuttonsavestheiteminthebottomboxunderthenamedisplayedinthetopbox.

DeleteThisbuttondeletestheitemwhoseentirenameisdisplayedabovethetopbox(notnecessarilywhatiswritteninthebox,sincenamerecognitionisgradual),fromPassLok’slocaldirectory.Thisisirreversibleandthereisnoconfirmingdialog,sobecareful.

ResetThisbuttondoesasimilarthingtotheDeletebutton,butratherthandeletingthecompleteitem,itonlydeletesthesecretinformationpertainingtoPFSmodeoperationandothersettings.ThisisusefulifaPFSconversationgoesoutofsyncandmustberestarted.IfaListisdisplayedinthebottombox,clickingthisbuttoninsteadresetsthecurrenttemporaryList,butdoesnotaffectpermanentstorage.ThisisusefulwhenoneiseditingaListormakinganewone.

List(advanced)ClickingthisbuttonaddsthecontentsofthebottomboxtothecurrenttemporaryList,removinganyduplicates(casesensitive).IfthebottomboxisemptythecurrentListisdisplayedinstead.Ifwhatisdisplayedinthebottomboxisanitemfromthelocaldirectory,clickingListaddsitsfullnametothecurrentList,ratherthantheitemitself.ThisisusefulformakingaList,whichwillbeusedforlockingmessagesformultiplerecipients.TosavetheListtothelocaldirectory,youmustfirstwrite

Page 32: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

32

anameforitinthetopbox,thenclickListtodisplaytheListinthebottombox,andthenclickSave.

All(advanced)Whenthisbuttonisclicked,thecompletelocaldirectoryisdisplayedinthebottombox.Theformatisasfollows:nameoftheitemfollowedbyacolon,theitemitself(encryptedwiththesecretKey)onthefollowingline,additionallinescontainingadditional(encrypted)data,blanklinebeforethenextitem.Linesareindentedfordisplaypurposesbutthishasnoeffectontheparsing.Themainuseofthisbuttonismakingsurethataparticularitemexistsinthelocaldirectory,sinceitisnotnecessarytoknowitsnamebeforehand.Itcanalsobeusedtoeditthelocaldirectoryinlargechunks.TheMovebuttonimplementsamethodforcopyingtheentirelocaldirectorysoitcanbeusedinadifferentdevice.

Merge(advanced)Whenyouclickthisbutton,thecontentsofthebottomboxaremergedintothelocaldirectoryprovideditisformattedcorrectly,asdescribedfortheAllbutton.IfthebottomboxcontainsaLockwhenthisbuttonispressed,itwillbecombinedwithwhateversingle-lineitemisontheMaintab,tomakeintoanewLock,whichappearsininbothboxes.ThesamethinghappensiftheMaintabcontainsaLockinstead,andthebottomboxcontainsasingle-lineitemotherthanaLock.ThisisamanualimplementationoftheDiffie-Hellmankeyexchangealgorithm,whichisatthecoreofmanyPassLokfunctions.

ThefollowingarethebuttonsontheGeneralDirectoryinterface,whichisactuallyapageseparatefromthePassLokcode:

FindWhenthisbuttonispressed,theemailwritteninthetopboxissearchedinthegeneraldirectory,andtheLockcorrespondingtoit(plusavideoURL,ifthereisone)isdisplayedinthelowerbox.TypingEnteraftertheemailaddresshasthesameeffect.

PostAusercanputhis/herLockinthegeneraldirectorybywritinghis/heremailaddressinthetopbox,theLockinthelowerbox(withanoptionalvideoURLonthelinebelowit),andclickingthisbutton.Theprocessisnotcompleteduntiltheuserclicksonalinkcontainedinanemail,whichthedirectorysendstothegivenaddress.

Page 33: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

33

PlayWhenaLockinthedirectoryhasavideoURLattachedtoit,clickingthisbuttonopensanewtabwherethevideoisplayed.

InviteBymeansofthisbutton,ausercansendanemailpreformattedwithasetofinstructionsfordownloadingPassLok,makingaLock,andputtingitinthedirectory,totheaddressinthetopbox.Theemailissentfromtheuser’sownemailaccount.

RemoveThisbuttonissimilartothePostbutton,butratherthanaddingaLockorupdatingit,confirmingtheemailthatfollowsdeletesalltracesoftheemailanditsLockfromthegeneraldirectory.

Page 34: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

34

AdvancedfeaturesPassLokgoesbeyondsimplelocking/unlocking.Thissectionpresentssomefeaturesthat,thoughmaybenotusedbyeveryoneatfirst,maybeimportantatsomepoint.

ShortmessagesRegularencryptedmessagesaretoolongtofitinacellulartextmessage(SMS),whichislimitedto160characters.PassLokhasaspecialmodeforsituationswhenyouwanttheencryptedmessagetofitwithinanSMS,whichisinvokedbyclickingtheShortmodecheckboxintheOptionstab.Becauseofthelengthlimitation,thesizeofthetextthatcanbelockedisalsolimited.Anotherconstraintisthatonlyonerecipientcanbeselected.Inordertofitasmuchtextaspossible,thelockedmessagewillhavenotags.Youcantellwhatitis,however,becausetheresultinggibberishisexactly160characterslong.Here’swhatyoudotolockamessageinthismode:

1.ChecktheShortmodecheckboxintheOptionstab(Advancedinterface).

2.WriteorpasteyourmessageintheMaintab.Messagelengthislimitedto94ASCIIcharactersifencryptingwithasharedKeyorwithaLockinsignedmode,62ifencryptingwithaLockinanonymousmode,35inRead-oncemode.Non-ASCIIcharactersuse6spaceseach,soavoidthemifyoucan.Anytextbeyondthelimitwillbelost.

3.Youwillneedtohaveselectedtherecipient’sLockorsharedKeyontheMaintab,orentereditwithoutsavingbyclickingtheEditbuttonandputtingitinthebottomboxofthenewdialog,asdescribedabove.Afterthisisdone,youclicktheEncryptbutton.Theencryptedmessagewillreplacetheoriginalmessage.Copyitandpasteitintoyourcommunicationsprogram.

4.Ifyouareusingasmartphone,theencryptedtextwillbeselectedandreadytobecopiedtotheclipboard.Ifyouwanttosenditusingthetextingapp,copyit,andthenclicktheSMSbuttonnearthebottomofthescreen(visibleintheAdvancedinterface),whichwillopenthetextingapp.Nowyouonlyhavetotypeintherecipientandpasteintheencryptedmessage.

Ifyoureceivea160-characterlongpieceofgibberish,whichlikelyisashortencryptedmessage,here’swhatyoudotounlockit:

1.PastetheencryptedmessageintotheMaintab.Itisokayifitisbrokenupbyspaces,carriagereturns,andspecialcharacters.IfitwasencryptedwithasharedKey,youneedtoselectorwritethatKeyaswesawearlier.

Page 35: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

35

2.ThenclicktheDecryptbuttoniftheprocessdoesnotstartautomatically.Thedecryptedmessagewillreplacetheencryptedmessage.

Beawarethatthelengthofthemessageisverylimitedinthismode.IfyouwanttosendsomethinglongbySMS,onewaytogetaroundthislimitationistostoreitasafileinoneofmanyanonymouscloudstorageservices,gettheshortURLtothefile,andsendthat,locked,bySMS.

SealsSealingamessageisratherbackwardfromencrypting.ThingsareencryptedwithaLockanddecryptedwiththematchingKey.Ontheotherhand,thingsaresealedwithaKey,andthenthesealisremovedandverifiedwiththematchingLock.Ifyouthinkaboutitforamoment,you’llseethatitmakessense.Sealingisasortofsignature,anditshouldbepossibleonlyforoneperson,whileitshouldbepossibleforeveryoneelseintheworldtoverifythatthesealwasmadebythatoneperson.HenceoneneedsaKey,whichissecret,toaddaseal,andthematchingLock,whichispubliclyavailableandmatchestheKeyuniquely,toopenit.Thisprocessiscalled“digitalsignature”inspecializedjargon.Applyingasealdoesgarblethetextsoitappearsasifithasbeenencrypted.ItisNOTENCRYPTED,however,inthesensethatonlythoseindividualspossessingthecorrectKeyscandecryptit.Asealeditemcanbeunsealedbyanyoneintheworld,solongasthispersonpossessesthesealer’sLock,whichissupposedtobepublic.IfthecorrectLockisused,thentheoriginaltextisrecoveredandafurthermessageannouncesthatthesealownershiphasbeenverified.PassLoksealsareanalogoustoold-fashionedwaxseals,whichdon’treallypreventanyonefromopeningascroll,butratherfromtamperingwithitscontents.Inadditiontoservingasadigitalsortofsignature,thisprocesscanbeusefulforassuringtherecipientofwholockedamessageinanonymousmode.ThisisaverycommonuseofdigitalsignaturesinprogramslikePGP,wherethetextisfirstsigned,thenencrypted.PassLok,however,hasabetterwaytoidentifythesender,whichisexplainedintheAdvancedsection.

PuttingasealonatextTosealthecontentsofthemainbox,simplyclicktheSealbutton.Thetextwillbereplacedbyitssealedcounterpart.Copyitanduseitasappropriate.IfyouclickEmail,thesealedtextwillbeplacedintoanemailusingthedefaultprogram.Itisokaytostripthetagsuptothe"="sign,butnotrecommended.Itisalsookaytosplitthesignwithspaces,andpunctuationotherthanlinereturnsor=+or/.

Page 36: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

36

UnsealingandverifyingasealedtextThisistheprocessforunsealingasealedtext,andtherebyverifyingitsorigin:1.IftheLockofthepersonwhoallegedlymadethesignatureisinyourdirectory,selectitsnameonthelist.Otherwise,clicktheEditbuttonandthenpastethatLockintothebottomboxofthedialogthatappears,thengoback.2.WriteorpastethesealedtextintotheMaintab.Itisokayifthesealeditemisbrokenupbyspacesandspecialcharactersotherthan=+or/orismissingitstagsuptothe"=".ThenclicktheUnsealbutton.Amessagenearthetopwillsaywhetherornotthesealhasbeenverified.Ifverified,thesealedtextwillbereplacedbytheoriginal.

Padmode(msd)Sometimesyouwanttoensurethatasecretiskeptforalong,longtime.Now,computersareconstantlygettingbetter,soallthenormalencryptioncandoiskeepsomethingsecretforaslongasthecomputerpoweravailabletoanenemyisunabletocopewithallthepossibilitiesthatwouldneedtobetested.Butperfectencryption,whichcannotbecrackednomatterhowmuchcomputerpoweristhrownatit,doesexist.Itwasdiscoveredmorethanahundredyearsagoandusedfortelegraphcommunications.Inthe1940’s,ClaudeShannon,oneofthefathersofmoderncryptography,provedthatthemethodcouldneverbebrokenifimplementedproperly.Bythattime,themethodwasknownas“one-timepad,”andthisiswhyPassLok’salgorithminspiredbyitiscalledPadmode.Realone-timepadsareimpracticalbecausetheymustbe:1,aslongasthemessageitself,2,perfectlyrandom,and3,neverreused.Nevertheless,Cold-Warspiesusedthemintheformofpairsoflittlebookletscontainingthinsheetsfilledwithrandomlygeneratednumbers(onecopywiththespy,theotheratheadquarters).Thespysimplyencodedhismessageasnumberandthenaddedthosenumberswiththoseinagivenpageofthepad,whichwasthenburned.Thepeopleatheadquarterssubtractedthenumbersfromthematchingpageintheirpad(whichalsogotdestroyedafteruse),thusreconstructingtheencodedmessage.Simpleenough,buttheproblemthenwashowtodistributethosepadssecurelytothespies,notaneasytaskforpeoplewhospentyearsatatimeundercover.Beginningwithversion2.3,PassLok’ssolutiontothisisnottouseaspecialpadmadeofrandomnumbers,butratherapieceoftext(oranything,really,solongasitcanbeinputintotheprogram)containingthesameamountofinformationentropyastherandomnumbersthatwouldbeneeded.PassLokconvertsthattextintoarandom-lookingcodethatcanbeusedinthesamewayasaone-timepad.Sohere’showPadencryptionmodeisusedinPassLok:

1. Writeyourmessage(orfile,orimage)intothemainbox.

Page 37: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

37

2. ClickthedirectoryEditbutton,andthenpastealargepieceoftext(fromabook,awebpage,whatever)whosesourcetherecipientalsoknows,intothelowerboxofthatdialog,thenreturntotheMaintab.

3. ClickEncrypt.Ifthetextenteredinthestepaboveissufficientlylong(aboutfivetimesthelengthofthemessagetobeencrypted),apopupwillaskyouforthelocationwithinthetexttostartdrawingkeymaterial,asanumber.Enteranumberwithintherangedisplayedinthepopuporleaveitatzero,thenclickOK.

4. Thentheencryptiontakesplaceandtheresultappearsinthemainboxsoyoucandowithitwhateveryouwant.

Todecrypt,therecipientmustbeabletoobtainthesametextusedaskey,andknowthecorrectstartingposition.Decryptiongoeslikethis:

1. Entertheencryptedmessageinthemainbox.Theendtagscanbestrippedifneeded.

2. ClickthedirectoryEditbutton,andthenpastethetexttobeusedaskeyintothelowerboxofthatdialog,thenreturntotheMaintab.

3. ClickDecrypt.Apopupthenasksforthestartingposition.WritethecorrectnumericalvalueandclickOK.

4. Ifthedecryptionissuccessful,thedecryptedmessagewillbedisplayedinthemainbox,replacingthepreviouscontents.Otherwise,amessagetellstheuserthattheprocesshasfailed,leavingthemainboxintact.

Themethodensuresperfectencryptionbyeffectivelyusingakeyhavingsomanydifferentpossiblevaluesthatanytextoftheappropriatelengthwouldbeanacceptableresultofthedecryptionprocess.Thereis,therefore,nowaytotellwhetheragivenresultisthecorrectplaintext,sohowcomePassLokseemstoknowwhenthegoodoneisfound?Becausetheencryptedmessageincludesamessageauthenticationcode(MAC)thatPassLokre-calculatesafterdecryption.Thisprocessrequiresmorekeymaterial,drawnfromthesamelocation,sothatitisalsopossibletore-createanyMACvalueatall,andthoseguessingthekeytextwouldhavenowaytoknowwhatthecorrectoneis(otherthanbyobtainingamatch,butagain,theydon’tknowiftheplaintextobtainedisthegoodone).Thetheoryshowsthat,ifasufficientamountofnewkeymaterialisusedtomaketheMAC,theprocesshasthesameprobabilityofgivingapositiveresultwhetherornottheplaintextobtainedisthecorrectone.

Humanmode(msh)Andhowaboutthenot-quite-so-oppositescenario,namely,thathackinghasbecomesosophisticatedthatuserscannolongertrustthesecurityofanymachineatall,includingwhattheycarryintheirownpockets?(Notsofar-fetched,isit?).Inthatpredicament,auser(sender,recipient,orboth)mayhavenomorethanhis/herbrain,apencil,andapieceofpaperagainstanenemywithplentyofcomputingpower.Isthereanyhope?

Page 38: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

38

Thereis.Againlookingbackathistory,weencounterexamplessuchastheViccipherusedbySovietCold-Warspies—lookitupontheInternet,itisquitefascinating—whicheveryoneattheNSAthoughtitwasaone-timepaduntiladefectorrevealedittobeaclassical(albeitquitecomplicated)pencil-and-papercipherinvolvingsomenumbersplusawell-knownRussiansongaskeys.Now,thatcipherhasalreadyblownitscoversowecan’tuseitanymore(plusyou’dhavetomemorizetheRussiansong),sowehavetousesomethingelse.ItturnsoutthatI’vealsobeeninterestedinclassicalciphersforawhile,andranintoafairlysimplewaytoproduceakeystreammadeofregularletters(thealgorithmiscalleda“laggedFibonaccigenerator,”andeventhoughitdatesbacktotheXIIIcenturyitspropertiesarenotyetwellknownbyexperts)havinggoodapparentrandomness.Whenthoselettersarecombinedwiththeplaintextusingasquaremadeofletterscalleda“TabulaRecta”(Latinfor“straighttable”),theresultlooksjustasrandomandtheplaintextisextremelyhardtoextractwithouthavingthekeysthatgeneratesthekeystreamandthespecialscrambledalphabetsatthetopandsideoftheTabulaRecta.Here’sonesuchTabulaRecta,withstraightalphabetsatitstopandleftside:

I’mnotgoingtodescribeherehowtheprocessgoeswhenit’sdonebyhand.ItisexplainedinthePassLokhelpsystemandagaininaspecialWebpagethatdoesonlythis,availableathttps://passlok.com/human.Sufficeittosaythatboththesenderandtherecipientshareanalphabeticalkeymadeofthreeparts.SothisisthewayyougetPassLoktodotheencryptionforyouwhentherecipientisgoingtodecryptbyhand:

Page 39: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

39

1. Typethemessageonthemainbox.Beawarethat,althoughspaceswillbepreserved,commaswillbelostandallotherpunctuationwillbeconvertedintoperiods.Likewise,accentsandotherdiacriticalmarksthatthelanguagemayusewillbelost.Numberswillbeencodedasgibberish-lookinglettersfromAtoJ.Normallythiswillmeanonlyasmalllossofreadability.

2. ClickonthedirectoryEditbuttonand,inthelowerboxofthatdialog,enterthethreepartsofthekey,inthecorrectorder,separatedbytildeslikethis:~.ThenreturntotheMaintab.

3. ClickEncrypt.Theresultingencryptedmessagewillcontainonlyuppercaseletters,plussometagsateitherend.

AndthisiswhatyoudotohavePassLokdecryptamessagethatsomeoneencryptedbyhand(youlazydawg,you!):

1. Typetheencryptedmessageintothemainbox.Youcanmakeitlowercaseifyouprefer,andomitthetags.

2. ClickonthedirectoryEditbuttonand,inthelowerboxofthatdialog,enterthethreepartsofthekey,inthecorrectorder,separatedbytildeslikethis:~.ThenreturntotheMaintab.

3. ClickDecrypt,ifitdidn’tdecryptautomatically.Theresultingplaintextwillreplacethepreviouscontentsofthemainbox.Inthismode,PassLokcannottellwhenthecorrectplaintextisproduced,sothattheresultmostlikelywillbegibberishifthekeysarewrong,evenminimally,andthisiswhatgivesHumanmodeitsstrength.

Ofcourseyoucanusethismodeevenifbothsenderandrecipientareusingcomputers,butthen,wealreadyhavebetteralgorithmsthanthis.ThebeautyofHumanmodeisthatyoudon’thavetouseacomputer(orlearnaRussiansong,thoughyoucanuseitifyouwant)toobtainadecentcryptographicstrength.

HiddenmessagemodeNowyoumaysay,“Allthisbusinessoflockingandunlockingisverycute,buttheworldisn’tsocute.Themomenttheyseeyou’reusingcryptography,someone’sgoingtocomeknockingonyourdoortoaskyouforyoursecretKey,firstnicely,thenmaybenotsonicely.Andifyoudon’ttalk,maybeoneofyourfriendswill.”What’stobedoneinthisunfortunatelynot-so-rarescenario,commonlyknownas“rubberhoseattack”inhonoroftheinstrumenttraditionallyusedtoextracttheKey?ThisiswhyPassLokregularencrypteditemsincludeanextracontainerforinformationthatmightormightnotbethereatall.Thereisnowaytotellthathiddendataisindeedpresent.TryingtoextractthepresumedhiddeninformationwithouttheproperKeywillfailinexactlythesamewayasifnohiddendataexists.

Page 40: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

40

Theresultiscalled“plausibledeniability.”Sincethereisnowaytotellwhetherornotthereisahiddenmessage,youoryourfriendontheothersidecanclaimthatindeedthereisnohiddenmessageaftersupplyingthesecretorsharedKeythattheydemanded.Thosetryingtofindwhatyou’reuptomaybedisappointedbywhattheyseeinyournowunlockedmessagesandsuspectthereismore,buttheycannotknowforsurethatthereismore.Atsomepoint,itbecomesunreasonabletokeepbotheringyouafteryou’vegiventhemwhattheyasked,andchancesarethey’llletyougo.

Sohere’showtousePassLok’sHiddenmessagemode:

1.ChecktheHiddenmsg.modecheckboxontheOptionstab.

2.Followtheinstructionsforanytypeofregularencryption(notShortmode,whichdoesn’thaveenoughcapacity),orforsealing.IfHiddenmessagemodeischecked,apopupwillaskforthehiddenmessageandtheLockorsharedKeytobeusedforit.Thehiddenmessageislimitedto83ASCIIcharacters.Non-ASCIIcharactersuse6spaceseach,soavoidthemifyoucan.Anytextbeyondthelimitwillbelost.

3.AfterclickingEncrypt,theresultingitemcontainingboththemaintextandthehiddentextwillappearontheMaintab,replacingtheoriginaltext.Aswithregularlockedmessages,itisokaytostripthetagsuptothe"="signs.Itisalsookaytosplitthelockedmessagewithspaces,linereturns,andpunctuationotherthan=+or/

Whentherecipientgetsthemessage,he/shecanunlockitintheusualway,inwhichcaseitbehavesnodifferentlyfromamessagethatwasnotlockedinHiddenmessagemodeor,suspectingthereismorethanmeetstheeye,checkstheHiddenmsg.boxfirst,inordertorevealthehiddenmessage.Here’stheprocess:

1.ChecktheHiddenmsg.modecheckboxontheOptionstab.

2.Followtheinstructionsforanylockingmode.IfHiddenmessagemodeischecked,apopupwillaskforaHiddenmessagekey.

3.WriteorpasteintothepopupboxthespecialKeyforthehiddenmessage,thenclickOK.Thehiddenmessage,ifitexists,willappearinthemessageareaoftheMaintabevenifthemaindecryptionfailsorthesignatureisnotverified.Themainmessagewillbedisplayedinthenormalwayifthemaindecryptionissuccessful.

EverythingthatwassaidaboveaboutthestrengthofasecretorsharedKeystillapplies(perhapsevenmore)toaHiddenmessageKey.IfyouareusingaLockforthehiddenmessage,itisprobablybestthatthisbeaLockthathasnotbeenmadepublic.

Eventhoughspaceforthehiddenmessageisquitelimited,therearewaystoexpandittoincludealargeitem.Forinstance,thehiddenmessagecouldcontaintheURL(and

Page 41: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

41

password,ifneeded)ofacompressedandencryptedfile,whichhasbeenuploadedtoananonymouscloudservice.

Usingfaketext

PassLokcanproduceverysecureencryptedmessages,butitisobvioustoanyonewholooksatthemthattheyarenotplaintext.Thiscanalertanenemythatanencryptedcommunicationistakingplace,whichmightleadtounpleasantness.Tohelpwiththisproblem,PassLokincludesafaketextencoder,whichuseswordstakenfromacovertextinordertoproduceoutputthatlookslikenormaltext,butstillencodesanencryptedmessage.Thosefunctionsareavailableafterclickingthe▼buttonontheMaintab.Here’showitworks:ToconvertaPassLokitem(Lock,encryptedmessage,etc.)intofaketext:1) PuttheitemtobeconvertedintofaketextintotheMaintab.SincePassLoktags,

whichalwayscontainthesamecharacters,willleadtothesamesetofwordsatthestartandend,PassLokwillremovethetagsbeforehidingthecontents.Thisisnotabigdeal,sincethetagsarenotnecessaryfordecryption,unsealing,etc.

2) Clickthe▼button.Nowyoumaywanttochangethecovertextusingtheprocessdescribedinthenextitem,beforeyoudotheactualencoding.

3) GototheOptionstabandselectthetypeoftexthidingyouwant.Letters(default)replacesallspacesandsomecharactersofthecovertextwithdifferent,butidentical-lookingversions(suchasCyrillic“A”insteadofLatin“A”),inordertoencodetheoriginalmessage;theresultlooksidenticaltothecovertext.Sentencesreplaceseverycharacterintheoriginalwithacompletesentencefromthecovertext;theinformationiscontainedinthesentencelengthplusthepunctuationsignattheend.Wordstakeseverycharacterandreplacesitwithtwowordsfromthecovertext,resultingingibberishtext.Spacesencodesthetextwithinthespacesofthecovertext,usingsevenwordspercharacter;thisresultsinamuchlongeroutput,buttheresultisessentiallythesameasthecovertext.Invisibleputsthetextinthespacebetweentwodummylines,whichcanbeeditedatwill.Ifeverythinggoeswell,thecontentsofthemainboxareconvertedintofaketextanddisplayedinthebox,replacingthepreviouscontents.Ifthecovertextisinsufficientinsomeway,awarningwillbedisplayed.

4) Youcannowemailthefaketext,whichtoanemailscannerwillbenearlyindistinguishablefromrealtext.Youcanmergeorsplitlineswithoutchangingtheencodedmaterial.Donotalteranyspaceswithintheencodedtext,however,ifitwasencodedasSpaces,orpunctuationifitwasencodedasSentences.TheoutputofLettersencodingoftenwillendinmid-sentence;youshouldcompletethelastsentencesoitmakessensetoareader.

ToretrievetheoriginalPassLokitemfromfaketext:1) PutthefaketextintheMaintab.

Page 42: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

42

2) Clickthe▼button.3) ClicktheTexthidebutton.PassLokwilldetectthemethodusedandconvertthe

faketextintheboxbackintotheoriginalitem(minusthetags),replacingthefaketext,regardlessofwhetherornottherecipienthasloadedthesamecovertext.

Now,PassLok’sdefaultcovertextisapieceofEnglishtext(takenfromtheGNU3.0license).Ifthecontextofthechannelwhereyouaregoingtoplacetheitemisverydifferent,itmightstandoutandbedetectedbyascanner.Itwillalsobedetectedifadifferentlanguageisexpected.CanPassLokgetaroundthisproblem?Simple:replacethedefaultcovertextwithadifferentone.StoredcovertextsaredisplayedbynameatthetopoftheMaintabassoonasthe▼buttonispressed;simplyclickontheoneyouwanttouse.Ifthedesiredcovertexthasnotbeenstored,followthesesteps:1) Copyasufficientlylongtext(itmusthavewordsofatleastninedifferentlengths,

fortheWordsmethod,or7timesthenumberofcharacterstobeencoded,fortheSpacesmethod,or11differentsentencelengths,fortheSentencesmethod).

2) ClicktheEditbuttonandpastethetextinthelowerboxofthedialogthatappears,thenreturntotheMaintab.Ifyouwanttokeepthecovertextforfutureuse,writeanameforitintheupperboxandclicktheSavebuttonbeforeyouleavethedialog.

CovertextsinanylanguagecompatiblewithUTF8encodingcanbeused,includingChinese,Japanese,Arabic,etc.BeawarethattheWordsencodingonlycapitalizeswordsiftheyfollowaperiod.IfyouarewritinginGermanorsomeotherlanguagewithmorefrequentcapitalization,theresultmayneedsomemanualediting.

HidingstuffinsideimagesPassLokalsoincludestwomethodsforhidingitsoutputwithinimages,soitisinvisibletohumaneyes;oneoutputsinPNGformat,theotherinthemorecommon(albeitlowercapacity)JPGformat.Itdoessobyreplacingtheleastsignificantimagedatawiththematerialtobehidden.ThisfunctionisaccessedbyclickingtheImagehidebuttonontheAdvancedinterface.Let’ssayPassLokhasencryptedamessage,whichyounowwishtohidewithinanimage.Clickthe▼button,followedbytheImagehidebutton.Adialogwillopen,askingyoutoselectanimagefiletohidethestuffinto.Findanimageinjpg,bmp,gif,orpngformatandclickOK,andtheimagewillload.Thereisapasswordboxthatusuallywillbepre-filled;youcanleaveitas-is,oreditittouseadifferentpassword.IfyounowclickeitherofthePNGhideofJPGhidebuttons,thelockedmessagewillbehiddenintotheimage,whichwillstilllookthesametohumaneyes.Tosavetodisk,right-clickonitandselectSave.

Page 43: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

43

Theprocesstoretrievetheinformationhiddeninsideanimageissimilar.Firstyouloadtheimageasdescribedabove,andthenyoupresstheRevealbutton.IftheimagecontainsahiddenPassLokiteminoneofthetwoformatsavailableandthetextinthepasswordboxisthesameusedinthehidingprocess,itwillbeextractedandplacedintheMaintab.Iftheprocessdoesnotsucceed,amessagewilltellyouthateithertheimagedoesnotcontainanythingorthepasswordintheboxisincorrect.Thereisnowaytoknowwhichofthetwoistheactualcause.Theready-madepasswordthatPassLoksometimesgeneratestopopulatetheboxisoftwokinds:1–thesharedKeythathasjustlockedaplaintext,or2–thesharedsecretresultingfromcombiningtheuser’sownsecretKeyandthe(single)recipient’sLock.Thismeansthat,iftheitemtobehiddenwasencryptedforseveralrecipients,thepasswordboxwon’tbepre-filled,andtheuserwillneedtocomeupwithapasswordknowntoalltherecipients(orusenopassword,whichmakesthehiddencontentsdetectable).Thisnormallywillrequireapreviousencryptedmessagecontainingthispassword.Now,hidinganiteminsideanimage,ashidingwithinwords,providesnorealsecurity(especiallyifnoimagepasswordisused),soPassLokwillrefusetodoitunlesswhatyouarehidingisalreadyencryptedorprocessedsomehow.PassLokcancertainlyhideplaintextinsideimages,butithasbeencodedtoacceptonlyPassLokoutputinordertoprotectuserswhomightthinkthatsimplehidingprovidesenoughsecurity.Youalsomustbeawarethatmobileoperatingsystems,andveryspeciallyiOS,tendtomodifyimagesastheyload.Thiseraseswhateverinformationhasbeenhiddeninthem,sothattheimagehideprocessonlyworksforhidinganitem,butnotforextractinganitemhiddeninanimage.Likewise,handlingamodifiedimageisseverelyrestricted,andoftentheonlyoptionavailableissavingittocamerarollafteralongpress,andfromtheretheimagecanbeemailedorsharedbyothermeans.Fortheveryparanoid,PassLokallowsyoutoencodeasecondmessageusingwhateverspaceisleftafterencodingthecontentsofthemainbox.Toaddasecondmessage,writeaverticalbar“|”aftertheimagepassword,thenapasswordforthesecondmessage,thenanotherverticalbar,andfinallythesecondmessage.Onthereceivingend,userscanrevelthesecondmessagebytypingaverticalbarrightaftertheimagepassword,andthenthesecondpassword,beforeclickingtheRevealbutton.Inthiscase,successwillonlyhappenifbothpasswordsarecorrectandthereareindeedtwomessages,andthenthesecondmessagewilldisplaynearthetopoftheMaintab.

LockingwithListsPassLokcanencryptanitemformultiplerecipients,whopresumablyusedifferentsecretKeys,aseasilyasforasinglerecipient.Otherencryptionprograms,suchasPGP,offerthepossibilitytoencryptformultiplerecipients,butPassLokhasafewadvantages.

Page 44: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

44

First,youcanhaverecipientswithwhomyoushareaKey,andrecipientsforwhomyouhaveaLock,andincludebothencryptiontypeswithinthesamemessage.YouselecttherecipientsdirectlyontheMaintabor,ifyouwanttokeepcompletestealthandnotevenusethedirectory,youonlyneedtoentertherecipients’LocksorsharedKeys,oneperline,onthebottomboxofthedirectoryEditdialog.

Then,PassLokhasListsincludingseveralrecipients(moreonthislater)thatcanbesavedintothelocaldirectory,soencryptingformultiplerecipientstakesthesameeffortaslockingforasinglerecipient,onceyou'vemadeaList.PassLokcanhandlemultiplerecipientsasaunit,bymakingalistoftheirnames(ortheirindividualLocksorsharedKeys),oneperline,andsavingitunderanewname.TheListnameappearsontheMaintabdirectorylikeanyothername,exceptthatitishighlightedbydashessotheuserknowsitisactuallyaListofseveralrecipients.WhenyouclickonaListname,themessageareatellsyouthenamescontainedontheList.PassLokscansforduplicatesautomatically,sothatyoucanclickonLists(orindividualrecipients)thatmayhavelinesincommon,butonlyoneinstanceofeachrecipientwillbeconsidered.

ThereisaspecialbuttontohelpyoumakeListsofmultiplerecipients.Itislabeled,notsurprisingly,List,anditisvisibleonthedirectoryEditdialogwhentheAdvancedinterfaceisselected.ClickingthisbuttonaddstheitemoritemscurrentlybeingdisplayedonthebottomboxtoatemporaryList,whichisrecalledwhentheListbuttonisclickedwithnothingonthebox.ClickingtheResetbuttonerasesthistemporaryList,incaseamistakehasbeenmade.IfthenewitemisitselfaList,containingseverallines,theListbuttonmergesthemintothetemporaryList,eliminatinganyduplicatesandplacingtheminalphabeticalorder.TosavethetemporaryListintothelocaldirectory,giveitanameinthetopbox,thenclickListsothetemporaryListisdisplayedinthebottombox,andthenclickSave.IfyoudonotsavethetemporaryList,itgoesawaywhenyouclosePassLok.

RandomKeysSecurityexpertsrecommendusinglongrandomKeysratherthanstuffthatyoucomeupwith.Thismakesthemimpossibletocrackbybruteforceordictionaryattacks.Theproblemisthattheyarealsoimpossibletorememberand,ifuserswritethemdown,thelikelihoodthatthey’llbelostorcompromisedincreasessomuchthattheyarenotworthitanymore.Butthereareexceptions.ThisiswhyPassLokhelpsyoutogeneratearandomKey,shouldyoueverneedone.JustopenthedirectoryEditdialogandclickSavewithnothinginthebottombox.Theboxwillfillwitha42-characterrandomstringmadeofbase64characters,whichiswaymoresecurethanyou’lleverneed.PassLokwillstoreitforyouinthelocaldirectoryifyousupplyanameforitinthetopboxbeforeyouclickSave(thebottomboxmuststillbeempty).Asusual,youwillneedtohavewrittenyoursecretKeyinitsproperboxbeforeyoucansaveanything.

Page 45: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

45

AnotherplacewhererandomstringsappearisastokenstobeusedinconjunctionwithyoursecretKey.ThisisdonebyclickingtheRandombuttonintheNewUserwizardwhenyougettothisoptionalstep,orasimilarbuttonintheChangeEmail/tokendialogcalledfromtheOptionstab.ThismakesyourLockessentiallyimpossibletocracknomatterhowbadyourKeyis.Therandomtokenisstoredinyourdevice,encryptedunderyourKey,soyouwon’tneedtoenteritagain.Thecatchisthatyou’llbetiedtothatdevicefromthenon,sinceyouwouldn’thavethetokenstoredinotherdevices.Tohelpyoucopewiththis,PassLokcanexportitasaspeciallockeditem(alongwiththerestofyoursettings)ifyouclickanyoftheBackup/RemovebuttonsatthebottomoftheOptionstab.Touseyourrandomtokenonanewdevice,setupanewuserwiththesamenameandsecretKey(butobviouslynotthesametoken),placethebackupitemontheMaintab,andclickLock/Unlock.IntheChromeappversionofPassLok,therandomtokenisautomaticallybackeduptotheGoogleservers,sothatyoucangotoacomputerthatyouhaveneverusedbefore,logintoChromewithyourGoogleID,loadPassLok,andmakeanewuserhavingthesamenameandsecretKeyasbefore(noneedtosupplythecorrectemailorrandomtoken).Thebacked-upsettings,includingtherandomtokenifthereisone,willbedownloadedandappliedatthispoint,andyou’llfindyourselfwithyourentirelocaldirectoryavailabletoyou.Thebacked-upitems(exceptLocks,bydefault)arestoredontheGoogleserversonlyaftertheyareencryptedwithyourKeyandusername,sothatnobodycangetthemeveniftheyhackintothoseservers.

SplittingandjoiningitemsThereisaveryclevermathematicaltrickthatallowsPassLoktosplitapieceoftext(orafileencodedastext)intoacollectionofparts,eachofwhichbyitselfiscompletelyuseless.ThealgorithmiscalledtheShamirSecretSharingScheme,anditisbasedonthepropertiesofpolynomials.Tosplitatext,gettheextrasetofbuttonsontheMaintabandthenclickSplitwhilethetextisdisplayedinthebox.Apopupwillaskforthetotalnumberofpartstobemade,andtheminimumnumberofpartsthatwillberequiredtoreconstructthetext.Thepartswillthenappearonseparatelinesinthemainbox.Youcancreatefrom2upto255parts.Partscanbereadilyidentifiedbythe“PL**p^^^”tags(**istheversionnumberand^^^isthenumberofpartsneededtoreconstructtheoriginal)bracketingtheactualdata.Asusual,itisallrighttostripthetagsupto,andincluding,the“=”signs,sincethetagsaremeanttoidentifytheitemandprovidesomeprotectionagainstaccidentalcorruption.Iftheoriginaltextisshorterthan5characters,youwillneedtostripthetagsinordertoreconstructthetext.Theprocesstorejointhepartsissimilar:placethepartsonseparatelinesinthemainbox,eachpartoccupyingasinglelogicalline(whichmightwrapinsidethebox),displaytheextrasetofbuttons,andclickJoin.Ifthepartsarefromthesamesetandthereare

Page 46: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

46

enoughofthem,theoriginaltextwillappearinthebox.Ifsomethingiswrong,PassLokwilltellyouwithamessage.Thereareanumberofsituationswhereyoumaywanttosplitsomethingintoseveralparts.Forinstance:

• Youwanttouseahigh-securityrandomKey,butsinceitissohardtorecallyoufeelforcedtowriteitdownsomewhere,whichisasecurityno-no.ButifyousplittheKeyfirstandthenstorethepartsatdifferentlocations(whichmightbedifferentfileswithinthesamecomputer),theriskofcompromiseisgreatlyreduced.WhenyouneedtheKey,youretrievethepartsfromtheirstoragelocationsandthenreconstructtheoriginalKey.Youmaywanttomakeoneortwosparesincaseyouforgetthelocationofsomeoftheparts.

• Youwanttosendlockedmessagesthatcanbereadbyseveralpeople,butforsomereasonyoudon’twanttomakeamultiple-lockedmessage.InthiscaseyoucreatearandomKeyandsplititintoasmanypartsasrecipientsplusone,withtwobeingrequiredtoreconstructtheoriginal.Yousendeachrecipientoneoftheparts(lockedwiththeirpersonalLockssonooneelsecangetthem),andtheremainingpartissentintheopen,alongwiththemessagelockedwiththefullrandomKey.TherecipientscanregeneratethatKeybyjoiningtheextrapartthatyousentandtheparttheyeachhave,andthentheyunlockthemessage.

• Youwanttoforcetwoormorepeopletocooperate,oratleasttalktoeachotherdigitally.OnewaytodothisistolocksomethingimportantwithasharedKeythatgetssplitintoparts,whichyousendseparatelytothoseindividuals.TheonlywaytheycanretrievetheimportantitemisbypoolingtheirKeypartstogetherinordertoreproducethelockingKey.

• SplittingcanalsobeusedasanalternativetolockingwithaKey,sincethestringsplitintopartscanbeverylong.Todothis,placethetexttobelockedintheboxandgeneratetwoparts.Sincebothpartsmustbejoinedtoretrievethetext,oneofthemcanbekeptsecretandusedasaKeywhiletheotherissentbyinsecurechannels.

• IfyouaretheCoca-ColaCompanyandwanttoembracetheXXIcentury,makeaWordfilecontainingthesecretformulaforCoke,loaditintoPassLokusingtheChooseFilebutton,andthensplititwiththeSplit/Joinbutton.Givedifferentpartstodifferentpeopleforsafekeeping.

MakingsurePassLokisgenuineThebiggestconcernregardingtheactualsecurityofPassLokistheintegrityofitscode.Ifanattackermanagestointerceptthehtmlwebpagebeforeitcomestoyourdevice,he/she/itcouldreplaceitwithonethatoutwardlylooksandbehavesthesame,butwhichusesweakerencryptionthatcanbebrokenwithoutdifficulty.Therearecountlesswaysinwhichthiscanbedone.Thisisarealproblem,whichissharedbyallsecurityprogramsrunningonabrowser,orevendirectlyonthecomputer.

Page 47: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

47

IfyougotPassLokasapackagedappfromtheChromeWebstore,thecodehasbeensignedasitwasuploadedtothestore,sothatthewebbrowser(Chrome)willcheckthatthesignaturematchestheactualcodebeforeitacceptsit.Inthiscase,anattackerwantingtotamperwiththecodewouldhavetomakeGoogleissueafakecertificatesothatChromewouldacceptacounterfeitapp.Probablyquitedifficultforaregularhacker,notsomuchforagovernmentagency.SoyoucanfeelsecureaboutChromeappversionofPassLoksolongasyoutrustGoogle.ThesamecanbesaidabouttheversionsofPassLokforAndroid,whichisdistributedfromtheGooglePlaystore.ButcanbedoneaboutthewebversionofPassLok?Firstofall,beparanoidandloadthewebversionofPassLokonlybySSL/TLS.That’sthe“https”atthestartofthepageaddress.ThismeansthatthePassLokpageonlyleavestheserverafteranencryptedcommunicationhasbeenestablishedbetweenitandthebrowserrunningonyourdevice.Anattackerwishingtoswitchatamperedversionwiththegenuineonewouldhavetospooftheserver’sdigitalcertificate,whichisquitedifficultforanindividual(thoughapparentlynotfortheNSAandsimilarentities).Atthetimeofthiswriting,theofficialPassLoksourceishttps://passlok.com/app,whichalsohoststheGeneralDirectory.Then,therearethemirrorsfromwhereyoucangetPassLok.Themostsecureone,becauseitislocatedoutsideofUSterritory,ishttps://www.autistici.org/passlok.Anothermirror,whichislocatedinUSterritorysoit’snotassecurefrominterference,ishttps://passlok.site44.com.Finally,thereisaGithubpagecontainingthecodeat:https://github.com/fruiz500/passlok,whichalsodisplaysitinfunctionalformashttps://fruiz500.github.io/passlok.ThereisstillachancethatsomeonemightgainaccesstothePassLoksourceandchangeitwithoutmyknowledge.Howcanyoutellifthathappens?BecauseI’mpublishingahashofthegenuinesourceinanentirelydifferentlocationandbyadifferent,hardertofake,method.Here’swhatyoudotocheckit:1.LoadPassLokfromoneoftheauthorizedsourceslistedabove,orfromstorage(localorcloud)ifpreviouslysavedasdescribedinstep3b.

2.Directyourbrowserto"viewsource".Eachbrowserdoesthisdifferently,butmostnon-mobilebrowsershavethiscapability.Typically,youloadthesourceonaseparatetabbytypingCTRL-u(Windows)oroption-cmd-u(OSX).Onthepagedisplayingthesource,selectall(CTRL-aorcmd-a),thencopytoclipboard(CTRL-corcmd-c).Youcanalsosavethepagetoharddiskatthispoint.DONOTsavetherunningcodeusingthe"save"commandfromthebrowsermenu,sincethiscommandmodifiesthesourcecodebeforesavingit;usethe“save”commandonlyonthesourcedisplayedbythemethodabove.

3.NowyouhavetotaketheSHA256hashofthecodeontheclipboardusingaprogramdifferentfromPassLok.Ahashisamathematicaloperationthatconvertsa(usuallylong)pieceofdataintoafixed-lengthrandom-lookingstring,whichisasortoffingerprintof

Page 48: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

48

theoriginal.Animportantpropertyisthattheprocessisone-way:youcannotgettheoriginalfromthehash.Theprobabilitythattwogivenpiecesofdatawillproducethesamehashstringisnegligible.PopularhashalgorithmsareMD5,SHA1and,morerecently,SHA256.Youhaveseveraloptions:

a.Useanonlineutilitywhereyoupastethetextonaboxandclickabutton.Youmustmakesurethatpastingdoesnotaddextraspaceatthetopofthefile,whichwouldaffecttheresult.Online-convert(http://hash.online-convert.com/sha256-generator),fileformat.info(http://www.fileformat.info/tool/hash.htm)andfreeformatter.com(http://www.freeformatter.com/sha256-generator.html)haveworkedwellinmytests.

b.Savethesourcetoafileasshownabove,andthenusealocalprogramorutilitytotaketheSHA256ofthefile(builtintotheOSinLinuxandOSX,notsoinWindows).PassLokdoeshavetheabilitytosaveanythingcontainedontheMaintabtoatextfilebyclickingtheSavebuttonintheOptionstab,butbeawareofthedangerthatthisfunctionmighthavebeentamperedwith.ThenobtaintheSHA256ofthisfileusingthelocalprogram.

4.Currently,theSHA256forthemostrecentversionofPassLokispublishedinfourplaces.Theseare:

1. The“GetPassLok”sectionofPassLok’sinformationalwebsiteathttp://passlok.weebly.com.

2. WithinthedescriptionoftheChromepackagedapp,atthislocation:https://chrome.google.com/webstore/detail/passlok-privacy/epcchpdljafmfegifkigklfcmkphfmbh.

3. WithinthedescriptionoftheAndroidapp:https://play.google.com/store/apps/details?id=com.fruiz500.passlok

4. Atmyblog,prgomez.com:https://prgomez.com/passlokcurrent/

ThesearealldifferentfromtheactualserversofthePassLokwebpageforoneimportantreason:whoevermanagestotamperwiththecodeontheservercanalsotamperwiththepublishedhashifitisservedfromthesamelocation.Hence,theserversaredifferent.

Now,I’msureyourealizethatthepagescontainingtheSHA256,althoughdifferentfromthosecontainingthecode,canstillbehackedinordertoplacethereahashthatwouldmatchcounterfeitcode.Itwouldmeanhackingintoseveralserversbutitwouldstillbepossible.Sure,butcanthatindividualorcorporateentitychangetheYouTubevideoofyourstrulyreadingthegenuineID,whichisalwayslinkedrightbelowthehash?It’snotlikemyfaceisasrecognizableasMichaelJackson’s(thankGod),butthisisboundtobeprettydifficulttotamperwithnomatterwhat.

Page 49: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

49

Theprocesscanbeimproved,tobesure,buthopefullythiswillallowmostuserstorestateaseandusePassLokwithaminimumassurancethatitissafefromtampering.Notthatthecodeitselfhasnosecurityflaws.Thisisforexpertstotestanddiscover,whichisgreatlyfacilitatedbybeingabletoreadthecode.

LockauthenticationviatextoremailIfyoucannotmakecontactwiththeotherpersonthrougharichchannelsuchasvoiceorvideo,you’regoingtohavetostartusingsomebody’sLockwithoutknowingforsurethattheLockisgenuine.Trustwillbuildupgraduallyasthemessagessentbackandforthservetoconfirmtheidentityoftheparticipants.ButtherearewaystoauthenticateaLockwithonlyafewmessagestravelingbackandforth.TheeasiestthingtodoistosendamessagetothepresumedLockowner,includingaquestionwhoseansweronlythetwoofyouknow,andaskinghim/hertosendyouhis/herLock,itselflockedwithaKeythatistheanswertothatquestion.Iftheansweriscorrect,you’llbeabletoopenthelockedmessage,andthusretrievethegenuineLock.Aninterloperwhoiswatchingandperhapsmodifyingyourtrafficwon’tbeabletounlockamessagelockedthisway,andthushe/shemustbecontentwithpreventingyoufromgettingthatlockedfile,inwhichcaseyou’llknowthatwhateverLockyouhaveisfake.Butthiseasywayhastheproblemthattheotherperson’sanswertomyquestionmustbeexactlytheanswerIremember,downtothesmallestspellingdetail,orthemessagewon’tunlock.Itmayalsobethat,althoughIknowthispersonquitewell(acoworkercomestomind),Ican’tthinkofanysecretthatonlythetwoofuswouldknow.Fortunately,thereisanotherwaytoauthenticateaLockusingavariationonthe“interlockprotocol,”whichadmitssomeflexibility.Itisenoughiftheparticipantscanrecognizetheanswersasvalidinamoregeneralsense,orjustrecognizetheotherperson’sfaceorvoice.Look,forinstance,atthisscenario.AlicehasobtainedBob’sLock,butshefearsthatitmightbecounterfeitandsomeoneelsemightbeunlockingthemessagesshesendstoBob,readingthem,perhapschangingthem,andthenre-lockingthemwithBob’sactualLockforhimtoread.SoAlicesendsBobthisemail(whichisalsoincludedinPassLok’shelpsystem,shouldyouwanttouseit):

DearBob:IjustobtainedyourPassLokLockfrom(citesource),butIstillwonderifitisauthenticsinceIamunabletoviewtheauthenticatingvideo.Therefore,Iaskyoutohelpmeauthenticateitthroughtheinterlockprotocol.Here'swhatIwantyoutodo:

Page 50: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

50

1. Writeamessageaskingmetotakeapictureorvideoofmyselfdoingsomethingofyourchoice.EncryptthemessagewithmyLock,whichisappendedtothismessage,andcopyittoasafeplace.Thensplititintwoandsendmethefirsthalfonly.

2. WhenIreceiveyourfirsthalf,Iwillalsowriteamessageaskingyoutodosomethinginapictureorshortvideo.I'llencryptthatmessagewithyourLock,andI'llsendyouhalfofthatencryptedmessagefirst.Whenyougetit,goaheadandsendmetheotherhalfoftheencryptedmessageyoumade.

3. WhenIgetyoursecondhalf,I'llputthetwohalvestogetheranddecryptyourmessage.Then,followingyourinstructionsI'llsendyouthepictureorvideorightaway,unlocked,alongwiththesecondhalfofmyencryptedrequest.

4. Whenyougetit,pleaseverifythatwhatIsentconformstoyourinstructions.Ifso,puttogetherthetwohalvesofmyencryptedmessagetoyou,decryptit,andsendmewhatIaskinthemessageassoonaspossible,unlockedaswell.ThenI'llknowthatyourLockisauthentic.

Yourfriend,Alice.Let’sseehowtheprotocolcontainedinthisemailfoilsMallory,whoisabletointerceptandmodifytheircommunicationswithoutthemknowinganything.HeposesasAlicebeforeBob,andasBobbeforeAlice.Inthiscase,AlicedoesnothaveBob’sgenuineLock,butonethatMallorymadeinordertoimpersonateBob.Likewise,BobdoesnothavetheLockthatAlicesentinstep1,butoneforwhichMalloryhastheKey.ThingsbegintogowrongforMalloryatthebeginningofstep2.SinceMallorycannotyetreadAlice’srequestbutneverthelesshastosendsomethingtoBobtokeeptheexchangegoing,hemustsendhimarequestfrom“Alice”thatlikelyhasnothingtodowiththerealAlice’srequest.That,orpretendinstep1thatBobisrefusingtogoalongwiththegame,whichisnotgoingtodomuchtoreassureAlice.MallorywillthengetthewholerequestfromBobattheendofstep2,sohewillbeabletodecryptit,re-encryptit,andpassitalongtoAlice,andthengetfromherareplythatwillsatisfyBobinstep4.Butthedamagehasbeendone.MalloryiscommittedtosendBobasecondhalffrom“Alice”thatwillmatchthefirsthalfbutwhichmostlikelydoesnotcontaintherequestmadebytherealAlice,orotherwiseBobwon’tkeepupwiththeprotocolandMallory’scoverwillbeblown.Bobmightnotdiscovertheruseatthispoint,butitishighlyunlikelythathisreply,orwhateverelseMallorycancomeupwithtoreplaceit,willsatisfytherealAlice’srequest.Thenshe’llknowthatsomeoneisin-betweenandBob’sLockisnotauthentic.Ifnowtheyrepeattheprocesswithonenewrequestfromeitherside,butthistimewithAliceaskingthefirstquestion,Bobwillalsonoticethatsomethingiswrong.ButwhatifthereisnoMallory,and“Bob’sLock”wasnotbeingusedtolisteninbutwassimplycorruptedormistakenforanotherLock?ThenBobsimplywillbeunabletounlock

Page 51: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

51

Alice’scompleterequestinstep4,andhewillalertherofthatfact.ItispossiblethatMallorycouldstillbewatchingwithoutattemptingtomodifythemessagespassingthroughhimunlesshereallyhasto,butitisunlikelythathecouldreplaceBob’sannouncementthattheprotocolfailedwithsomethingthatwouldsatisfyAlice,becauseatthatstageAlicewon’tacceptanythingbutacorrectreplytoherrequest,orshewilldecidethat“Bob’sLock”isbad.Ittooksomehomeworkandthreemessagesfromeachside,afterwhichtheystilldon’tknoweachother’sauthenticLock(whichwouldbeimpossiblewithMallorychangingeverything,anyway),butAlicehasavoidedbeingdupedbyapowerfulenemy.

Underthehood:Compression,VariableKeyStretching.ThereissomereallycoolstuffhappeningasyouworkwithPassLokthatdoesn’tinvolveanybuttons.Let’stalkhereaboutsomeofit.Typically,anencryptedmessagewillbelongerthananplainone.Thisisespeciallytrueifitinvolvesnon-Latincharacters,whichthecomputerinternallyencodesasalongishstringofbinarydata(asmuchassixtimeslongerthanaLatincharacter).Tocompensateforthis,PassLokincludessmartLempel-Ziv(LZ)compressionofplaintext.Thisalgorithmreplacesfrequentlyusedstringsorcharacterswithshortercodes,resultinginasmuchasa50%reductioninoutputsize.Whentheplaintextislong,thisalsotranslatesintofasterprocessing.Anexample:theGutenberg.orgversionofShakespeare’sHamlet(nearly180,000Latincharacterslong)takesaboutfoursecondstolockorunlockinmy2007-modelDellmachineifcompressionisnotused,butbarelyonesecondwithcompressionappliedrightbeforetheencryptionstep.Thelockeditemisalsolessthanhalfthesize.The“smart”bitaboutLZcompressionisthatitisn’tusedwhereitwon’tbehelpful.Onecaseisforencodedfiles,whichtendtolookfairlyrandomwithoutanycompression.Sincecompressionisbasedonfindingrepetitions,random-lookingdatadon’tcompresswell.PassLokdetectsencodedfilesandskipsthecompression/decompressionsteps.Keystretchingmeansthat,everytimeaKeyisusedinPassLok,whatisactuallyusedisnottheKeyitself,whichmightbeasimplewordandthereforeeasytoguessbyhackers,buttheresultofapplyingacomplexmathematicaloperationtothatKey.Theresultisarandom-looking,fairlylongstringthatwouldbeprettymuchimpossibletoguessbyusingdictionaries.Evenbetter,itishardertodotheoperationbackwardsthantotryallpossibleinputs,sothattheoperationiseffectivelyone-way.Keystretchinghasbeenusedsincethebeginningofcomputer-basedcryptography,sothereareanumberofwell-researchedstandardalgorithms.PassLokusestheSCRYPTalgorithm,whichhasthenicefeaturethatitishardtorunusingspecializedhardware,whichawealthyhackermightwanttodo.This,whichmightsoundatfirstlikeabug,isactuallywhatwewant:wewantalong,tediouscomputationconsuminglotsofcomputertime,inordertomakeKey-guessingashardaspossible.Theactualuserwillonlyberunningthis

Page 52: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

52

computationonce,whichisusuallyokay,whileahackertryingtoguesstheKeywillberunningitmillionsoftimes.PassLokgoesonestepfurther,anditusestheWiseHashalgorithm,combiningSCRYPTwithasmartKeystrengthevaluationfunctionbasedonadictionaryandtrueentropymeasurements.ThismeansthatweakerKeys,whichscorelowerinthestrength-measuringalgorithm,arehitwithmorespuriouscomputationsthanstrongerKeys.Thisisinterestingfortworeasons.ThefirstisthattheuserexperienceisworseforweakerKeys,thusprovidinganincentiveforhim/hertocomeupwithastrongerKey.AlthoughthereislittleperceiveddifferencegoingfromaGoodtoanExcellenttoanOverkillKey(toparaphrasethelabelsPassLokdisplaysinBasicmode),thingsgetreallyslowasyoudropdowntoMedium,tosaynothingofWeakandTerribleKeys.ThesecondreasonisthatbadKeysremainvalidKeys,evenastheyarepenalized.AhackertryingtoguessyourKeybymakingLocksforallstringsinthedictionarywillbeforcedtoconsumealargeamountofcomputertimemuckingthroughthebadKeys,orriskmissingtheeasyones.Addtheemail/tokenfeature,whichmeansthatthereisnosuchthingasapre-computedlistofKeysandtheirmatchingLocksvalidforallusers(alsocalled“rainbowtable”),andyou’vegotanextremelysecurewaytouseKeysthatyoucanactuallyremember.

Page 53: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

53

Appendix:AComparisonbetweenPassLokandPGP

ThisisanarticleIpublishedonmyblog(prgomez.com)sometimeago.Itisonthelongsideandobviouslybiased,butIcouldn’tresistaddingithereasanappendixbecauseitlaysoutwhyPassLokmightyetsucceedwhereothersfailed.IhaveeditedafewthingshereandthereasPassLokhasevolved.

Emailandchatencryption,certainlyverydesirableforprivacy,hasbeenavailableforalongtimebutveryfewpeopleuseit.Inthisarticle,IshowwhythishashappenedandwhythisisabouttochangewithPassLok,thenewprivacyappderivedfromURSA.

EmailandchatencryptionuntiltodayhasnormallybeendoneusingPGP(shortfor“prettygoodprivacy”)orGPG,itsopen-sourcecousin.PGP,createdbyPhilZimmermann,wasfirstreleasedin1991withtheintentionofbringingstrongencryptiontocommonfolks.Backthen,computerswereusingUNIX,DOS,oranearlyversionofMacOSasoperatingsystem.DESwasyettobecracked.TheAdvancedEncryptionStandard(AES)winnerhadnotyetbeenpicked.ZimmermannbasedhisprogramonIDEA,acontenderintheAEScontest,addingtheRSAmethodforpublickeycryptography.ThefirstversionofPGPranfromaDOScommandline.ItwasawesomeanditputZimmermanninaheapoftroublewiththeFeds.

TherearemanygoodarticlesontheworkingsofPGPoutthere,soIwillonlydescribetheessentials,fromwhichallitssubsequenthistoryhasderived.Thebasicstepshavenotchangedmuchinthelaterversions,whethercontrolledfromacommandlineoragraphicaluserinterface.Whatfollowsisabittechnicalbutnotexcessivelyso.Staywithme.

ThefirstthingthatPGPasksyoutodoistypesomegarbagesoitcanseeditsrandomnumbergenerator,thenitmakesapairofprivateandpublickeysusingtheRSA(Rivest-Shamir-Adleman)algorithm.YoucannotdesignyourprivateorpublickeysbecauseonlycertainsequencesofcharactersarevalidkeysinRSA.ThesecurityofRSAkeysisbasedonthedifficultyofseparatingtwolargeprimenumbersthathavebeenmultipliedwithoneanother.Theprivatekeyconsistsessentiallyofthosetwonumbers,togetherbutclearlyidentified,whilethepublickeyisessentiallytheresultofmultiplyingthem.Youcanalwaysgetthepublickeyfromtheprivatekey,butthereverseoperationismuchhardertodo.Thelargerthenumbers,theharderitgets.Currently(2015),NISTrecommendsusing2048-bitfactorsfordecentsecurity.That’s342base64characters(base64isusedfordisplayingkeysandencryptedtextinPGP),or617decimaldigits.Thosearebignumbers,soyoucanimaginethedifficultyofmultiplyingthem,letalonetryingtofactorthem.Trydoingthatbyhand.

Theprivatekeyistobekeptjealouslyguarded,whereasthepublickeyistobepublicizedsopeoplecanretrieveitandsendyouencryptedmessages.Theprivatekeyisneededtoreadmessagesencryptedwiththematchingpublickey,sothisprocessensuresthatonlyyoucanreadthem.TheactualencryptionalgorithmisIDEA,whichis

Page 54: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

54

muchfasterthanRSAanddoesnotimposelimitsonthesizeofthemessage.Therandomencrypt/decryptkeyusedfortheIDEAencryptioniswhatRSAactuallyencryptswithapublickeyandlaterdecryptswiththeprivatekey.Youcanalsousetheprivatekeytomakeasignature(actually,arandom-lookingstring,plussomeidentifyingtags)ofagiventext.Peoplecanloadtheappropriatetext,thesignature,andyourpublickeyintoPGP,andthenverifythatthisparticularsignatureofthisparticulartextcouldonlyhavebeenmadewiththeprivatekeymatchingthepublickeyprovided.

Verycleverindeed.Thisopensupthepossibilityofexchangingconfidentialinformationwithouthavingapre-establishedsecretpassword,makingbindingcontracts,andabunchofotherneatthings.Today,PGPandsimilarmethodsareattherootofsecurecommunicationsbetweencomputersandthedigitalcertificatesthattellthemthatanothercomputeroragivenpieceofsoftwarearelegit.ButPhilZimmermann’soriginalvisionforsecurecommunicationsbetweenregularpeoplehaslargelyfailed.Westillemailortexteachotherinawaythatanyonein-betweencanreadwhatwewrite.Why?

Ina1999paperentitled“WhyJohnnyCan’tEncrypt,”researchersWhittenandTygaraddressedtheslowpaceofadoptionofPGP(andindeedofmostothersecurity-orientedsoftware)andplacedtheblameonconfusingiconsandmenustructures,andontheassumptionthatusershadaminimalknowledgeofpublickeycryptography.Thiswasin1999,whenPGPwasinitsfirstGUIversion(5.0).Tenyearslater,afollow-upstudyinvolvingPGP9.0foundthatthesoftwareledpeopletomakekeypairswithagreaterchanceofsuccess,butencryptionsecurityhadactuallygottenworsesincemostusersendedupsendingunencryptedmessagesunknowingly.Therewasalsoa“Johnny2”studythatconcludedthattheproblemwasn’tgoingtogoawayuntilkeycertificationwashandledinacompletelydifferentway. A"ConfusedJohnny"studymadein2013saidthatusersactuallypreferredtoseetheencryptedoutputinordertomakesurethatencryptionwasindeedtakingplace,butthattheypreferrednotbeinginvolvedwithkeyhandling.

Ithinktherootreasonfortheseproblems,whichhavesofarhavepreventedPGPanditscousinS/MIMEfrommakingitinthegeneraluserworldisthatPGP,aswellasS/MIME,wasoriginallybasedonRSA.Thenewer,commercialversionsofPGPareratherbasedonadifferentpublickeyalgorithmnamedDSA,whichdoesnothavethesamerestrictionsonthekeysasRSA,buttheprocessesandconventionsimposedbyRSAarestillthere.BecauseanRSAprivatekeycanonlybemadeincertainways(nottruewithDSA,buttheRSAkey-generationprocesswasretainedforcompatibility),PGPhastomaketheprivatekeyforyou.Theresult,aswediscussedabove,isaverylong,impossibletorememberstringofrandom-lookingcharacters.Therefore,PGPstorestheprivatekeyinacomputerfile,sincetodoanythingbeyondencryptingmessagesforsomeoneelsetoreadyoumusthaveyourprivatekey.

Andhereistheproblem.Eithertheplacewhereyoustoreyourprivatekeyisperfectlysecurefromtamperingandeavesdropping,oryoumustaddfurthersecuritytoprotectit.PGP“solves”thisproblembyencryptingtheprivatekeywithIDEA,usingaseparatekey,beforeitwritesitdowntoafile.Thankfully,IDEAadmitsarbitrarykeys,soPGPasks

Page 55: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

55

youtocomeupwitha“passphrase”(codeforlong,hardtoguesspassword),whichisusedtoencrypttheprivatekey.Whenyouneedtouseyourprivatekey,PGPretrievesthefilecontainingitinencryptedform,asksyouforthepassphrase,anddecryptsitusingIDEA.Theprivatekeyisneverdisplayedindecryptedform(atleastforyoutoseeit).

Thismaysolvetheproblemforacorporation,butitdoesn’tsolveitforthegeneralpopulation.Youstillneedtohavethatfilecontainingyourencryptedprivatekey,inadditiontorememberingthepassphrasethatunlocksit.Ifyoulosethefile,you’rehosed.Ifyouareusingsomeoneelse’scomputeranddon’thaveawaytoretrievethatfileremotelyordon’tcarryitalonginaflashdrive,you’rehosed.Thepublickeyalsohasproblemsarisingfromtheirauthenticity,butwhatmakesPGPratherpainfultousebythegeneralpublicishavingtomanagethat“secretkeyring”,astheycallit.

Okay,you*can*writeouttheprivatekeyfilesoitisdisplayedinconventionalASCIIcharacters,andthenyoucanpasteitintoyourGooglefilesoranyotherplacethatyoucanaccessonline.Itwillstillbeencryptedsothatnoonecanuseitwithoutyourpassphrase.Butthenyou’llbetrustingsomeoneelsetoguardyourpreciousprivatekey.Iftheyfail,someonecoulddeleteit,corruptit,orswitchitwithacounterfeitkey.Ontopofthat,mostonlineserviceshavebeenknowntoopentheirusers’accountstomoreorlessaccredited“investigators,”oftenwithoutawarrant.(Note:thiswaswrittenmonthsbeforeEdwardSnowdenblewthewhistleonNSA’spervasivedata-collectingprograms)

PGPpublickeysareevenlongerthantheprivatekeys,andjustasrandom-looking.Therefore,theymustbestoredsomewhere.Becausetheyare“public”itisokaytodisplaythemintheopenanduploadthemtopublicplaces.ThisiswhatPGPkeyserversare:computerswherepeoplehaveuploadedtheirpublickeyssootheruserscanfindthemandthuscansendthemmessagesencryptedwiththosepublickeys,fortheireyesonlytoread.Theproblemisthatthereisnointrinsicassurancethatacertainkeybelongstoacertainindividual.PGPagain“solves”thisproblemwithsomethingcalled“weboftrust.”Essentially,peopleaddelectronicsignatures(madewiththeirprivatekeys)tootherpeople’spublickeys,tocertifythattheybelievethekeysbelongtothepeoplethekeyserversaystheybelongto.Thesignaturesareeithermadebyotherindividuals,whomyoumayormaynotknow,orbyanintrinsicallytrusted,professionalCertificationAuthority,usuallyforafee.Thinkofadigitalnotarypublic.

SowhenIwanttowriteaPGP-encryptedemailtoacertainindividual,Iamaskedtofetchhis/herpublickeyfromakeyserver,wherekeysareusuallycataloguedbynameoremailaddress,thenloaditintoPGP(oftenpermanentlybymeansofits“publickeyring”),andthenenterthemessageandtellPGPtoencryptit.ThemorerecentversionsofPGPcandothisfromaGUI,includingthekey-fetchingprocess,butarestillhardtousebyamajorityofpeople.EvenifIsucceedinobtainingtheappropriatekeys,Iusuallyhavenoassurance,otherthanthedigitalsignatureofpeopleIdon’tknow,thatthekeysactuallybelongtotherightpersonandnottoathirdmalevolentparty.Iknow

Page 56: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

56

thisbecauseI’vemadekeysthatI’vesuccessfullyuploadedtoakeyserver,usingallkindsofpretendnamesexceptmyown.

Tobesure,PGPencouragescertainstandardpracticesthatprovideamodicumofreassurance.Oneofthemisthatpeopleshouldsigntheirpublickeys(therebymakingthemtwicetheiroriginallength)beforetheypostthem.Theideaisthatpeoplethencanverifythat,ifyouareabletosignyourpublickeywithyourprivatekey,youmusthavebothkeyssoatleastit’snotsomeonewhojustranintoyourpublickeysomewherewhoispostingthatkey.Anotherbestpracticeistoaddasignaturetoatextrightbeforeitisencrypted.Thiswaytherecipientofthetexthasassurance,bycheckingthesignature,ofthesender’sidentity.Unfortunately,signingamessagebeforeencryptingitmakesitlongerandhardertoprocesslateronaswell.

Somuchforspecificaspectsofusability,buthowabouttheinterfaceitself?WhittenandTygarpiledupmostoftheircriticismagainstPGPinthisarea.Leavingasidewhetheruserinteractionisfromacommandline,andintheoriginalPGP,ortherearegraphicsinvolvedasintheversionsafter5.0,PGPforcestheusertoadoptametaphorthatdoesnotmatchanythingelseintheuser’sexperience,namely,tolockthingswithonekeyandunlockthemwithanother.Peoplehaveneverdonethisbeforeandarethereforeconfusedfromtheverystart.Consistentuseoftechnicalwordssuchas“encrypt”,whichpeopletendtoassociatewithtombsandcorpsesratherthancomputersthefirsttimetheyhearit,doesn’thelpmuch,either.

HowdoesPassLokhelpwithallthis?Tobeginwith,inPassLokyourprivatekeyiswhateveryouwant.Ifyouwantittobe“IfeeldepressedwithoutfriedTwinkies,”that’sfinewithPassLok.Assumingyoucanrememberit,youdon’tneedtowriteitdownanywhere,andcertainlyyoudon’thavetouseaflashdrive,orstoreitinafileanywhere,plainorencrypted.PassLokwillcomplainthatit’skindofweakbutwillstillmakeapublickeytomatchit.Evenbetter,itwillcompensateautomaticallyfortheweaknessofyourkey.Theonlythingyoumightnoticeisthatprocessingiskindofslow,whichhopefullywillencourageyoutouseabetterkey.

Andbytheway,PassLokdoesn’thave“publickeys”and“privatekeys.”Ithas“Locks”thatpeoplecanputonatextorfilesonobodycanreadit,and“Keys”thatunlockalockeditem.Everybodyhasusedthosebeforeinhardware.Allofthismaysoundlikealittleexerciseinwordsubstitution,butitcanmakeallthedifferenceinauser’scomprehensionofwhat’sgoingon.

PassLokLocksaremuchshorterthanPGPpublickeys:just50characters,versusseveralhundred.Theyarealotmoresecure,too,since255-bitellipticcurvekeysarebelievedtobeequivalenttoRSAkeyslongerthan7,500bits.BecausePassLokkeysareshort,theycanbesentbytextmessagingormadeintoQRcodessothatpeoplecanreadyourkeyoutofyourcallingcard,whichhelpsalotwithauthentication.Theyalsofitwithinthe“extrainfo”fieldsofjustaboutallwebmailcontactlists,whereyoucanuploadkeysasyougettheminsteadofstoringtheminaspecialkeyringfile,orfetchingthemeverytimefromakeyserver.Ifyoufeellazy,youcanjustpastetheLockintoPassLok,andthenPassLokwillrememberitfromthenon,especiallyifyouusetheChromeapp

Page 57: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

57

version,whichsyncseverythingbetweencomputersassoonasyoulogintoyourGoogleaccount.GivingsomeoneaPassLokLockisonlyslightlymoreinvolvedthangivingaphonenumber,whichispreciselythemetaphorthatPassLokusesfordistributingandauthenticatingLocks.

PassLokusesnoweboftrustorcertificationauthoritytoauthenticateitspublickeys.Howarethenpeoplesupposedtogetsomeone’sLockwithaminimumofconfidencethatitdoesindeedbelongtothatperson?Heretheproblemmaybethequestionitself.Askyourself:howdoIgetsomeone’scellphonenumberwithaminimumofconfidencethatitdoesindeedbelongtothatperson?Idon’tknowwhatyoudo,butIlookatthatperson’sphysicalorelectroniccardfirst,orasksomeoneelsewhomighthaveit.Thephonebooksinmyhousehavebeengatheringdustforyears,ashavePGPkeyserversallovertheworld(manyofwhicharen’tcurrentoractiveanymore,onceyoucheck).WhenIgetaphonenumber,Iuseitrightaway,andlettheactualuseserveasverificationthatitiscorrect.

It’sthesamewaywithaparticularPassLokLock.ThefirsttimeIuseit,Iamnotsoconfidentthatitwillencryptmessagesfortheintendedindividualandnotsomeoneelse,buthopefullyI’llfeelbetteraboutitafteracoupleexchanges.IfIamparanoidaboutsomeoneinterceptingourcommunicationsandplacinghimselfinthemiddle,Icangettheotherpersononthelineandaskhim/hertospellouthis/herLock(ormine).IcanpostavideoofmyselfspellingoutmyLockforthewholeworldtosee,anditbecomesonewithmyLock.I’veactuallydonethateverytimetheevolutionofPassLokhasmademyoldLockobsolete.

PGPhashadkeyserverssincethebeginning.Theideaisthatpeopleloadtheirpublickeystothekeyserversothatotherscanfindthemandusethem;afterall,publickeysaremadetobepublicized.Neatidea,butunfortunatelymostPGPkeyserversarefarfromusefulbecauseofsomeseriousfundamentalflaws.Thefirstisthatanyonecanuploadapublickey.Theserverhasnomeansofverifyingthesource,soitacceptseverything,includingpublickeysthatmighthavebeenmadebysomeonetryingtoposeassomeoneelse.Thesecondisthatkeysareneverdeleted(thoughtheycanexpireorberevokedbymeansofanadditionalcertificate),leadingtomultiplekeysforthesameuserthatneedtobesortedoutbythosewhowanttowritetothisuser.ThereareatleastfourdifferentPGPkeysbearingmyname,andnotevenIcantellwhichisthegoodone.

PassLokinitiallyhadnokeyserverbecauseitisnotstrictlynecessary.Startingwithversion1.7,however,a“GeneralDirectory”hasbeenaddedasaconvenience,butitissignificantlydifferentfromtheoldPGPkeyservers.Foronething,usersneedtoreplytoaconfirmationemaileverytimetheyadd,delete,ormodifyanentry(yes,entriescanbefullydeleted),sothataposerwouldneedtobeactivelyinterferingwiththevictim’semailinordertosucceed.Then,eachentryhasspaceforanauthenticatingvideo,andtheinterfacehasabuttontosimplifytheactionofviewingit.Thisvideo,similarinconcepttothecode-authenticatingvideomentionedbelow,showstheLock’sowner

Page 58: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

58

recitingapartofhis/herLock.Thisway,peoplewhohavemetthispersoncanbeassuredthattheLockisauthentic,withoutaneedforcertificatesandwebsoftrust.

ImprovingonPGP,whichonlyhaspublic-keyencryptiontowhichasignaturemightbeaddedtoauthenticatethesender,PassLokaddsasimpler“Signed”encryptionmode,whileretainingtheabilitytodoAnonymouspublic-keyencryption.TheSignedmessageendsupbeingshorter,too,andiseasiertoprocessonthereceivingendthanananonymouslockedmessage.Signedencryptionisavailableasanoption,butitdoesn'tinvolveaddingadigitalsignaturetothemessage.Again,thisisbecausePassLokhasunderitshoodtheDiffie-Hellmankeyexchangealgorithm,whichinvolvesbothparties,ratherthantheRSAalgorithm,whichisone-sided.

Startingwithversion1.6,PassLokincludesathird“Read-once”lockingmode(originallycalled“PFS”,whichisshortfor“PerfectForwardSecrecy”)inadditiontoAnonymousandSignedmodes.WhenamessagehasbeenencryptedinRead-oncemode,nobody,includingthoseoriginallyinvolvedinthemessageexchange,canreadthemessageaftertheexchangeisover.Themessagessortof“self-destruct”andbecomeunreadablerightaway.Inotherprograms,thistypicallyrequiresparticipantsinaconversationtobeconnectedatthesametimetosomeserver(notPGP,though,sinceitdoesnothaveareal-timecomponentoranythingresemblingforwardsecrecy),butPassLokachievesthisverydesirableattributethroughemailoranyotherasynchronouschannel.ItdoessobygeneratinganewrandomKeyforeachnewmessage,whichisstoredonlyuntilthemessageisrepliedto,andthenisoverwrittenbyanotherKey.SincetheencryptionKeysneverleavethedevicewheretheyweremadeandaredestroyedaftertheyareused,themessagesbecomeunreadabletoeveryone.

Peopleexchangingencryptedmessagessometimeshavetheabilitytouseahigh-securitychannel(suchasmeetinginperson)tocommunicate.Eveniftheycandothisonlyonce,fromthenonthey’llbeabletousesymmetricencryptionratherthanexclusivelyasymmetricencryptionlikePGP,whichismuchmoreeconomicalofcomputerresourcesandresistanttonot-so-futuretechnologiessuchasquantumcomputing.Therefore,PassLokallowsuserstoemploysymmetricKeys,knownbothtosenderandrecipient(s),inavarietyofways,whilePGPdoesnot.

Thefirstandmosttransparent,issimplyenteringashared(symmetric)Keyinsteadofapublickey.PassLokrecognizesthetypeofkeyenteredandadjuststheencryptionalgorithmwithoutrequiringuserintervention.Thisisdoneonaper-recipientbasiswhenamessageisbeingencryptedforseveralpeople.

Then,PassLokhastwospecialsymmetricencryptionmodes.Padmode,introducedwithversion2.3,usesalongpieceoftext(longerthanthemessagetobeencrypted)asKey.Theresultisanencryptedmessagethatistheoreticallyimpossibletocrack,evenbybruteforce.Thetextusedaskeycouldbeextractedfromabook,awebpage,whatever.ThesecondspecialmodeisHumanmode,introducedwithversion2.4,whichhasthedistinctionofbeingabletobeperformedbyhandifnecessary.ItisbasedonaclassiccipherthatusesalaggedFibonaccipseudo-randomnumbergeneratoratitscore.

Page 59: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

59

Despiteitshighsecurityandlargekeyspace,itisquitefasttodoonpaper,withthehelpofapre-printedTabulaRectathatcanbeerasedordestroyedafterwards.

Startingwithv1.4,PassLokalsoincludestheShamirSecretSharingScheme,seamlesslybuiltintoitsinterfaceviaasinglebutton.Amongotherthings,thismeansthatausercaninfactstorerandomkeyswithoutworryingtoomuchabouttheirbeinglostorcompromised.Theonlythinghe/sheneedstodoissplitthekeyintoseveralparts,whichthenarestoredatseparatelocationsthatonlytheuserknows.Sparekeyscanbeproduced,too,justincase.

PGPwasbornasacommand-lineprocesstowhichagraphicaluserinterfacewaslateradded,anditshows.PassLok,onthecontrary,wasbornasawebapp.TherearenomultipleversionsofPassLokcompiledtorunondifferentoperatingsystems,justtheonepage,whichrunswithoutmodificationbothinPCsandmobiledevices,underanyoperatingsystem.Youcanactuallyreadthecodeifyoufeelinclinedit,andIdorecommendthatyoudopreciselythatsometimesoyoucanbesurethepageisnotsendingorreceivinganyinformationtoorfromtheoutside.Itcanbeaseasyasdoinga“showsource”inthebrowser(everybrowserdoesthisdifferently,buttheyallusectrl-uoropt-cmd-uasashortcut),followedbysearchesforthingslikehttp://,https://,ftp://andsoforth,whichawebpageneedstoexecuteinordertocommunicatewiththeoutside.

Forthemoreparanoidamongstus,hashesofthesourcecode(suchastheSHA256hash)arepublishedwitheachnewversionofPassLok,soyoucancheckitsintegrity.Justtellthebrowsertoshowthesourcecode,copyit,andpasteitintoahash-makingprogramoronlineutility.Ifthecodeisgenuine,thereshouldbeamatchwiththepublishedhash.Ifyouarestillconcernedthatthesourcesdisplayingthehashcodesmightgethackedbysomeonewhoalsochangedtheworkingcode,watchtheoptionalvideoofmereadingthehash,whichisalothardertofake.OnceyouhaveacopyofPassLokthatyoutrust,youcansaveitsomewherewithinyourdevice,orinthecloudsoyoucanuseitwhenyouneedit.PGPcan’tofferanysuchassurancefortheparanoid.

Muchhasbeenmadeofthepresumedvulnerabilityofclient-sideencryptionmethodslikePassLok.Theargumentusuallygoeslikethis:anenemycouldmodifythecodebeforeitgetsdeliveredtotheclientapplication(thebrowser,inPassLok’scase),andtheuserwouldn’thaveacluethatithashappened;caseclosed.Thatis,iftheuserneverbotherstocheckitsintegrity.Togoevenfurther,Iwouldarguethatexactlythesamethingcouldhappentoaprogram,suchasPGP,thatisdownloadedfromaserverandtheninstalledonthedevice.

DevelopersofcompiledsoftwarefightthisbypublishinganMD5,SHA1or,morerecently,SHA256hashoftheinstallationfilesouserscancheckitfortampering.Thehashisusuallyonthesamepageasthedownloadlinkandwithoutavideoofthedeveloperreadingitoutloud.PassLokhashes,ontheotherhand,arepublishedondifferentservers,andtheyincludevideosoftheauthorreadingthem.Unlikewithcompiledprograms,PassLokusersdon’thavetotrustitinanywaybeforetheyverifythecodeasgenuine.Thecodeisperfectlydeaduntiltheyputanythingonitandstart

Page 60: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

60

pushingbuttons.Thisisusuallynotthecasewithcompiledsoftware,includingPGP,tosaynothingoftheimpossibilityoflookingatthecodeitselfandtrytofigureoutwhatitisdoing.Sowhichismoresecureagainsttampering?

Andforthesuper-paranoid,thosewholayawakeatnightworryingthatthey,orsomeonetheycommunicatewith,mightgettheirsecretsbeatenoutofthembynon-digitalmethods,PassLokhasahiddenchannelbuilt-in,whichPGPandS/MIMEhaveneverhadandprobablywillneverhave.ThismeansthatmostPassLokmessagesarecapableofcontaininganadditionalmessage,encryptedunderaseparatekey.Thosewhodonothavethatkeycannotobtainthesecondmessage,andneithercantheydetectwhetherornotthereisoneatall.Thisfunctionalityisaccessedbycheckingasingle“Hiddenmsg.”box,sonamedbecauseitisperfectlypossibletogeneratecompletelymisleadingexchangeswhiletheactualinformationisbeingconveyedthroughthesubliminalchannel.

Beginningwithversion1.4,PassLokalsohastheabilitytodisguiseitsoutputascommontextorwithinimages,whatisknownassteganography.Theprocessisasimpleone-buttonclick,whichisreversedwiththesameone-buttonclick.ThedefaulttextisEnglish,butyoucanchangethelanguagequiteeasily.Thisway,anyonescanningemailswillhaveamuchhardertimedetectingthatencryptionistakingplace.IfyouhidePassLok’soutputinsideanimage,thenewdatareplacesthenoisewithintheimage,sohumaneyes,orevenhighlyspecializedscanningprograms,areunabletodetectanythingbeingthere.

LetmejustmentiononelastkillerPassLokfeaturethatPGPcanonlydreamabout.ItturnsoutthatPassLokisnotrestrictedtoasynchronouscommunicationslikeemail.Beginningwithversion2.1,PassLokhasareal-timechatcomponentthatincludestheexchangeoftext,files,audio,andevenvideo.Forseveralparticipantsatthesametime.End-to-endencrypted.Usingasinglebuttonontheinterface.PassLokchat,whichisbasedonthenewWebRTCprotocolcurrentlysupportedbyChrome,Firefox,Opera,andacouplemorebrowsers,beginswithausermakingalockedinvitationforotheruserstojoininachat.Thisinvitationcanbesentoutsafelybyemailorsimilarmeans.Whenthetimeforthechatarrives,participantsonlyneedtoclickabuttontoopentheinvitation,givethemselvesnamesforthechat,andjoinin.Theconnectionisdirectbetweeneachpairofparticipants.Everythingisencryptedbythebrowseritselfandthereisnorecordanywhere.

AndI’llstophere.Icouldgoontalkingaboutdatacompression,whichmakesPasslok-lockeditemslessthanhalfthesizeofitemsencryptedwithotherprograms,oraboutReed-Solomonerrorcorrection,whichpreservesthefunctionalityofmostPassLokitemseveniftheyarecorrupted,oraboutvariablekeystretching,whichflicksthefingerathackersbyforcingthemtospendalotofcomputationaleffortontheworstpossibleKeychoices.Allunderthehood,sotheuserdoesn’tevenknowit’stherebutisbenefittingfromitnonetheless.ThelistoffeaturesuniquetoPassLokgoesonandon.

Tosummarize:

Page 61: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

61

• PGPforcesyoutokeepsecretfilesthatmightbelost,corrupted,orcompromised.PassLokusesnosecretfilesofanykind.Ifauserinsistsonstoringsecretmaterial,PassLokcansplititintopartsthatareuselessunlessthewholeset,orasubstantialpartofit,isputtogether.AnythingthatPassLokstoresforusers’convenienceisencrypted.

• PGPforcesyoutoinstallthingsinaparticularcomputer,andthenusethatcomputeroronesimilarlyequipped,whichmakesitdangerousifthatcomputeriscompromised.PassLokisaperfectlyportablewebapp;youcanuseanyPCorsmartphoneintheworld,soyoucanbesurethere’snofoulplay.EvenitsLockdirectoryisportable,andcanbemovedeasilyfromonedevicetoanother.TheChromeappversionsyncsautomaticallybetweencomputers.

• PGPpublickeysareverylongandunwieldy,includingcertifyingsignaturesinadditiontothekeysthemselves;signaturescanonlybereadbythePGPprogram.Thereareatleasttwokindsofkeys,RSAandDSAofdifferentbitlengths,whichareincompatiblewitheachother.Peopleareunabletoreadthecertificates,andmustrelyonthesoftwaretocheckthingsout.PassLokLocksareshort.Theyaretransmittedandverifiedinthesamewayasaphonenumberwithoutofficialkeyservers.Theycanbeauthenticatedthroughaseparatechannelorthroughanyofthemanyaudiovisualmethodsfreelyavailabletoday.

• PGPisbuiltontheRSApublickeyalgorithm,whichwouldneedkeyslongerthan3,000bitsforasecuritylevelcomparabletothatofPassLok,whichisbuilton255-bitellipticcurvemath.

• PGPstartedusingonlythe128-bitIDEAalgorithmforitsmainencryptionmethod(itallowsmoresecuremethodsnow).PassLokstartedoutwiththestrongest,256-bitversionofAES(a.k.a.Rijndael),thewinnerofthe2001NISTcontestforbestencryptionalgorithm,andsinceversion2.2usesXsalsa20,anopen-sourcestreamcipherofsecuritycomparabletothatofAES-256,butmuchfaster.S/MIMEusestriple-DES,whichlosttoAESinthatcontest.IDEAdidn’tevencompete.

• PGPonlydoesasymmetricencryption,possiblyaddingadigitalsignaturestepbeforetheencryption.PassLokalsodoessymmetricencryptiononaper-recipientbasis,ifsodesired.PassLokoptionallysignsmessagesatthesametimeasitencryptsthem.

• PGP-encryptedmessagescanbecrackedinthefuture,ascomputersbecomefaster.PassLokhasPadmode,whichistheoreticallyimpossibletocracknomatterhowmuchcomputerpowerisused.

• PGPrequirestheuseofacomputertoencryptanddecrypt.PassLokhasaHumanmodealgorithmthatcanbeperformedbyhandifnecessary,bothtoencryptandtodecrypt.

• PGPonlyadmitsoneencryptedmessageatatime.SodoesS/MIME.InPassLok,asecondmessagewhoseveryexistenceisimpossibletodetectcancoexistwiththemainmessage.

• PGPoutputseasilydetectablerandom-lookingstrings.PassLokcanproduceoutputthatlookslikenormaltext.Itcanalsohideitsoutputwithinimages,undetectabletotheeye.

Page 62: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

62

• PGPdoesonlyasynchronouscommunicationsuchasemail.PassLokincludesreal-time,peer-to-peersecurechat,whichcaninvolveevenvideo.

• PGPusesdifficulttounderstandterminologyderivedfromcryptologists’jargon.PassLokonlytalksaboutKeysandLocks.InPassLok,extensivehelpandtutorialvideosarealwaysjustoneclickaway.

Asatable:

PrettyGoodPrivacy(PGP)andS/MIME PassLok

Portable No Yes

OS-independent No Yes

Installation-free No Yes

Storage-free No Yes(storageavailable)

Smallpublickeys No Yes

Spreadpublickeysw/oInternet No Yes

Asymmetricencryptionmodes 1 3

Symmetricencryptionmodes 0 3

Forwardsecrecy No Yes

Quantum-resistantencryption No Yes

Human-computablemode No Yes

Shortmessagemode No Yes

Hiddenmessages No Yes

Faketextsteganography No Yes,5modes

Imagesteganography No Yes,2modes,+hidden

Secretsplitting No Yes

Page 63: PassLok manual 24 - passlok.weebly.compasslok.weebly.com/uploads/2/4/1/8/24187628/passlok_manual.pdf · rules in choosing Keys, so that a user’s secret Key can indeed be anything

63

Transparentauthentication No Yes

Real-timechat No Text,files,audio,video

Encryptionbitlength 128or256 256always

RSA-equivalentpublickeystrength 1024-or2048-bit +3000-bit

Variablekeystretching No Yes

Maininterfacepages many 1

Learnmode No Yes

Built-intutorialvideos No Yes

Jargon-free No Youbethejudge


Graham Keith Can Anything Good Come out of Allegory? The ... · Origen did not, however, systematically apply this threefold divi sion.7 Indeed, he recognized that some passages did

UTILITARIANISM · happiness is meant: pleasure and the absence of pain; by ... do not regard anything as happiness which does not include their gratification. I do not, indeed, consider

Easy Karaoke Song Book Including EssentialAlice Cooper School's Out EK048-13 School's Out EZC041-13 Alicia Keys Doesn't Mean Anything EKI45-08 Doesn't Mean Anything EZH082-08 Fallin

Hot Keys / Short-cut Keys

Pierre Bourdieu on social transformation, with …...transformation as well as accounting for continuities of power. Indeed, he provides two substantive keys for an understanding of

Arabic Vocabulary Bank - · PDF fileVerily, indeed, ﻥﱠﺇﹺ Indeed he ﻪ ﻧ ﺇﹺ Indeed they (m,pl) ﻢ ﻬ ﻧ ﺇﹺ Indeed she ﺎﻬ ﻧ ﺇﹺ Indeed they

indeed Indeed - a presentation for Indeed なう -

Judas and the Coming One World Religion and the Coming One...All attempts to rehabilitate Judas are designed to question the absolute destructive-ness of sin. Indeed, if anything in

am indeed rich

The Keys to Successful Marketing Personalization...2020/02/25  · Marketing personalization is increasingly easier and popular. Indeed, your prospects and clients expect relevant

The Indeed Workbook

Report Iconic Indeed

The Power of Words You will not find anything new in this presentation about words. You will be reminded that WHAT we say, and HOW we say it, can, indeed,

 · – 17 - Allah harm will never Indeed, they [the] disbelief. in(to) hasten in any portion for them He will set that not Allah intends (in) anything

The End of the Beginning - s3.amazonaws.com didn't like being in the dark about anything ... man and make him untouchable. Indeed, could the civilized world even survive ... "Curse

it proves that there was indeed codes of law in existence during the time of Moses and the Torah ) it provides keys to understanding why YHVH

On the Edge of the Big Muddy: The Taliban Resurgence in Afghanistan · 2016. 2. 29. · that Afghanistan is anything but a stable and secure country. Indeed, the situation in Afghanistan

Over Indeed Brochure_NL_EBOOK

Pengantar Teknologi Informasi · Keyboard Alphanumeric keys Function keys Modifier keys Cursor movement keys Numeric Pad keys

Chapter II – the creative work processes of economists9183/MackinnonThesis_.pdf · discovery that indeed ‘anything goes ... 1962; Gruber 1974/1981; Gruber and Davis 1988; Gruber

Will People Believe Anything? The Psychology of GullibilityOf the 138 people who started to attend meetings, 81 kept attending for at least three months. And, indeed, the average amount

Spirituality in Health Care: Seek and Ye Shall Find › files › rshm › files › ... · Indeed, research shows that spirituality – which can be deSned as anything that gives

A Gyanodaya Indeed!

Ultimate Real-Time — Monitor Anything, Update Anything

3 keys to Getting Customers Who Are Willing To Buy Anything From You

Free Indeed

Disciples Indeed

Keys activation keys windows

Six keys to being excellent in anything

Camping Electrical KEYS CUT All keys cut here Transponder ...discotrek.co.uk/pictures/bannertable.pdf · Camping Electrical KEYS CUT All keys cut here Transponder Keys LEO Central

Indeed Presentation

Keys to the Keys

Aceaommodations Are - tech.mit.edutech.mit.edu/V69/PDF/V69-N26.pdf · guessed that my sex was anything other than female; indeed, ... Atkinson 203. DEADLINE FOR ARRANGING ... ,W YORK,

Indeed - dauphin.it

06 Keys to Being Excellent in Anything