Thursday, November 5th, 2009

Clipperz and Zero-Knowledge Online Password Management

The latest in Jon Udell’s excellent podcast series is an interview with’s Marco Barulli about the tool and its use of zero-knowledge online password management (aka the host-proof hosting pattern).

Direct MP3 link (from IT Conversations post)

Jon speaks of translucent databases, which encrypt data that can only make sense at application level. Thanks to the dramatic increases we’ve seen in the performance of Javascript engines, that kind of encryption technology is now feasible in the browser.

Marco also makes the point that Javascript implementations of raw encryption algorithms were already available some years ago, but peripheral tools like password generation were not, and that’s come a long way too. Clipperz has its own crypto library licensed under AGPL.

Imagine a web application that would encrypt your credentials and store them in the cloud. It would deliver that encrypted store to any browser you happen to be using, along with a JavaScript engine that could decrypt it, display your credentials, and even use them to automatically log you onto any of your password-protected services. You’d trust it because its cryptographic code would be available for security pros to validate.

Posted by Michael Mahemoff at 6:17 pm

1.6 rating from 73 votes


Comments feed TrackBack URI

Host-Proof Hosting exists from years. Clipperz – like Passlet and Passpack – has born in the 2006. Ajaxian spoke about all them in these years. I am a bit surprised from this post.

Comment by Sullof — November 5, 2009

The interview took place last week. Clipperz and host-proof hosting are living things and continue to evolve.

Comment by Michael Mahemoff — November 5, 2009

I understand the security value in encrypting the database, or rather specific values in the database, but I have my doubts about client-side encryption.

What’s to prevent a hacker from patching the web server code so it also sends the unencrypted data to the server, or to a different server? If the purpose of host-proof hosting is preventing hackers from running away with sensitive data, how does doing encryption client-side make any difference if they have access to the server-side code?

Comment by Joeri — November 6, 2009

@joeri Agreed. I think the Ajaxian sysadmins should listen to you as it appears that they are storing passwords in the clear or at least in a decrypt-able state. Try using the “Forgot Password” tool and they’ll email you your password.

Comment by bentruyman — November 6, 2009

@Michael Mahemoff
I am very happy for this (Marco Barulli is a friend of mine) but the article seems to talk about something of absolutely innovative. Instead, Clipperz is today the almost same Clipperz of a year ago. I think that a blog as Ajaxian needs to be more scrupolous.

I am a Passpack founder and I deeply know as HPH works.
The difference between a ‘standard web app’ and an ‘Host-proof Hosting web app’ (using analogous server-side security measures) is substantial: in the first case, the user cannot know if someone is cracking his data; in the second the user can check the code and verify that something is happening. I don’t know what exactly Clipperz do, but Passpack check the client-side code from several external services. So if it changes, we know. I guess that Clipperz use similar security tecniques.

This is false. An HPH application cannot send you your password because it doesn’t know it.

PS: Sorry for my poor English, I am Italian :)

Comment by Sullof — November 6, 2009

Leave a comment

You must be logged in to post a comment.