It’s the age of surveillance what made the Use of Encryption so widely that it has become a need of law enforcement agencies, cyber criminals as well as every individual. But, encryption is not so easy.
To solve this problem, a 23-year old Cryptocat developer Nadim Kobeissi is ready to release a simple solution to deliver strong encryption at the HOPE hacker conference in New York later this month, which may soon come as an extension for Google Chrome web browser, Wired reported.
The encryption program is dubbed as miniLock, which is a free and open-source browser plugin designed to let anyone encrypt and decrypt files in seconds using a drag-and-drop interface with practically unbreakable cryptographic protection.
“The tagline is that this is file encryption that does more with less,” says Kobeissi, activist and security consultant. “It’s super simple, approachable, and it’s almost impossible to be confused using it.”
Drag-and-drop interface here means, miniLock offers an area where files can be dropped into the program for encryption and encrypts the data in such a manner that leaving recipient, nobody—not even law enforcement units or government intelligence agencies—could able to decrypt and read it.
The encryption program miniLock can be used to work with all type of files, from multimedia to documents and even items stored on a USB drive and encrypts files for secure storage on Dropbox or Google Drive.
miniLock encryption program relies on asymmetric encryption, just like PGP (Pretty Good Privacy), which requires two separate cryptographic keys, public key and private key, for encrypting and decrypting the information. Users share the public key with the one who wants to send them files securely, while the private key is always with the user protected and concealed.
But, in case of miniLock, user needs to enter a passphrase—a strong one with as many as 30 characters or a lot of symbols and numbers—from which the program will derive a public key, called a miniLock ID, and a private key, which is never been seen by the user and gets vanished when the program get closed. Both generated keys are same every time the user enters the passphrase.
This trick of generating the same keys again and again in every session, makes the application usable on any computer without getting worry about the safety of storing the sensitive private key.
Additionally, the automatic generation and management of the public and private keys are exactly what makes the miniLock program easy to use even by an average user who always looks for a simple as well as secure solution to protect their information when sending it over the web.
“No logins, and no private keys to manage. Both are eliminated. That’s what’s special,” says Kobeissi. “Users can have their identity for sending and receiving files on any computer that has miniLock installed, without needing to have an account like a web service does, and without needing to manage key files like PGP.”
This is why, the type of protection the program is providing cannot be descrambled even by law enforcement and government intelligence agencies, which makes it one of the most secure kinds of encryption program.
Because miniLock uses an elliptic curve cryptography flavour of encryption, MiniLock IDs are 44 characters long, while PGP’s public keys often reach almost a page with random text. This small size of keys makes the sharing possible through different communication channels such as a Twitter post or even a phone SMS message.
The full technical explanation of miniLock’s elliptic curve will be presented by Kobeissi at the HOPE conference in New York, starting July 18. He will present a beta version of the miniLock program at the New York conference, as the encryption program he proposes is currently in its experimental stage of development.
miniLock as an extension for Google Chrome web browser won't initially be released, instead the code will be soon available for review on GitHub, so that the flaws and loopholes are eliminated before the release of the tool in Chrome Web Store.
Reference- http://thehackernews.com/
No comments:
Post a Comment