What is Clipperz?
What does Clipperz mean?
Actually we re-used Clipperz name from a different project.
But then we liked the fact that “clipperZ” sounds like an hacker/anarchist jargon word. To us, it makes fun of the whole original clipper chip concept. But no Big Brother here, just your “clipZ” of private information to protect!
Why should I trust Clipperz with my confidential data?
Clipperz leverages the capabilities of modern browsers to efficiently execute Javascript code. All your private information are locally encrypted before storing them on Clipperz servers. So you don’t need to trust Clipperz because you are just giving Clipperz a bunch of scrambled and twisted bits.
Are there any back doors in Clipperz?
No. There never have been, and never will be, at least as long as Marco and Giulio Cesare are associated with the product. Besides, we publish the source code, so you can check it yourself.
How can I suggest ideas for new features or report a bug?
The best way is to visit the Clipperz Forum. Feel free to describe the new features you are dreaming of. Also, if you get an error of some sort please let us know by posting there. We’ll also post back as we work through the list of bug fixes. Thanks! The Clipperz Forum is regularly patrolled by Clipperz staff. Please check the existing posts to see if your question has already been asked.
What are the system requirements?
To date, you only need any recent version of a Internet Explorer, Opera or any Mozilla-based browser, such as Firefox. Support for other browsers is coming soon as well. We do recommend that you use a reasonably powerful computer, and a fast Internet connection, because that will make it more fun.
How to get rid of Firefox “unresponsive script” pop-up dialog boxes?
Heavy Javascript computations can lead Firefox to display the following warning message:
“Unresponsive script. A script on this page may be busy, or it may have stopped responding. You can stop the script now, or you can continue to see if the script will complete.”
It’s a very useful and well-thought feature, but also very annoying. To improve things let Firefox know that you need more time to complete your scripts. Follow these steps:
To be comfortable while using Clipperz we suggest a value between 30 and 60 seconds.
I’ve forgotten my passphrase!
Sorry, Clipperz staff is unable to recover your passphrase. But soon you will able to use Clipperz’s sharing capabilities to set up your own “recovery procedure”.
I’ve deleted my account, but didn’t really want to! What do I do?
Although we’re sorry that you’ve deleted your account, we’re happy that you want to come back to Clipperz! Unfortunately, all the cards within your deleted account were also removed from the system. Your best option is to re-register with Clipperz and enter again all your cards.
Is Clipperz really free? Will it always be free?
Yes, you can use Clipperz for free. We don’t know yet how the service will evolve and we might start charging an annual fee. Anyway, Clipperz believes that everyone should have the right to keep their little secrets in a safe and secure place therefore a free plan will always be available.
I love it! Clipperz is great! Can I just give you money?
Yes, thanks! Just visit this Donations page.
Are my cards ever deleted?
No, your cards will not be deleted, unless you do it yourself, or you delete your account, or you violate our Terms of Service.
Are Clipperz accounts really anonymous?
Yes. Clipperz does not require any personal information to setup your account. Just freely choose a username and you are done. No email address or phone number is required. If paid accounts are ever introduced, Clipperz will ask you to provide only the personal information needed for the invoicing and billing procedures. But it won’t be possible to relate these personal information to the confidential data stored in your Clipperz cards.
What is a passphrase?
A passphrase is a sequence of words or other text used to control access to a computer system, program or data. A passphrase is similar to a password in usage, but is generally longer for added security. Passphrases are often used to control both access to, and operation of, cryptographic programs and systems. Passphrases are particularly applicable to systems that use the passphrase as an encryption key. The origin of the term is by analogy with “password”. The modern concept of passphrases is believed to have been invented by Sigmund N. Porter in 1982. (from Wikipedia)
What is entropy?
Entropy, or more precisely “information entropy”, is the measure for randomness. An intuitive understanding of information entropy relates to the amount of uncertainty about picking a password, i.e. an object that could be translated in a string of bits. “If you have a 32-bit word that is completely random, then it has 32 bits of entropy. If the 32-bit word takes only four different values, and each values has a 25% chance of occurring, then then the word has 2 bits of entropy.” (Practical Cryptography, B. Schneier and N. Ferguson, p.155)
Why is Clipperz asking for a passphrase instead of a password?
Clipperz has been designed to obtain a 128-bit security level. That means that an attacker needs to perform at least 2128 steps of “work”. Each step could be something as simple as looking something up in a table or as complex as computing some cryptographic function for certain values.
Your passphrase is part of the security chain of Clipperz and, because a security system is only as strong as its weakest link, it is highly recommended you pick a passphrase with a good amount of entropy.
If your passphrase has little entropy, say 24 bits, it can be attacked with an exhaustive search, i.e. with 224 steps. Hence the overall security will drop at a 24-bit level due to the weak passphrase.
Passwords are usually 6-10 character long and therefore they cannot have more than about 30 bits of entropy. Not enough to protect your data against serious attackers.
How long should the passphrase be?
Long enough to have about 128 bits of entropy. But since entropy is a measure for randomness, it all depends on how you build your passphrase.
If you choose a random selection of letters from the standard 26 letter alphabet, you need
128 / log2(26) = 27.23 ~ 28
characters, maybe difficult to memorize, but not impossible.
If you use all printable ASCII characters, you end up with 95 possible characters to work with. This lead to
128 / log2(95) = 19.48 ~ 20
random characters. But memorizing 20 random characters is probably more difficult than 28 lowercase letters …
A good dictionary in one of the most common languages has about 100,000 words in it. If you build your passphrase selecting random words from it, you need
128 / log2(100,000) = 7.7 ~ 8
words. This is a decent way to generate a passphrase except that it is kind of hard to remember sometimes. This is pretty easy to type though. This approach has been used in the Diceware method of passphrase generation.
Is there a minimum allowed length for a passphrase? What happens if I use Clipperz with a low-entropy passphrase?
There are no constraints on passphrase lengths. You are free to choose even a one letter passphrase, but you should be aware that the overall security of the service is lowered by the weakness of your passphrase.
With the intrinsic strength of modern cryptography, the user password or phrase is becoming more and more the focus of vulnerability and attacks.
What if I use another language?
Using your native language is probably an obvious choice. But the entropy per character is roughly the same for most of the common languages. Dictionary attacks in another language would run in the same manner as a dictionary attack in English.
What if I use common phrases or quotes?
Don’t use them ever. There are plenty of quote repositories and your passphrase could be discovered in a relatively short amount of time without any special hardware. If you can find the phrase in any published work then don’t use it. A simple background search will reveal what kind of music, books, TV shows, movies, games, hobbies, and everything else you might use. All the common phrases will be tried on the first pass of a key search.
Does odd spelling, punctuation and capitalization help?
A popular trick is to substitute digits for letters, or to randomly capitalize certain letters. Using this kind of “0dd sp3LLing5 and CaP!tal!ZaTiOn” will slightly increase the entropy of your passphrase, but it will not provide a good defense against brute force search attacks.