clipperz

Recently we received several inquiries about our business model. How is Clipperz going to make money? From a security point of view this is a very sensible question to ask. The basic answer is: we really don’t know yet.

Many things happened in the last two weeks! You have probably seen many small and big changes at Clipperz website. As a result www.clipperz.com is no longer just a blog, but the home of a new online password manager. So, it’s time for a brief recap.

Slashdot says that NIST is planning to augment and revise the current Secure Hash Standard. Due to recent attacks on the SHA-1 hash function specified in FIPS 180-2, Secure Hash Standard, NIST is initiating an effort to develop one or more additional hash algorithms through a public competition, similar to the development process for the Advanced Encryption Standard (AES). In a recent interview to this blog, Vincent Rijmen of AES fame declared to be working mostly on hash functions: “[…] there are very interesting developments going on in the cryptanalysis of hash functions.

Vincent Rijmen is the belgian cryptographer that, together with Joan Daemen, developed the Rijndael block cipher. Their achievement was so remarkable that it was chosen by the National Institute of Standards and Technology of the United States (NIST) and ratified as a new standard, the Advanced Encryption Standard or simply AES.

At Clipperz we are huge fan of cryptography as a tool to empower users and protect freedom, therefore we are beholden to all the people who contributed to the development of this science. Among them a special thanks goes to Tom Wu who invented SRP, the Secure Remote Password protocol, at Stanford University during the late nineties. Today SRP is a widely appreciate authentication method and it is our choice for Clipperz online password manager. Tom Wu was so kind to answer some of our questions about SRP and its chances to gain even more traction in the future.

Prof. Eugene Spafford in his latest post talks about MyBlackBook, an unusual web service whose mission is “to provide people with a place to store their sexual history, partners, and experiences in a safe, secure and confidential place”. This New York based venture moved from the assumption that “one out of three people have some kind of sex log” mostly kept on paper. A solution that is hard to maintain and troublesome to protect from prying eyes.

During the last two days I had a chance to test drive Freenigma, the recently released email encryption service for webmail users. What I like more of Freenigma is its “Johnny can encrypt” approach. For the average Johnny, cryptography is insanely complex, while Freenigma makes a point of hiding this complexity under a very simple user interface.

Few days ago a fire destroyed Sealand, the independent state joke located on an abandoned anti-aircraft deck six miles off the British coast. The silly utopia of a data haven burned with it. HavenCo, the Sealand company running the offshore hosting service, was just a very badly planned business venture, but exotic enough to get good press coverage.

I like this guy! Phil Zimmermann quietly released a very neat application, Zfone as a reference application of his new cryptographic protocol ZRTP aimed to bring privacy to your VoIP calls. I hope it won’t cause him all the troubles that PGP brought him.

Few days ago Massimo Mantellini brought to my attention this Wired article from cryptography guru Bruce Schneier. It’s a brilliant short essay that explain how bold is the error of those confusing anonymity with accountability and how important is the quest for accountable systems, especially those accessed by anonymous users.