Clipperz: Your Browser As Security Tool

I’ve come across a web-based service called Clipperz that may at first glance seem just a password manager, but the service can be as broad as any user wants it to be.

First, some highlights. It’s platform (OS) neutral — it uses the browser’s javascript capabilities to encrypt information locally and upload it, in encrypted form, to their servers for storage. It works with Firefox, Opera, MSIE, etc. So you can use it on any operating system and continue to access service if you change temporarily (such as borrowing a friend’s computer). It’s completely portable so you can access it from any computer, any time, anywhere. It allows you to store your passwords, certificates, and any other online credentials. You can use it to manage and auto-log into your online accounts through one interface. It can also be used to encrypt and manage other text-based information like PINs, access codes, confidential notes, etc., so they can be accessed from anywhere.

Second, some technical information. They use standard 128-bit encryption (SRP, AES, SHA-2, ECC, Fortuna PRNG, SSSS) which all occurs on your own computer using javascript. You keep your own key (Clipperz doesn’t); you lose it, you’re screwed. All they get on the server-side is scrambled data. They don’t know what you’ve uploaded, they don’t even know who you are; your account isn’t tied to an e-mail account, but to your own registered account. They don’t install anything on your computer.

Third, some minor concerns. Encryption is only as strong as the protocols used: stronger passphrases are harder to break than weak ones. I’m also not keen on the idea of storing PINs, account passwords, and information best not shared with the world on someone else’s servers; Clipperz does have an offline copy, which basically dumps what they have in your account down to your computer. The offline copy can’t be modified; modifications are online. And since it’s encrypted, the offline copy is only accessible by passphrase.

This could be a solution for people who use multiple computers and are concerned about the security of data they need to access and store online.

Coming soon: a review of PassPack, a competing service to Clipperz.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: