Hi folks, here's me again seeking ideas to make PassLok the best it can be.
PassLok (link at the bottom) is a free web app that does public-key cryptography using elliptic curves. Since it consists only of a single html file with Javascript code (all processing is client-side), there is a chance that an attacker might intercept the code or hack it at the source, and the user would be no wiser. To prevent this, I publish the SHA256 of the code (which PassLok itself can compute, though it is better to use an external utility), and then I read the resulting string in a Youtube video, with some background music. Both are linked from the PassLok help file. Here's the video I just made: https://www.youtube.com/watch?v=ZXWcIvLs4t0 I think that an attacker would have a very hard time making a fake video for the SHA256 of a counterfeit program, and therefore get away with tampering with the code. What do you think? Can you give me a better idea? Thanks! -- Francisco Ruiz Associate Professor MMAE department Illinois Institute of Technology PL12lok=KpYv+bqJ7pq0eqC664UlIcwfl1P8f8p12NUqFdg2bQ2gTQTBuOo09BQs3GGiYOQUuQmtnoceAxJoSzjvYEYOM0q=PL12lok get the PassLok privacy app at: http://passlok.com
-- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at [email protected] or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
