Categories

Developer

F. Ruiz

PassLok Universal v0.5.10

  • rating
  • rating
  • rating
  • rating
  • rating
0 (0 reviews)
High security encryption for any email, plus Passwords. PassLok Universal PassLok Universal PassLok Universal PassLok Universal PassLok Universal PassLok Universal

TAKE PRIVACY INTO YOUR OWN HANDS

Easy, end-to-end secure encryption for email and other web-based communication systems, plus real-time chat, that does not rely on servers and is therefore immune to hacking or government intervention. Very similar to PassLok for Email, also in this store, except that it supports Any Email Service, and not just Gmail, Yahoo, and Outlook online.

PassLok Universal is also a full-fledged password manager which, unlike most other managers out there, does NOT involve a server, yet it syncs between computers. Its password management engine is that of SynthPass, also in this store.

And if you're not exchanging messages or filling passwords, clicking the PassLok Universal icon will allow you to save secure notes on any website, or to load it into a special "Incognito" page that loads within the normal Chrome window. This function, also available via the right-click menu, is borrowed from Page Cage, also in this store.

--PassLok for Email is incredibly easy to use--

To encrypt a message or file, just click the PassLok icon when the email service's Compose or Reply window is visible. A popup will take your private message and encrypt it with the click of a button. Then you can send it out like any other message, or as an attachment.

To decrypt it, display the encrypted message and click the PassLok icon. A popup will show the decrypted message or file immediately, if there is one.

PassLok asks you for your Password only once. It can be anything you want, so you can actually remember it. PassLok will evaluate its strength and compensate for its weakness by lengthening the computations. It won't be stored or sent anywhere, and PassLok will forget it after five minutes of inactivity.

If you want to change your Password, go ahead and start using a new one when PassLok asks you for it. You may be asked for the old Password if PassLok can't decrypt something, but otherwise that's all you'll have to do.

--Lots of power in a slender package--

You can use either of these five encryption modes, by just clicking a button:

1. Signed mode: encrypted messages can be decrypted again, so long as the recipients supply their authentic passwords. Recipients are also assured that the message was encrypted by the sender.

2. Read-once mode: after a few encrypted messages have been exchanged they can no longer be decrypted by anyone, even if they supply the correct passwords.

3. Chat mode: you can make invitations which, when decrypted by the recipients, open a webRTC real-time chat session where participants are directly connected to one another. The chat session includes text, files, audio, and even video.

4. Anonymous mode: for when you are using a dummy email account or otherwise do not wish to reveal your identity.

5. Shared password mode: most secure when you have previously shared a secret with the recipients

PassLok Universal allows you to encrypt files and images as well. Just load them with a toolbar button. You can also encrypt them separately and load them as regular attachments.

For the very paranoid (and who isn't these days?), PassLok Universal includes four special features:

1. Encrypt to image: the message is encrypted into an image you supply and then attach to your email, so the presence of a hidden message cannot be detected even by computer analysis.

2. Concealed mode: the encrypted message does not look encrypted, but actually looks like normal text. PassLok still detects it and decrypts it normally, though.

3. Invisible mode: the encrypted material cannot be seen at all. It is hidden in the space between the lines of an otherwise normal message.

4. Hidden msg: there is a hidden message in addition to the regular message, and it is encrypted by a separate key. The hidden message is completely undetectable to those who don't know it exists. Images also can contain hidden messages.

--State-of-the art security--

PassLok is based on the NaCl encryption engine, which uses 255-bit standard elliptic curves vetted against weaknesses by experts. On top of that, it uses the 256-bit XSalsa20 symmetric cipher, a high-performance, open source algorithm, which has been scrutinized by experts for nearly a decade without any practical weaknesses being found.

The image-encryption part of PassLok, developed in-house but open-source, has recently been shown to be much harder to detect than F5, the champion steganography tool until now.

PassLok does not use servers that might eventually compromise your private data. All encryption is done client-side. All data sent to the email server is encrypted, and they don't have the password that decrypts it.

With PassLok, you can actually SEE that that your messages have been encrypted. You can also see the code. PassLok hides nothing from you.

--PassLok Universal may be the only password manager you'll ever use--

It's a different kind of password manager: it is a password synthesizer.

With PassLok Universal, there is no "vault" that has to be protected from hackers because your passwords are synthesized on the fly, just as you need them. PassLok-made passwords are always high strength and comprise letters, numbers, and special characters. Passwords for different websites are guaranteed to be totally different.

You never have to change your Master Password. When a website forces you to change its password, simply change the optional serial that is used to synthesize that password. PassLok will remember the serial, as well as your user ID. Your Master Password will never be stored, and it disappears from memory after five minutes not using it.

But if you absolutely must use a certain password, PassLok got you covered too! It is encrypted before storage and synced with the browser itself, so no third parties need to be involved.

Unlike conventional password managers, PassLok
- won't pop up and interrupt your flow; it is activated only when you click its icon on the browser toolbar
- won't force you to store anything secret, only user IDs and optional serials, if you allow it
- is always available, because it does not have to connect to "the Cloud"
- makes only strong passwords
- won't ask you for money
- won't show ads

PassLok Universal uses the SynthPass engine, which is based on the WiseHash key-stretching algorithm. WiseHash evaluates the information entropy of your Master Password and subjects it to a variable number of rounds of SCRYPT key-stretching. The weaker the password, the more stretching. This forces would-be hackers to spend an inordinate amount of computer time testing weak passwords before they can get to yours. PassLok displays an accurate measurement of your Master Password's entropy to help you come up with a strong one.

--PassLok Universal improves on Incognito mode--

If you are neither encrypting email nor filling passwords, clicking the PassLok Universal icon displays a popup with two nifty functions:

1. You can save a note on any website, which syncs with it and is securely encrypted. Again, no servers involved. The content can be anything, not just passwords.

2. Or you can put the whole page into an "Isolation cage" similar to incognito mode, but running next to your regular tabs. The cage also contains links to Web search services that won't track you (or so they say, we don't make claims about it), and additional free apps in PassLok's family. This is the same functionality as that of Page Cage, also in this store.

PassLok Universal is fully compatible with PassLok for Email and SynthPass, and is now in public beta testing.