SlideShare une entreprise Scribd logo

Laverna vs etherpad

Télécharger en tant que PPTX, PDF
A
antitree

Brief analysis of Laverna, the javascript crypt it uses, and how well it defends against attack.

Technologie
1  sur  24
Laverna A tangential explanation of Laverna
You are Here Laverna Markdown Crypto Pbkdf2 Unnecesssary Visualization PBKDF2 For Blue Synchronization RemoteStorage.io Markdown.md Installation Conclusions Remotestorage.0wn .su
What are these words • Laverna and Etherpad are note taking services • I won’t talk about Etherpad because • Self-hosted alternatives to cloud apps like Evernote • Security and encryption are the focus here
Laverna • Node.js based local web page • HTML + JavaScript = no server required • Information is stored in the client you’re using • Encryptomagic • Remote storage options: • RemoteStorage.io (self-hosted) • Dropbox • Installation: • git clone git@github.com/laverna-static • Done
Markdown
Why? • Easy to convert into: • HTML • LaTeX • PDF • RTF… • Who supports MD? • Github (GFM) • Notepad++ • SublimeText • Everything on the Internet
Live Demo! MarkDown!!!! http://dillinger.io/
Encryption • All encryption happens client side (there is no server) • PBKDF2 • Manually entered salt (random) • Manually entered password • Can adjust iterations (1000 default) • AES 128 or 256 • Generated ciphers are stored in the browser local storage
Crypto/Sync JSON • {"id":"0cc9da4f-a47f-c9fd-e1ba- 55cb0ddb14e7", • "title":"{ • "iv":"uSrC4YzSxgvjueOBn+kb3A==",“ • v":1,“ • iter":"1000",“ • ks":128,“ • ts":64,“ • mode":"ccm","adata":"",“ • cipher":"aes",“ • salt":"ZwuH03ajWY0=",“ • ct":"WvpHRh50YbhdGeWFORR5b1xUui Rb • UID of the app • This is the title of my note • This is the IV for the note • Supports versioning of your note • PDKDF2 iterations • Key size is 128 • Something else size is 64 • Mode is CCM stream cipher • AES • Salt that you set • The cipher text of the title itself
• DK = Derived Key • PRF = HMAC - pseudorandom function like HMAC-SHA256 • c = Salt DK = PBKDF2(PRF, P, Salt, c, dkLen)
DK = PBKDF2(PRF, P, Salt, c, dkLen) Password Salt HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA Derived Key
What this defends against “monkey” Salt HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA Different Derived key
JustBlue Takeaway * This is from the Internet. Based on font, this is probably way off now
Laverna Crypto • PBKDF2 • Server never knows your key • Server never knows your keys • Fuck the cloud • Client side Crypto
Javascript Based Crypto • Not a big deal - it’ll be fine, what could go wrong • Relying on client side crypto with a server authenticator • Relying on client side crypto to protect client side information Well Actually
Back to Laverna
Syncing • Supports Dropbox
Syncing • Support RemoteStorage.io • Self-hosted remote storage similar to dropbox
Laverna Installation • Clone repository: git clone git@github.com:Laverna/laverna.git • Switch to stable version git checkout 0.5.0 • Install dependencies: npm install && bower install • Build minified version: grunt build • Build Dependencies: node.js, bower, grunt.
Operating Environment • Can host on any web server because crypto is on the client • Does not require PHP or programming environment • If remotely hosted, should be done over HTTPS • Github provides easy hosting over https for free • Can also run on your own computer
Wait have I done a demo yet? https://laverna.cc/index.html#notes
Here’s a diagram of something Laverna Etherpad Evernote License GPL GPL No Storage RemoteStorage, Dropbox None Sync with evernote Encryption PBKDF2 (AES) None (SSL with plugin) SSL + magic? Software JavaScript: Node.js, bower, grunt JavaScript Collaboration Not Realtime Yes Supports sharing Subfolders Infinite None Only 1 subfolder allowed Stored Format Json Export supports PDF, Word, and many other formats
Conclusion • Fuck the cloud • Use laverna • Use markdown • Use PBKDF2 • Use RemoteStorage.io (remotestorage.0wn.su?)
Laverna vs etherpad

Recommandé

Reinventing anon email
Reinventing anon emailReinventing anon email
Reinventing anon email
antitree
 
Docker Security
Docker SecurityDocker Security
Docker Security
antitree
 
Introduction to ethereum_public
Introduction to ethereum_publicIntroduction to ethereum_public
Introduction to ethereum_public
antitree
 
Building Python Development Station
Building Python Development StationBuilding Python Development Station
Building Python Development Station
Basim Aly (JNCIP-SP, JNCIP-ENT)
 
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
Leonardo Nve Egea
 
Using ansible vault to protect your secrets
Using ansible vault to protect your secretsUsing ansible vault to protect your secrets
Using ansible vault to protect your secrets
Excella
 
The Good, the Bad and the Ugly of Networking for Microservices by Mathew Lodg...
The Good, the Bad and the Ugly of Networking for Microservices by Mathew Lodg...The Good, the Bad and the Ugly of Networking for Microservices by Mathew Lodg...
The Good, the Bad and the Ugly of Networking for Microservices by Mathew Lodg...
Docker, Inc.
 
Vert.x for Microservices Architecture
Vert.x for Microservices ArchitectureVert.x for Microservices Architecture
Vert.x for Microservices Architecture
Idan Fridman
 

Recommandé

Reinventing anon email
Reinventing anon emailReinventing anon email
Reinventing anon email
antitree
 
Docker Security
Docker SecurityDocker Security
Docker Security
antitree
 
Introduction to ethereum_public
Introduction to ethereum_publicIntroduction to ethereum_public
Introduction to ethereum_public
antitree
 
Building Python Development Station
Building Python Development StationBuilding Python Development Station
Building Python Development Station
Basim Aly (JNCIP-SP, JNCIP-ENT)
 
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
Leonardo Nve Egea
 
Using ansible vault to protect your secrets
Using ansible vault to protect your secretsUsing ansible vault to protect your secrets
Using ansible vault to protect your secrets
Excella
 
The Good, the Bad and the Ugly of Networking for Microservices by Mathew Lodg...
The Good, the Bad and the Ugly of Networking for Microservices by Mathew Lodg...The Good, the Bad and the Ugly of Networking for Microservices by Mathew Lodg...
The Good, the Bad and the Ugly of Networking for Microservices by Mathew Lodg...
Docker, Inc.
 
Vert.x for Microservices Architecture
Vert.x for Microservices ArchitectureVert.x for Microservices Architecture
Vert.x for Microservices Architecture
Idan Fridman
 
An Introduction to Twisted
An Introduction to TwistedAn Introduction to Twisted
An Introduction to Twisted
sdsern
 
Building real time applications with Symfony2
Building real time applications with Symfony2Building real time applications with Symfony2
Building real time applications with Symfony2
Antonio Peric-Mazar
 
Introduction to OpenStack Cinder
Introduction to OpenStack CinderIntroduction to OpenStack Cinder
Introduction to OpenStack Cinder
Sean McGinnis
 
Node.js
Node.jsNode.js
Node.js
hotrannam
 
Neutron behind the scenes
Neutron behind the scenesNeutron behind the scenes
Neutron behind the scenes
inbroker
 
Sysdig - Introducing a new definition of Monitoring
Sysdig - Introducing a new definition of MonitoringSysdig - Introducing a new definition of Monitoring
Sysdig - Introducing a new definition of Monitoring
Ramit Surana
 
Node.js 101 with Rami Sayar
Node.js 101 with Rami SayarNode.js 101 with Rami Sayar
Node.js 101 with Rami Sayar
FITC
 
Penetration Testing Resource Guide
Penetration Testing Resource Guide Penetration Testing Resource Guide
Penetration Testing Resource Guide
Bishop Fox
 
Red Team vs Blue Team on AWS - RSA 2018
Red Team vs Blue Team on AWS - RSA 2018Red Team vs Blue Team on AWS - RSA 2018
Red Team vs Blue Team on AWS - RSA 2018
Teri Radichel
 
NATS: Simple, Secure and Scalable Messaging For the Cloud Native Era
NATS: Simple, Secure and Scalable Messaging For the Cloud Native EraNATS: Simple, Secure and Scalable Messaging For the Cloud Native Era
NATS: Simple, Secure and Scalable Messaging For the Cloud Native Era
wallyqs
 
How to Build Your First Web App in Go
How to Build Your First Web App in GoHow to Build Your First Web App in Go
How to Build Your First Web App in Go
All Things Open
 
Neutron VEB Plugin
Neutron VEB PluginNeutron VEB Plugin
Neutron VEB Plugin
BIM
 
AstriCon 2017 - Docker Swarm & Asterisk
AstriCon 2017 - Docker Swarm & AsteriskAstriCon 2017 - Docker Swarm & Asterisk
AstriCon 2017 - Docker Swarm & Asterisk
Evan McGee
 
London Hug 20/6 - Vault production
London Hug 20/6 - Vault productionLondon Hug 20/6 - Vault production
London Hug 20/6 - Vault production
London HashiCorp User Group
 
Vault
VaultVault
Vault
dawnlua
 
Nous Sommes Cyber - HTB Blue
Nous Sommes Cyber - HTB BlueNous Sommes Cyber - HTB Blue
Nous Sommes Cyber - HTB Blue
DianaWhitney4
 
BSides Ottawa 2019 - HTB Blue
BSides Ottawa 2019 - HTB BlueBSides Ottawa 2019 - HTB Blue
BSides Ottawa 2019 - HTB Blue
DianaWhitney4
 
London HUG 19/5 - Kubernetes and vault
London HUG 19/5 - Kubernetes and vaultLondon HUG 19/5 - Kubernetes and vault
London HUG 19/5 - Kubernetes and vault
London HashiCorp User Group
 
Bridges and Tunnels a Drive Through OpenStack Networking
Bridges and Tunnels a Drive Through OpenStack NetworkingBridges and Tunnels a Drive Through OpenStack Networking
Bridges and Tunnels a Drive Through OpenStack Networking
markmcclain
 
Orchestrating Least Privilege by Diogo Monica
Orchestrating Least Privilege by Diogo Monica Orchestrating Least Privilege by Diogo Monica
Orchestrating Least Privilege by Diogo Monica
Docker, Inc.
 
Rtlsdr presentation by alex 1/3/2014
Rtlsdr presentation by alex 1/3/2014Rtlsdr presentation by alex 1/3/2014
Rtlsdr presentation by alex 1/3/2014
Db Cooper
 
Just Mouse Jack Init
Just Mouse Jack InitJust Mouse Jack Init
Just Mouse Jack Init
antitree
 

Contenu connexe

Tendances

Node.js 101 with Rami Sayar
Node.js 101 with Rami SayarNode.js 101 with Rami Sayar
Node.js 101 with Rami Sayar
FITC
 

Tendances (20)

An Introduction to Twisted
An Introduction to TwistedAn Introduction to Twisted
An Introduction to Twisted
 
Building real time applications with Symfony2
Building real time applications with Symfony2Building real time applications with Symfony2
Building real time applications with Symfony2
 
Introduction to OpenStack Cinder
Introduction to OpenStack CinderIntroduction to OpenStack Cinder
Introduction to OpenStack Cinder
 
Node.js
Node.jsNode.js
Node.js
 
Neutron behind the scenes
Neutron behind the scenesNeutron behind the scenes
Neutron behind the scenes
 
Sysdig - Introducing a new definition of Monitoring
Sysdig - Introducing a new definition of MonitoringSysdig - Introducing a new definition of Monitoring
Sysdig - Introducing a new definition of Monitoring
 
Node.js 101 with Rami Sayar
Node.js 101 with Rami SayarNode.js 101 with Rami Sayar
Node.js 101 with Rami Sayar
 
Penetration Testing Resource Guide
Penetration Testing Resource Guide Penetration Testing Resource Guide
Penetration Testing Resource Guide
 
Red Team vs Blue Team on AWS - RSA 2018
Red Team vs Blue Team on AWS - RSA 2018Red Team vs Blue Team on AWS - RSA 2018
Red Team vs Blue Team on AWS - RSA 2018
 
NATS: Simple, Secure and Scalable Messaging For the Cloud Native Era
NATS: Simple, Secure and Scalable Messaging For the Cloud Native EraNATS: Simple, Secure and Scalable Messaging For the Cloud Native Era
NATS: Simple, Secure and Scalable Messaging For the Cloud Native Era
 
How to Build Your First Web App in Go
How to Build Your First Web App in GoHow to Build Your First Web App in Go
How to Build Your First Web App in Go
 
Neutron VEB Plugin
Neutron VEB PluginNeutron VEB Plugin
Neutron VEB Plugin
 
AstriCon 2017 - Docker Swarm & Asterisk
AstriCon 2017 - Docker Swarm & AsteriskAstriCon 2017 - Docker Swarm & Asterisk
AstriCon 2017 - Docker Swarm & Asterisk
 
London Hug 20/6 - Vault production
London Hug 20/6 - Vault productionLondon Hug 20/6 - Vault production
London Hug 20/6 - Vault production
 
Vault
VaultVault
Vault
 
Nous Sommes Cyber - HTB Blue
Nous Sommes Cyber - HTB BlueNous Sommes Cyber - HTB Blue
Nous Sommes Cyber - HTB Blue
 
BSides Ottawa 2019 - HTB Blue
BSides Ottawa 2019 - HTB BlueBSides Ottawa 2019 - HTB Blue
BSides Ottawa 2019 - HTB Blue
 
London HUG 19/5 - Kubernetes and vault
London HUG 19/5 - Kubernetes and vaultLondon HUG 19/5 - Kubernetes and vault
London HUG 19/5 - Kubernetes and vault
 
Bridges and Tunnels a Drive Through OpenStack Networking
Bridges and Tunnels a Drive Through OpenStack NetworkingBridges and Tunnels a Drive Through OpenStack Networking
Bridges and Tunnels a Drive Through OpenStack Networking
 
Orchestrating Least Privilege by Diogo Monica
Orchestrating Least Privilege by Diogo Monica Orchestrating Least Privilege by Diogo Monica
Orchestrating Least Privilege by Diogo Monica
 

En vedette

Rtlsdr presentation by alex 1/3/2014
Rtlsdr presentation by alex 1/3/2014Rtlsdr presentation by alex 1/3/2014
Rtlsdr presentation by alex 1/3/2014
Db Cooper
 
2600 av evasion_deuce
2600 av evasion_deuce2600 av evasion_deuce
2600 av evasion_deuce
Db Cooper
 
A brief history of teledildonics
A brief history of teledildonicsA brief history of teledildonics
A brief history of teledildonics
Db Cooper
 
28c3 in 15
28c3 in 1528c3 in 15
28c3 in 15
antitree
 

En vedette (14)

Rtlsdr presentation by alex 1/3/2014
Rtlsdr presentation by alex 1/3/2014Rtlsdr presentation by alex 1/3/2014
Rtlsdr presentation by alex 1/3/2014
 
Just Mouse Jack Init
Just Mouse Jack InitJust Mouse Jack Init
Just Mouse Jack Init
 
Nsa and vpn
Nsa and vpnNsa and vpn
Nsa and vpn
 
Salander v bond 2600
Salander v bond 2600Salander v bond 2600
Salander v bond 2600
 
2600 av evasion_deuce
2600 av evasion_deuce2600 av evasion_deuce
2600 av evasion_deuce
 
State of wifi_2016
State of wifi_2016State of wifi_2016
State of wifi_2016
 
A brief history of teledildonics
A brief history of teledildonicsA brief history of teledildonics
A brief history of teledildonics
 
How [not] to throw a b sides
How [not] to throw a b sidesHow [not] to throw a b sides
How [not] to throw a b sides
 
28c3 in 15
28c3 in 1528c3 in 15
28c3 in 15
 
0x20 hack
0x20 hack0x20 hack
0x20 hack
 
Image based automation
Image based automationImage based automation
Image based automation
 
Meek and domain fronting public
Meek and domain fronting publicMeek and domain fronting public
Meek and domain fronting public
 
Android Hacking
Android HackingAndroid Hacking
Android Hacking
 
26 Disruptive & Technology Trends 2016 - 2018
26 Disruptive & Technology Trends 2016 - 201826 Disruptive & Technology Trends 2016 - 2018
26 Disruptive & Technology Trends 2016 - 2018
 

Similaire à Laverna vs etherpad

Apache Wizardry - Ohio Linux 2011
Apache Wizardry - Ohio Linux 2011Apache Wizardry - Ohio Linux 2011
Apache Wizardry - Ohio Linux 2011
Rich Bowen
 
Aditya - Hacking Client Side Insecurities - ClubHack2008
Aditya - Hacking Client Side Insecurities - ClubHack2008Aditya - Hacking Client Side Insecurities - ClubHack2008
Aditya - Hacking Client Side Insecurities - ClubHack2008
ClubHack
 
Adventures with Podman and Varlink
Adventures with Podman and VarlinkAdventures with Podman and Varlink
Adventures with Podman and Varlink
Jeremy Brown
 
Deep dive into highly available open stack architecture openstack summit va...
Deep dive into highly available open stack architecture openstack summit va...Deep dive into highly available open stack architecture openstack summit va...
Deep dive into highly available open stack architecture openstack summit va...
Arthur Berezin
 
AMF Flash and .NET
AMF Flash and .NETAMF Flash and .NET
AMF Flash and .NET
Yaniv Uriel
 
LyonJUG - Combo - Quick Cloud Foundry Intro + Cloud Best Practices
LyonJUG - Combo - Quick Cloud Foundry Intro + Cloud Best PracticesLyonJUG - Combo - Quick Cloud Foundry Intro + Cloud Best Practices
LyonJUG - Combo - Quick Cloud Foundry Intro + Cloud Best Practices
Eric Bottard
 
Getting Buzzed on Buzzwords: Using Cloud & Big Data to Pentest at Scale
Getting Buzzed on Buzzwords: Using Cloud & Big Data to Pentest at ScaleGetting Buzzed on Buzzwords: Using Cloud & Big Data to Pentest at Scale
Getting Buzzed on Buzzwords: Using Cloud & Big Data to Pentest at Scale
Bishop Fox
 

Similaire à Laverna vs etherpad (20)

第0回ワススタ!! #wasbookを読もう
第0回ワススタ!! #wasbookを読もう第0回ワススタ!! #wasbookを読もう
第0回ワススタ!! #wasbookを読もう
 
Apache Cookbook - TekX Chicago 2010
Apache Cookbook - TekX Chicago 2010Apache Cookbook - TekX Chicago 2010
Apache Cookbook - TekX Chicago 2010
 
NullMQ @ PDX
NullMQ @ PDXNullMQ @ PDX
NullMQ @ PDX
 
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
 
Kuby, ActiveDeployment for Rails Apps
Kuby, ActiveDeployment for Rails AppsKuby, ActiveDeployment for Rails Apps
Kuby, ActiveDeployment for Rails Apps
 
Apache Wizardry - Ohio Linux 2011
Apache Wizardry - Ohio Linux 2011Apache Wizardry - Ohio Linux 2011
Apache Wizardry - Ohio Linux 2011
 
Aditya - Hacking Client Side Insecurities - ClubHack2008
Aditya - Hacking Client Side Insecurities - ClubHack2008Aditya - Hacking Client Side Insecurities - ClubHack2008
Aditya - Hacking Client Side Insecurities - ClubHack2008
 
Adventures with Podman and Varlink
Adventures with Podman and VarlinkAdventures with Podman and Varlink
Adventures with Podman and Varlink
 
(STG205) Secure Content Delivery Using Amazon CloudFront
(STG205) Secure Content Delivery Using Amazon CloudFront(STG205) Secure Content Delivery Using Amazon CloudFront
(STG205) Secure Content Delivery Using Amazon CloudFront
 
Top ten-list
Top ten-listTop ten-list
Top ten-list
 
A Tale of 2 Systems
A Tale of 2 SystemsA Tale of 2 Systems
A Tale of 2 Systems
 
Web Crypto
Web CryptoWeb Crypto
Web Crypto
 
Deep dive into highly available open stack architecture openstack summit va...
Deep dive into highly available open stack architecture openstack summit va...Deep dive into highly available open stack architecture openstack summit va...
Deep dive into highly available open stack architecture openstack summit va...
 
AMF Flash and .NET
AMF Flash and .NETAMF Flash and .NET
AMF Flash and .NET
 
Fluentd meetup
Fluentd meetupFluentd meetup
Fluentd meetup
 
XMPP/Jingle(VoIP)/Perl Ocean 2012/03
XMPP/Jingle(VoIP)/Perl Ocean 2012/03XMPP/Jingle(VoIP)/Perl Ocean 2012/03
XMPP/Jingle(VoIP)/Perl Ocean 2012/03
 
Silverlight vs HTML5 - Lessons learned from the real world...
Silverlight vs HTML5 - Lessons learned from the real world...Silverlight vs HTML5 - Lessons learned from the real world...
Silverlight vs HTML5 - Lessons learned from the real world...
 
LyonJUG - Combo - Quick Cloud Foundry Intro + Cloud Best Practices
LyonJUG - Combo - Quick Cloud Foundry Intro + Cloud Best PracticesLyonJUG - Combo - Quick Cloud Foundry Intro + Cloud Best Practices
LyonJUG - Combo - Quick Cloud Foundry Intro + Cloud Best Practices
 
Getting Buzzed on Buzzwords: Using Cloud & Big Data to Pentest at Scale
Getting Buzzed on Buzzwords: Using Cloud & Big Data to Pentest at ScaleGetting Buzzed on Buzzwords: Using Cloud & Big Data to Pentest at Scale
Getting Buzzed on Buzzwords: Using Cloud & Big Data to Pentest at Scale
 
Making development environments not suck | #econfpsu #econfpsu16
Making development environments not suck | #econfpsu #econfpsu16Making development environments not suck | #econfpsu #econfpsu16
Making development environments not suck | #econfpsu #econfpsu16
 

Plus de antitree

Salander v bond b sides detroit final v3
Salander v bond b sides detroit final v3Salander v bond b sides detroit final v3
Salander v bond b sides detroit final v3
antitree
 
Pentesting embedded
Pentesting embeddedPentesting embedded
Pentesting embedded
antitree
 

Plus de antitree (12)

Hardening ssh configurations
Hardening ssh configurationsHardening ssh configurations
Hardening ssh configurations
 
Salander v bond b sides detroit final v3
Salander v bond b sides detroit final v3Salander v bond b sides detroit final v3
Salander v bond b sides detroit final v3
 
Pentesting embedded
Pentesting embeddedPentesting embedded
Pentesting embedded
 
Tor
TorTor
Tor
 
Corporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence communityCorporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence community
 
Lock picking barcamp
Lock picking barcampLock picking barcamp
Lock picking barcamp
 
Lock picking 2600
Lock picking 2600Lock picking 2600
Lock picking 2600
 
Anti tree firesheep
Anti tree firesheepAnti tree firesheep
Anti tree firesheep
 
Hackerspaces
HackerspacesHackerspaces
Hackerspaces
 
Intro to IPv6 by Ben Woodruff
Intro to IPv6 by Ben WoodruffIntro to IPv6 by Ben Woodruff
Intro to IPv6 by Ben Woodruff
 
Anonymity Systems: Tor
Anonymity Systems: TorAnonymity Systems: Tor
Anonymity Systems: Tor
 
Dll hijacking
Dll hijackingDll hijacking
Dll hijacking
 

Dernier

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Dernier (20)

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 

Laverna vs etherpad

  • 2. You are Here Laverna Markdown Crypto Pbkdf2 Unnecesssary Visualization PBKDF2 For Blue Synchronization RemoteStorage.io Markdown.md Installation Conclusions Remotestorage.0wn .su
  • 3. What are these words • Laverna and Etherpad are note taking services • I won’t talk about Etherpad because • Self-hosted alternatives to cloud apps like Evernote • Security and encryption are the focus here
  • 4. Laverna • Node.js based local web page • HTML + JavaScript = no server required • Information is stored in the client you’re using • Encryptomagic • Remote storage options: • RemoteStorage.io (self-hosted) • Dropbox • Installation: • git clone git@github.com/laverna-static • Done
  • 6. Why? • Easy to convert into: • HTML • LaTeX • PDF • RTF… • Who supports MD? • Github (GFM) • Notepad++ • SublimeText • Everything on the Internet
  • 8. Encryption • All encryption happens client side (there is no server) • PBKDF2 • Manually entered salt (random) • Manually entered password • Can adjust iterations (1000 default) • AES 128 or 256 • Generated ciphers are stored in the browser local storage
  • 9. Crypto/Sync JSON • {"id":"0cc9da4f-a47f-c9fd-e1ba- 55cb0ddb14e7", • "title":"{ • "iv":"uSrC4YzSxgvjueOBn+kb3A==",“ • v":1,“ • iter":"1000",“ • ks":128,“ • ts":64,“ • mode":"ccm","adata":"",“ • cipher":"aes",“ • salt":"ZwuH03ajWY0=",“ • ct":"WvpHRh50YbhdGeWFORR5b1xUui Rb • UID of the app • This is the title of my note • This is the IV for the note • Supports versioning of your note • PDKDF2 iterations • Key size is 128 • Something else size is 64 • Mode is CCM stream cipher • AES • Salt that you set • The cipher text of the title itself
  • 10. • DK = Derived Key • PRF = HMAC - pseudorandom function like HMAC-SHA256 • c = Salt DK = PBKDF2(PRF, P, Salt, c, dkLen)
  • 11. DK = PBKDF2(PRF, P, Salt, c, dkLen) Password Salt HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA Derived Key
  • 12. What this defends against “monkey” Salt HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA HMAC-SHA Different Derived key
  • 13. JustBlue Takeaway * This is from the Internet. Based on font, this is probably way off now
  • 14. Laverna Crypto • PBKDF2 • Server never knows your key • Server never knows your keys • Fuck the cloud • Client side Crypto
  • 15. Javascript Based Crypto • Not a big deal - it’ll be fine, what could go wrong • Relying on client side crypto with a server authenticator • Relying on client side crypto to protect client side information Well Actually
  • 18. Syncing • Support RemoteStorage.io • Self-hosted remote storage similar to dropbox
  • 19. Laverna Installation • Clone repository: git clone git@github.com:Laverna/laverna.git • Switch to stable version git checkout 0.5.0 • Install dependencies: npm install && bower install • Build minified version: grunt build • Build Dependencies: node.js, bower, grunt.
  • 20. Operating Environment • Can host on any web server because crypto is on the client • Does not require PHP or programming environment • If remotely hosted, should be done over HTTPS • Github provides easy hosting over https for free • Can also run on your own computer
  • 21. Wait have I done a demo yet? https://laverna.cc/index.html#notes
  • 22. Here’s a diagram of something Laverna Etherpad Evernote License GPL GPL No Storage RemoteStorage, Dropbox None Sync with evernote Encryption PBKDF2 (AES) None (SSL with plugin) SSL + magic? Software JavaScript: Node.js, bower, grunt JavaScript Collaboration Not Realtime Yes Supports sharing Subfolders Infinite None Only 1 subfolder allowed Stored Format Json Export supports PDF, Word, and many other formats
  • 23. Conclusion • Fuck the cloud • Use laverna • Use markdown • Use PBKDF2 • Use RemoteStorage.io (remotestorage.0wn.su?)