Opening the pages of this month’s Linux User & Developer magazine, you’ll not only find my usual four-page news spread but also a two-page review of some rather snazzy new encryption software: Encryptr.
Cloud-powered password managers are all the rage these days – I use one myself – but they all suffer from one fatal flaw: storing the keys to your digital kingdom on someone else’s server is risky business. Services like LastPass try to work around this by performing encryption and decryption client-side, but anything that allows you to log into a website and view your data is a risk – but one that could be worth taking thanks to the plus sides, such as synchronising password changes between devices and allowing you to use unique, complex passwords freed from the requirement to memorise them.
Encryptr is an open-source project which looks to offer the best of cloud-based and local password management. Developed by an employee of noted zero-knowledge backup service SpiderOak, Encrypt is based on the company’s Crypton framework. Unlike traditional cryptographic systems, Crypton promises security by ensuring that the remote server has no information – hence ‘zero-knowledge’ – of the data or how it was encrypted.
It’s a neat system, and Encryptr goes quite some way to demonstrating how easy it is to build around the Crypton framework, but it’s early days for the software. It’s still missing some key features – it currently uploads to a pre-set cloud server under the author’s control, with no option to choose your own storage back-end – and the Crypton framework needs an audit to prove its security claims. It certainly shows promise, though, and the inclusion of an Android client is undeniably handy.
To read the full review, plus my usual news spread and a bunch of interesting stuff written by people who aren’t me, head to your local newsagent, supermarket, or stay where you are and pick up a digital copy via Zinio or similar services.