Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Hands-on: miniLock's powerful file encryption is dead simple to use

Ian Paul | Aug. 5, 2014
The creator of Cryptocat, Nadim Kobeissi, is back with another easy-to-use encryption tool. This time it's a Chrome app that aims to make it easy to create and share single encrypted files with others. Called miniLock, the app is freely available on the Chrome Web Store.

The creator of Cryptocat, Nadim Kobeissi, is back with another easy-to-use encryption tool. This time it's a Chrome app that aims to make it easy to create and share single encrypted files with others. Called miniLock, the app is freely available on the Chrome Web Store.

Similar to other encryption tools, miniLock relies on public key cryptography. Under this scheme you have to share your public key with others so they can encrypt files meant for you and only you. But unlike many encryption tools — which are often difficult to use — miniLock is very easy to understand and takes away a lot of the pain typically associated with encryption tools.

The public key itself, dubbed your miniLock ID, is relatively short at around 45 characters. That's long enough to easily fit in a tweet, as the miniLock site says. But it's still too long to easily remember, so you'll have to write it down or save it in a password manager like LastPass or KeePass.

For encryption, miniLock uses Curve25519 elliptic curve cryptography, which is the same cryptography used in Kobeissi's Cryptocat. The problem with encryption tools, however, often isn't the strength of their encryption but how well it's implemented.

On the miniLock site you can find a recent miniLock security audit by penetration testing firm Cure53. The report gives miniLock a clean bill of health stating that "MiniLock is a one-purpose app offering this one particular feature [encryption] and appears to be doing that as well as possible...The code is soundly and neatly written, well structured, minimal and therefore offers no sinks for direct exploitation."

That's just one report, however, and others will no doubt sink their teeth into miniLock and try to find exploits. Judging the quality of the cryptography is beyond the scope of this article. But as it's a new app, miniLock may not yet be the best choice for anyone encrypting documents in a high-stakes environment (political oppression, corporate secrecy). That said, it's definitely worth keeping tabs on to see what the security community has to say about miniLock in the future.

For anyone that wants to dive in right away, here's a quick hands-on with miniLock on a Windows 8.1 PC.

Generating your ID

To get started, visit the Chrome Web Store and install miniLock as you would any other Chrome app. Once it's installed you can either launch it right from the Chrome Web Store or the Chrome App Launcher in your taskbar, if you've installed that.

When it starts up, miniLock will ask you to sign in with your email address and a passphrase. These two pieces will be used to generate your miniLock ID, which should take only a second or two.

 

1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.