MiniLock drag-and-drop encryption app coming to browsers

News
By Khidr Suleman
published

Free plug-in to be unveiled at the Hope X hacker conference

A free browser plug-in designed to let anyone encrypt and decrypt files using a drag-and-drop interface is set to be unveiled at the Hope X hacker conference beginning on 18 July.

MiniLock is the brainchild of Canadian-based programmer Nadim Kobeissi. It's still in the beta phase, but the plan is for the extension to allow users to encrypt any files they want to confidentially store or transfer.

Users will have to create a passphrase of significant length, possibly up to 40 characters.

The plug-in will use "public key" encryption to protect files, according to Wired. Everytime a user enters a passphrase, the program will generate two keys: A public key called MiniLock ID and a private key, kept hidden and erased once the program is closed. This negates the need for the user to manually store the private key securely.

Despite the simple mechanism, Kobeissi acknowledged that users will have to create a passphrase of significant length, possibly up to 40 characters.

"[I] do note that while 39 characters is too much for a password, the number starts to become more reasonable when you consider a passphrase, which can be far more memorable than a password," the programmer explained on Reddit.

"Here's an example of a memorable passphrase that's sufficiently random: i'm looking around the room. there are plants. hi ranok. do you like cryptography?'

"Right now, the planned approach simply refuses to let you use the software if your passphrase isn't strong enough. However, all this does [is] put the brunt of the responsibility on what determines passphrase strength. Hopefully this will be described sufficiently in the presentation [at the Hope X conference]."

Wired tested an early version of the Google Chrome extension and reported that files dropped into the program were encrypted within seconds.

MiniLock will initially be made available on GitHub for review. Once any potential bugs/flaws are identified and fixed, it should make its way into the Chrome web store.

Whilst the plug-in should in theory be able to protect files from being opened by government agencies such as the NSA, there will be a disclaimer warning users that - like any other security program - it cannot provide 100 per cent protection.

Khidr Suleman
Khidr Suleman is the Technical Editor at IT Pro, a role he has fulfilled since March 2012. He is responsible for the reviews section on the site  - so get in touch if you have a product you think might be of interest to the business world. He also covers the hardware and operating systems beats. Prior to joining IT Pro, Khidr worked as a reporter at Incisive Media. He studied law at the University of Reading and completed a Postgraduate Diploma in Magazine Journalism and Online Writing at PMA Training.