LavernaA tangential explanation of Laverna

You are Here Laverna

Markdown

Crypto Pbkdf2Unnecesssary Visualization

PBKDF2 For Blue

Synchronization RemoteStorage.io

Markdown.md

Installation

Conclusions

Remotestorage.0wn.su

What are these words

• Laverna and Etherpad are note taking services• I won’t talk about Etherpad because• Self-hosted alternatives to cloud apps like Evernote• Security and encryption are the focus here

Laverna

• Node.js based local web page• HTML + JavaScript = no server required• Information is stored in the client you’re using• Encryptomagic• Remote storage options:

• RemoteStorage.io (self-hosted)• Dropbox

• Installation:• git clone git@github.com/laverna-static• Done

Markdown

Why?

• Easy to convert into:• HTML• LaTeX• PDF• RTF…

• Who supports MD?• Github (GFM)• Notepad++• SublimeText• Everything on the Internet

Live Demo! MarkDown!!!!http://dillinger.io/

Encryption

• All encryption happens client side (there is no server)• PBKDF2• Manually entered salt (random)• Manually entered password• Can adjust iterations (1000 default)• AES 128 or 256

• Generated ciphers are stored in the browser local storage

Crypto/Sync JSON

• {"id":"0cc9da4f-a47f-c9fd-e1ba-55cb0ddb14e7",

• "title":"{\• "iv\":\"uSrC4YzSxgvjueOBn+kb3A==\",\

“• v\":1,\“• iter\":\"1000\",\“• ks\":128,\“• ts\":64,\“• mode\":\"ccm\",\"adata\":\"\",\“• cipher\":\"aes\",\“• salt\":\"ZwuH03ajWY0=\",\“• ct\":\"WvpHRh50YbhdGeWFORR5b1xUu

iRb

• UID of the app

• This is the title of my note• This is the IV for the note• Supports versioning of your note• PDKDF2 iterations• Key size is 128• Something else size is 64• Mode is CCM stream cipher• AES• Salt that you set• The cipher text of the title itself

• DK = Derived Key• PRF = HMAC - pseudorandom function like HMAC-

SHA256• c = Salt

DK = PBKDF2(PRF, P, Salt, c, dkLen)

DK = PBKDF2(PRF, P, Salt, c, dkLen)

Password

Salt

HMAC-SHAHMAC-SHA

HMAC-SHAHMAC-SHA

HMAC-SHAHMAC-SHA

HMAC-SHAHMAC-SHA

HMAC-SHAHMAC-SHA

HMAC-SHAHMAC-SHA

HMAC-SHA

Derived Key

What this defends against

“monkey”

Salt

HMAC-SHAHMAC-SHA

HMAC-SHAHMAC-SHA

HMAC-SHAHMAC-SHA

HMAC-SHAHMAC-SHA

HMAC-SHAHMAC-SHA

HMAC-SHAHMAC-SHA

HMAC-SHA

Different Derived key

JustBlue Takeaway

* This is from the Internet. Based on font, this is probably way off now

Laverna Crypto

• PBKDF2• Server never knows your key• Server never knows your keys• Fuck the cloud

• Client side Crypto

Javascript Based Crypto

• Not a big deal - it’ll be fine, what could go wrong• Relying on client side crypto with a

server authenticator• Relying on client side crypto to

protect client side information

Well Actuall

y

Back to Laverna

Syncing

• Supports Dropbox

Syncing

• Support RemoteStorage.io• Self-hosted remote storage similar to dropbox

Laverna Installation

• Clone repository:git clone git@github.com:Laverna/laverna.git• Switch to stable versiongit checkout 0.5.0• Install dependencies:npm install && bower install• Build minified version:grunt build• Build Dependencies: node.js, bower, grunt.

Operating Environment

• Can host on any web server because crypto is on the client• Does not require PHP or programming environment• If remotely hosted, should be done over HTTPS• Github provides easy hosting over https for free• Can also run on your own computer

Wait have I done a demo yet?

https://laverna.cc/index.html#notes

Here’s a diagram of something

Laverna Etherpad Evernote

License GPL GPL No

Storage RemoteStorage, Dropbox

None Sync with evernote

Encryption PBKDF2 (AES) None (SSL with plugin)

SSL + magic?

Software JavaScript: Node.js, bower, grunt

JavaScript

Collaboration Not Realtime Yes Supports sharing

Subfolders Infinite None Only 1 subfolder allowed

Stored Format Json Export supports PDF, Word, and many other formats

Conclusion

• Fuck the cloud• Use laverna• Use markdown• Use PBKDF2• Use RemoteStorage.io (remotestorage.0wn.su?)