Categories
Apple

Dropbox password manager uses zero-knowledge encryption

Update: The app is now available to all. The company also announced two additional new features for home users, and two others for work users, described at the end of the piece.

A Dropbox password manager has been quietly added to the App Store, but it is currently listed as ‘by invite.’ This means that you can download it, but can’t yet activate it. An Android version is also available on the Play store, subject to the same restriction …

You can find the iOS app here.

Dropbox Passwords provides password security by storing all your passwords in one secure place, then fills in usernames and passwords so you can instantly sign in to websites and apps. You can easily create and store unique, secure passwords as you sign up for new accounts.

Features:

  • Sign in to apps and websites with one click
  • Store passwords as you sign in to sites and apps
  • Access your passwords from anywhere with automatic syncing to all your devices

Never get locked out of your accounts again. Using this new password keeper from Dropbox, you can sign in to your favorite banking, streaming, and e-commerce sites and apps—you can even shop and checkout securely.

Password managers always use end-to-end encryption to ensure that the cloud service has no access to your passwords, but Dropbox goes one step further, by using zero-knowledge encryption. This means that you can login to Dropbox without the server knowing your login password.

You don’t use your actual password to login; instead, the server asks the app to perform a series of mathematical calculations which use your password as one of the elements, and then provide the answers to the server. The server is able to verify that the results are correct without actually knowing your password. If someone hacked the Dropbox server, they would not get your password and would be unable to login as you.

Enabling the server to verify a correct result without knowing your password involves a complex process developed by MIT researchers back in the 1980s, but Wikipedia has some useful analogies to make sense of the basic idea. One of these involves two differently-colored balls and a color-blind friend.

Imagine your friend is red-green colour-blind (while you are not) and you have two balls: one red and one green, but otherwise identical. To your friend they seem completely identical and he is skeptical that they are actually distinguishable. You want to prove to him they are in fact differently-coloured, but nothing else; in particular, you do not want to reveal which one is the red and which is the green ball.

Here is the proof system. You give the two balls to your friend and he puts them behind his back. Next, he takes one of the balls and brings it out from behind his back and displays it. He then places it behind his back again and then chooses to reveal just one of the two balls, picking one of the two at random with equal probability. He will ask you, “Did I switch the ball?” This whole procedure is then repeated as often as necessary.

By looking at their colours, you can, of course, say with certainty whether or not he switched them. On the other hand, if they were the same colour and hence indistinguishable, there is no way you could guess correctly with probability higher than 50%.

Since the probability that you would have randomly succeeded at identifying each switch/non-switch is 50%, the probability of having randomly succeeded at all switch/non-switches approaches zero (“soundness”). If you and your friend repeat this “proof” multiple times (e.g. 100 times), your friend should become convinced (“completeness”) that the balls are indeed differently coloured.

The above proof is zero-knowledge because your friend never learns which ball is green and which is red; indeed, he gains no knowledge about how to distinguish the balls

TNW notes that the Dropbox password manager appears to intended only for those with a paid Dropbox storage subscription.

Update: 

New features for home users:

  • Dropbox Vault secures and organizes users’ most important documents and allows them to grant emergency access to select friends or family, so only their loved ones can access the files when needed. Vault offers an additional layer of security, including a 6-digit pin, on top of Dropbox’s existing best-of-breed security features
  • Computer backup automatically backs up users’ Mac or PC folders to Dropbox for secure access on-the-go and retrieval even when hardware fails or is lost

New features for work users:

  • HelloSign eSignature embedded as a native feature within Dropbox, bringing the joint value proposition of HelloSign and Dropbox to life. The integrated user experience is the first of its kind, and makes HelloSign the default eSignature solution within Dropbox. This new workflow enables users to easily send, securely sign, and safely store their most important agreements without leaving Dropbox. It will begin rolling out to users in private beta in coming weeks, and will be generally available to all users next month. Those interested in receiving availability updates can sign up here.
  • Dropbox App Center gives users a centralized place to discover and connect best-of-breed tools from Dropbox partners including Zoom, Slack, and Google. The App Center is available to a subset of users in beta with 40+ integrated partners starting today, with more partners coming soon.

Dropbox additionally says that a new Family account will launch in the next few weeks.

FTC: We use income earning auto affiliate links. More.


Check out 9to5Mac on YouTube for more Apple news:

Credit: Source link

Leave a Reply

Your email address will not be published. Required fields are marked *