Mode: Anon. Signed PFS
Short No tags Decoy
File In/Out (Chrome,Firefox,Safari)
File In/Out (Chrome,Firefox,Safari)
This is your secret Key, which gives you access to the rest of PassLok. You must memorize it and never write it down. As you type your Key, a text above it will tell you the strength of the Key based on simple rules. Make sure to use $ymbol$, numb3rs, caPiTals, unusual words and mispelingss. Initial capitals and numbers at start and end are not helpful and will be ignored for the strength score.
If your Key strength is worse than Medium, PassLok will be very slow.
To display the characters, check Show.
To display the matching Lock in the main screen, click the Make Lock button. Click it again to submit your Lock to the general directory.
Clicking Reset erases the Key from the box and also erases its stored Lock.
If you have three minutes to spare, you may want to begin by watching this video, which explains the essential concepts in a lighthearted way.
So, the first thing you need to do is to come up with a strong secret Key, which will give you access to most of the functions. It will never be stored anywhere within the app. Please enter your Key in the box below.
As you type your Key, a text above it will tell you its strength based on simple rules. Make sure to use $ymbol$, numb3rs, caPiTals, unusual words and mispel ingss. Initial capitals and numbers at start and end will be ignored for the strength score. To display the Key, check Show.
Please take your time to come up with a strong Key. PassLok compensates for weak Keys by adding computations. If your Key strength is worse than Medium, PassLok will be very slow.
You will never give this Key to anyone. Instead, you will give them a Lock matching your Key. The Lock is made from the Key, but it is impossible to retrieve a Key from its matching Lock. A Lock consists of a series of 87 random-looking characters, bracketed by "PL17lok" tags.
When you click the Make Lock button above, this screen will close and the Lock matching your Key will appear in PassLok's main screen, from where you can copy it, email it, text it, and even post it on PassLok's general directory.
To lock a message so it turns into unreadable gibberish, the sender inputs the plain message in PassLok's main screen, then clicks Locks to get to the Locks screen, and puts the recipient's Lock in the big box there. Back at the main screen, the message is locked when the sender clicks Lock/Unl. The recipient unlocks the locked message by putting it in the main box and clicking Lock/Unl.
The main screen, like all other screens in PassLok, has a Help button that will give you complete instructions on how to do things.
Please go ahead and write your secret Key in the box, then click the Make Lock button.
Enter the Hidden Message
Enter the Decoy Password
ShowEnter the Decoy Password
ShowThe Hidden message will appear on the main screen
Enter the total number of parts (between 2 and 255)
And the number of parts needed to retrieve the item
To get information on every button as you press it, check this box: Learn Mode
For instructions on how to do things, click on each title below. Click again to hide.
If you would like to take the PassLok quiz, click this button:
Before you do anything else, you may want to watch this six-minute video, which explains the essential concepts in a lighthearted way: https://www.youtube.com/watch?v=GqIm7fu_rMs
If you don't have time for the video, here's the two-paragraph version. PassLok locks messages and files, turning them into gibberish so only the intended recipients can return them to their original form and read them. It is based on digital Keys and Locks. A Lock is used to lock a message, and then only the matching Key can unlock it so it becomes readable again. A Key is a piece of text that you choose and memorize; it is personal and should never be revealed to anyone. You make your Lock from your Key, and then you give it to people so they can lock messages for you to read. It is impossible to get the Key from its matching Lock. Keys are to be kept secret, but Locks are made to be widely distributed. Locks look like gibberish but have tags at both ends of the form "PL17lok".
The first step is to come up with a secret Key that you can remember. You enter it in PassLok by clicking the myKey button. Then you make its matching Lock by clicking the Make Lock button on that screen. Then you click the Done button to go back to the main screen and see your Lock and copy it. You give this Lock to all the people you wish to write to you in secret. They will also send you their Locks, which you can store anywhere you want. To lock a message, the sender puts the plain message in the main box, then clicks Locks to get to the Locks screen, and puts the recipient's Lock in the big box there. Back at the main screen, the message is locked when the sender clicks Lock/Unl (Lock/Unlock). The recipient unlocks the locked message by putting it in the main box and clicking Lock/Unl. If the recipient had previously entered his/her secret Key, the original plain message is displayed.
PassLok is very powerful, combining AES encryption with elliptic curves at the strongest levels defined by standards, and including several ways to hide the result from prying eyes. All processing occurs on your device with no server involved, so your privacy cannot be compromised by third parties. But great power means a lot of buttons.
Fortunately, only four buttons are essential to get started. They are highlighted in blue:
myKey opens a dialog where you can enter your secret Key, which is needed for most advanced functions in PassLok. It is also needed to unlock messages locked with your personal Lock, which is not secret. To display this Lock, click the Make Lock button.
Make Lock (visible after clicking myKey) creates the Lock matching the Key that has been entered in the Key dialog and writes it on the main screen, from where it can be copied, emailed, etc. Clicking a second time opens it in the general Lock directory, so you can post it for others to get or check that the posted Lock is still authentic.
Locks opens a screen where you can enter somebody's Lock or shared Key, which is needed to lock the contents of the main box.
Lock/Unl (abbreviated from Lock/Unlock) locks the plain message in the main box, or unlocks it if it was locked. The appropriate Lock or shared Key must have been entered previously by means of the Locks buttons.
With these four buttons, you can get started locking and unlocking messages with very high security. Here's another video that shows this (made for version 1.6, though): https://www.youtube.com/watch?v=3wrhfzU4DFc
PassLok is designed to save its code within the browser, so it only gets downloaded again if the code has changed. In the case of the Chrome packaged app, updates are automatic. Once PassLok has reached your device from its source server, it works even if the device is offline. Just make a bookmark on your browser so you can access it quickly. Still, you can make it behave even more like an app, this way:
1. If you are using a computer, you can direct the Browser to save the code to a local file via the "Save as..." command from the browser menu. Then you can place a link or shortcut to that file on your desktop. Even better than the "Save as..." command is to direct the browser to display the source (Ctrl-U or cmd-ctrl-U does it, on most devices and browsers), and then save the page that appears with the "Save as..." command. This way you'll save the original code rather than the code after it has been interpreted by the browser.
2. From an iOS device, it is as easy as loading PassLok on Safari, and then selecting "Add to Home Screen" from the box and arrow icon at the bottom of the screen. Be aware, however, that in this case PassLok will reset to its initial state every time you leave the app.
3. On Android, the same is typically achieved by first making a bookmark of the PassLok page, then tap-holding on the PassLok bookmark and selecting "Add to Home Screen." On some versions you can also tap-hold on the desktop screen and select "Add to Home Screen" followed by "Shortcut", "Bookmark", and selecting PassLok from the list. Newer versions of Android have still more direct ways to do this.
1. Click the myKey button, then start typing in the box. As you type, a text above the box will tell you how strong the Key is, based on simple rules. If you want to see what you are typing and don't mind people peering over your shoulder, check the Show checkbox.
2. The Key will be stronger if it contains caPiTals in unusual places, numb3rs, and $ymbol$. If you use common words, mispelll them to make harder a "dictionary attack." Avoid things that refer to yourself and your family, such as birthdays or nicknames, or anything else that might be easy to guess, like: asdfg, qwerty, password, PassLok, and the like. Alternatively, you can use anything that is not a standard dictionary word instead of your email. PassLok knows the 500 most common English passwords. If your Key is found on this list, PassLok will refuse to accept it. Just choose another Key.
3. Bear in mind, however, that you should be able to remember your secret Key without having to write it down. PassLok will never ask you to change your Key, so this is your chance to make a truly strong Key that you will use for a long time.
4. PassLok compensates for bad Keys by taking longer to do its computations. If PassLok is slow, this is likely because your Key strength is less than Medium.
5. If you change your Key after having used a different Key for a long time, be aware that any information stored locally, such as other people's Locks, shared Keys, etc. will become unavailable, leading to all sorts of problems. You may want to copy the items in your local directory to a different location, delete the database, and enter the items again after you change your Key.
6. PassLok never stores your Key. As a matter of fact, it deletes it from the myKey box after five minutes of not being used.
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=xPRiuBd9Co0
1. Write your secret Key in the box that is accessed with the myKey button. It is masked by default, so if you want to display it, check the Show checkbox.
2. Click the Make Lock button. The lock matching that Key will appear in the main box, ready to be emailed or sent by texting. It is okay to strip the tags up to the "=" sign, or insert spaces, carriage returns, or special characters other than = + or / but not recommended. PassLok will do this automatically if the No tags checkbox is checked prior to locking.
3. If you click Make Lock a second time, the general Lock directory screen will open with the lower box filled with the Lock you just made. If you supply your email, you'll be able to use the buttons on that screen to post it to the directory or check that it has not changed.
Most of this is explained in this video tutorial: https://www.youtube.com/watch?v=xPRiuBd9Co0
1. Make sure the Anon. mode radio button, located right below the main box, is selected.
2. Fetch the recipient's Lock, and paste it into the large box that is accessed with the Locks button. It is okay if the tags up to the "=" signs are missing, or extra spaces, carriage returns, or special characters other than = + or / have been added. If you have previously stored it in your device's Locks directory, you can retrieve it by clicking the Locks button and then beginning to type the name associated with the Lock in the top box.
3. To lock a message so it can be read by several people, place their respective Locks in the box, one per line. If a Lock was previously stored, you can write the name associated with that Lock, instead of the Lock itself.
4. Write or paste your message in the main box. Click the Lock/Unl button. The locked message will appear in the main box, replacing the original message. Copy it and paste it into your communications program or click ▶, followed by Mail to open your default email. It is okay to strip the tags up to the "=" sign, but not recommended. PassLok will do this automatically if the No tags checkbox is checked prior to locking. It is also okay to split the locked message with spaces, line returns, and punctuation other than = + / or % This message can only be unlocked by someone who has the Key matching the Lock used to lock it.
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=0eYxeplsSx0
1. It does not matter which of the radio buttons below the main box is selected, since the locking mode is determined automatically from the locked message itself.
2. If you didn't do it when PassLok opened, write your secret Key into the box that is accessed by clicking myKey. It is masked by default, so if you want to display it, check the Show checkbox.
3. Paste the locked message into the main box. It is okay if it is broken up by spaces, carriage returns, and special characters other than = + / or % or is missing its tags. Then click the Lock/Unl button. The unlocked message will appear in the main box, replacing the locked message.
4. Unlocking may fail if you have changed your Key recently and your locally stored Lock has not been updated. In that case, click the Reset button in the Locks screen to delete your stored Lock and try again.
Most of this is explained in this video tutorial: https://www.youtube.com/watch?v=0eYxeplsSx0
1. Make sure the Signed mode radio button, located right below the main box, is selected.
2. If you didn't do it when PassLok opened, write your secret Key into the box that is accessed by clicking myKey. It is masked by default, so if you want to display it, check the Show checkbox.
3. Fetch the recipient's Lock, and paste it into the large box that is accessed with the Locks button. It is okay if the tags up to the "=" signs are missing, or extra spaces, carriage returns, or special characters other than = + or / have been added. If you have previously stored it in your device's Locks directory, you can retrieve it by clicking the Locks button and then beginning to type the name associated with the Lock in the top box.
4. To lock a message so it can be read by several people, place their respective Locks in the box, one per line. If a Lock was previously stored, you can write the name associated with that Lock, instead of the Lock itself.
5. Write or paste your message in the main box. Click the Lock/Unl button. The locked message will appear in the main box, replacing the original message. Copy it and paste it into your communications program or click ▶, followed by Mail to open your default email. It is okay to strip the tags up to the "=" sign, but not recommended. PassLok will do this automatically if the No tags checkbox is checked prior to locking. It is also okay to split the locked message with spaces, line returns, and punctuation other than = + / or % This message can only be unlocked by someone having the Key matching the Lock used to lock it. Additionally, they must have your Lock in order to verify that it comes from you.
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=F6Ov4MSk2XA
1. It does not matter which of the radio buttons below the main box is selected, since the locking mode is determined automatically from the locked message itself.
2. If you didn't do it when PassLok opened, write your secret Key in the box that is accessed with the myKey button. It is masked by default, so if you want to display it, check the Show checkbox.
3. Paste the sender's Lock in the large box of the Locks screen. If the Lock has been previously stored, you can retrieve it by typing the name associated with it in the small box at the top.
3. Paste the locked message in the main box. It is okay if it is broken up by spaces, carriage returns, and special characters other than = + / or % or is missing its tags. Then click the Lock/Unl button. The unlocked message will appear in the main box, replacing the locked message.
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=F6Ov4MSk2XA
1. Make sure the PFS mode radio button, located right below the main box, is selected.
2. If you didn't do it when PassLok opened, write your secret Key into the box that is accessed by clicking myKey. It is masked by default, so if you want to display it, check the Show checkbox.
3. This mode requires the recipient's Lock or shared Key to be previously stored in the device's local directory. Follow the instructions from the Locks Help button to do this. Once the item is stored, you can retrieve it by beginning to type its name in the top box of the Locks screen. If you are restarting a PFS conversation that was interrupted, you must first clear the old PFS data for that recipient by clicking the Reset button after the recipient's name is displayed.
4. To lock a message so it can be read by several people, place their respective Locks in the box, one per line. If a Lock was previously stored, you can write the name associated with that Lock, instead of the Lock itself.
5. Write or paste your message in the main box. Click the Lock/Unl button. The locked message will appear in the main box, replacing the original message. Copy it and paste it into your communications program or click ▶, followed by Mail to open your default email. It is okay to strip the tags up to the "=" sign, but not recommended. PassLok will do this automatically if the No tags checkbox is checked prior to locking. It is also okay to split the locked message with spaces, line returns, and punctuation other than = + / or % This message can only be unlocked by someone having the Key matching the Lock used to lock it.
6. If Short mode is used, locking cannot be repeated without corrupting the PFS data stored in the device, which will make it impossible for the recipient to unlock the message (unless it is re-locked as a regular length message). Make sure your plain message is what you want before clicking Lock/Unl. This restriction does not apply to regular length messages, but you will get a warning alerting you if you are skipping a turn.
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=oVJPJJuUCgQ
1. It does not matter which of the radio buttons below the main box is selected, since the locking mode is determined automatically from the locked message itself.
2. If you didn't do it when PassLok opened, write your secret Key in the box that is accessed with the myKey button. It is masked by default, so if you want to display it, check the Show checkbox.
3. This mode requires the recipient's Lock or shared Key to be previously stored in the device's local directory. Retrieve the item by typing the name associated with it in the small box at the top. The name must be displayed in full on the message above the box for PFS mode to work.
4. Paste the locked message in the main box. It is okay if it is broken up by spaces, carriage returns, and special characters other than = + or / or is missing its tags. Then click the Lock/Unl button. The unlocked message will appear in the main box, replacing the locked message.
5. If this was a Short mode message, it can be unlocked only once. Attempting to unlock it again will corrupt the PFS data stored in the device, which is needed to keep the conversation going. This restriction does not apply to regular length messages, but you will get a warning alerting you that a turn was skipped.
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=oVJPJJuUCgQ
1. It does not matter which of the radio buttons below the main box is selected, since they do not apply to this mode.
2. Write or paste the shared Key in the large box that is accessed with the Locks button. If the shared Key was previously stored, you can search for it by typing in the top box the name associated with the Key. When you type "Enter", the stored Key is decrypted for you to see. For a stored Key to function, your secret Key must have been entered previously by clicking the myKey button.
3. To lock a message so it can be read by several people, place their respective shared Keys in the box, one per line. If a Key was previously stored, you can write the name associated with that Key, instead. You can mix shared Keys and Locks.
4. Write or paste the message in the main box. Click the Lock/Unl button. The locked message will appear in the main box, replacing the original text. Copy it and paste it into your communications program or click ▶, and then Mail to open your default email program. It is okay to strip the tags up to the "=" sign, but not recommended; PassLok will do this automatically if the No tags checkbox is checked prior to locking. It is also okay to split the locked message with spaces, line returns, and punctuation other than = + / or % This message can only be unlocked by someone having the same shared Key.
5. The tags will depend on the type of locking selected for using Locks. There is no special tag to indicate that a shared Key was used instead of a Lock.
All of this is explained in this video tutorial:https://www.youtube.com/watch?v=zFbsTwdHRYQ
1. It does not matter which of the radio buttons below the main box is selected, since the locking mode is determined automatically from the locked message itself.
2. Write or paste the shared Key in the large box that is accessed with the Locks button. If the Key was previously stored, you can search for it by typing in the top box the name associated with the Key. When you type "Enter", the stored Key is decrypted for you to see. For a stored Key to function, your secret Key must have been entered previously by clicking the myKey button.
3. Paste the locked message in the main box. It is okay if it is broken up by spaces, carriage returns, and special characters other than = + / or % or is missing its tags. Then click the Lock/Unl button. The unlocked message will appear in the main box, replacing the locked message.
All of this is explained in this video tutorial:https://www.youtube.com/watch?v=zFbsTwdHRYQ
1. Check the Short checkbox below the main box. Also make sure the appropriate locking mode is selected with the radio buttons. The radio buttons don't matter if the message is being locked with a shared Key.
2. Write or paste your message into the main box. Message length is limited to 58 ASCII characters when locking with a shared Key or in signed mode, 38 in anonymous mode, 37 in PFS mode. Non-ASCII characters use 6 spaces each, so avoid them if you can. Any text beyond the limit will be lost. A message above the main box will tell you how much space is left, depending on the locking mode selected. Click the Lock/Unl button.
3. The locked message will appear in the main box, replacing the original message. Copy it and paste it into your communications program. The locked message, which has no tags, will fit within one SMS message (160 characters).
4. On a mobile device, the locked message will be selected and ready to be copied into the clipboard. You need to copy it manually before clicking the Txt/Img button, which will open your texting app.
5. Short mode is not available for multiple recipients.
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=Ly9ESisRKE8
1. It does not matter which of the radio buttons below the main box is selected, or whether the Short checkbox is checked, since the locking mode is determined automatically from the locked message itself.
2. Paste the locked message into the main box. It is okay if it is broken up by spaces, carriage returns, and special characters. As with regular-length messages, either a shared Key must be entered in the Locks box, or your secret Key in its own box, prior to unlocking. Then click the Lock/Unl button.
3. The unlocked message will appear in the main box, replacing the locked message.
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=Ly9ESisRKE8
1. Write your secret Key in the box that is accessed with the myKey button. It is masked by default, so if you want to display it, check the Show checkbox.
2. Write or paste the text to be signed in the main box. Click the Sig/Ver button (abbreviated from Sign/Verify). A signature matching the text and your Key will be appended at the end of the text in the main box. Copy it and use it as appropriate. If you click ▶ followed by Mail the text with its signature will be placed into an email using the default program. It is okay to strip the tags up to the "=" sign, but not recommended. PassLok will do this automatically if the No tags checkbox is checked prior to locking. It is also okay to split the signature with spaces, and punctuation other than line returns or = + or /.
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=YiiwcOmbI2U
1. Paste the Lock belonging to the person who added the signature into the large box that is accessed with the Locks button. It is okay if the tags up to the "=" signs are missing, or extra spaces, carriage returns, or special characters other than = + or / have been added. If you have previously stored it in your device's Locks directory, you can retrieve it by beginning to type the name associated with the Lock in the top box.
2. Write or paste the text with its signature appended on a separate line at the end, in the main box. It is okay if the signature is broken up by spaces and special characters other than = + or / or is missing its tags up to the "=", but it should not be broken by carriage returns. Then click the Sig/Ver button. A message above the main box will say whether or not the signature for that text has been verified.
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=YiiwcOmbI2U
1. Check the Decoy mode checkbox below the main box.
2. Follow the above instructions for any kind of locking, using the recipient's Lock or a shared Key, short or regular length, including PFS mode. This also works when adding a signature. If Decoy mode is checked, a popup will ask for a Decoy Password to lock the hidden message, and the hidden message itself.
3. Write or paste into the the corresponding boxes the Decoy Password and the hidden message. The length of the hidden message is limited to 152 ASCII characters in key-locked and signed modes, 87 characters in anonymous and PFS modes, 37 characters in short message mode (key-locked or signed only), 40 characters in signatures. Non-ASCII characters use 6 spaces each, so avoid them if you can. Any text beyond the limit will be lost. Then click OK. To view the Password before you use it, check the Show checkbox.
4. After clicking OK, the locked message containing both the main text and the hidden text will appear in the main box, replacing the original text. If it is a signature, it will be appended to the text. Copy it and paste it into your communications program. As with regular locked messages, it is okay to strip the tags up to the "=" sign, but not recommended. It is also okay to split the locked message with spaces, line returns, and punctuation other than = + / or %
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=WaXQGYP0Sec
1. Check the Decoy mode checkbox below the main box.
2. Follow the instructions for any of the unlocking modes, using a secret or shared Key, or for verifying a signature. If Decoy mode is checked, a popup will ask for a Decoy Password.
3. Write or paste into the popup box the Decoy Password for the hidden message and click OK. To view the Password before you use it, check the Show checkbox. The hidden message, if it exists, will appear above the main box. In the case of signatures, the hidden message appears in the place normally used by the verification message, so if you still wish to verify the signature, you need to uncheck Decoy mode and click Sig/Ver again so the verification message is displayed.
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=WaXQGYP0Sec
We do not recommend using old versions for new work. Newer versions have enhanced security and are more user-friendly. But sometimes you may need to handle an item that is incompatible with the current version. Here is a pretty complete list of PassLok versions, with links to them.
Current version of PassLok can be obtained from:
source server: https://passlok.com
information page: http://passlok.weebly.com
GitHub page: https://github.com/fruiz500/passlok
Chrome app: https://chrome.google.com/webstore/detail/passlok-privacy/epcchpdljafmfegifkigklfcmkphfmbh
mirrors:
https://www.autistici.org/passlok (non-US, self-certified)
https://fruiz500.github.io/passlok
SHA256 for this version and video of the author reading it at:
http://passlok.weebly.com/get-passlok.html
Previous versions:
1.6.02 (2c64-63d5-5d68-c7b2-9350-68cc-8bef-1a75-ddc1-1fa0-cd04-4428-f3ef-c079-e14f-4133)
1.5.03 (0061-4b79-8ba1-8fee-34c5-e243-96e9-4c7c-a0ea-cfc5-82c1-a44d-4cbb-06c4-ca00-985c)
The following (except 1.0) were edited so the archived help file works, changing the ID from the original (therefore no video)
1.4.03 (f1cc-8931-1d31-4d65-4dfe-fb0d-5368-f854-3766-b240-f131-c93f-a0e9-8d14-752e-018e)
1.3.03 (7c6f-3d59-1059-e712-15ea-8dcf-dcde-861a-7359-6508-3b29-5720-41c9-8271-cb69-f01a)
1.2 (c17b-c529-8757-578a-6bc2-bdc4-122e-c607-8c16-19ef-b9ee-8d4d-75aa-cf0a-b703-e0ec)
1.1 (8e5c-9714-eec3-cc65-aa8f-640d-d434-2747-aa24-624c-74c5-65ea-4077-0f0f-3b22-cc30)
1.0 (a907-25eb-50e3-e4a6-5f4b-27c1-684e-f590-6094-6fae-52f3-c7ca-47b1-732c-9eab-3e9b)
The main functions in PassLok can be accessed directly from the keyboard. The button tooltips tell you what the shortcut is for each button that has a shortcut, but below is a complete list, just in case. The list is made for access from Windows or Linux, so that each shortcut is of the form Alt-letter. If you are using a Mac, you should type ctrl-alt-letter instead:
Alt-K: Key screen open and close
Alt-L: Locks screen open and close
Alt-G: General Lock directory open and close
Alt-I: Image screen open and close
Alt- . (period): extra buttons open and close
Alt-U: lock or Unlock
Alt-V: sign or Verify
Alt-A: set Anonymous mode
Alt-N: set sigNed mode
Alt-P: set PFS mode
Alt-R: set shoRt mode
Alt-T: set no Tags mode
Alt-Y: set decoY mode
Alt-B: open email
Alt-J: split or Join
Alt-O: display or change cOver text
Alt-W: hide as Words, or unhide
Alt-S: hide as Spaces, or unhide
Alt-C: Clear both Lock screen boxes
Alt- ; (semicolon): put cursor on main box
You can start by looking at the help pages that open from the Locks screen (about Locks and Keys) and after clicking the ▶ button (about disguising the output, files, and other neat tricks other than locking/unlocking). If this is not enough for you, here are a couple more sources you may want to check out:
The PassLok manual in PDF form.
The PassLok informational website at http://passlok.weebly.com. It contains a number of videos and more PDF documents.
Then you can send us an email at passlokprivacy@gmail.com (the link will open your email client). We'll do our best to reply in a timely fashion.
If you want to lock it with PassLok, here is our Lock. Clicking on it will add it to your local directory under name "PassLok support":
PL17lok=SCh77O0wzIgKuNjct+vV7RJifPi18r5zJUfPonx5WbnrnJ9iPaypXYT+NCp1RrVKykIOTe7Jg5pa2UW5FipUWwN=PL17lok
Good constructive feedback is hard to get, so let us thank you right now, before we read your email.
PassLok provides excellent security, since it is a self-contained piece of code that does not rely on servers for its functionality. Therefore:
1. We'll never give your secret Key to anyone. We cannot do anything concerning your secret Key because we just don't have it. PassLok is designed so your secret Key never leaves your device. It is never stored, either, and it gets deleted from memory after five minutes of not being used.
2. We'll never knowingly give you or anyone else a conterfeit Lock made from any Key. PassLok has functions to help you to authenticate Locks, but it is still your responsibility to do so. Locks posted on the general Lock directory are verified only by email, which is not very secure, so beware if you use a Lock that you got from the general directory.
3. We'll never weaken the cryptography methods contained within PassLok at the request of a third party, private or public. This also means no backdoors will ever be added. We'd rather shut down PassLok than be forced to do this, which would betray the very essence of PassLok. If we learn that counterfeit copies are circulating (whether placed by hackers or government agencies), we'll make the fact known to users.
Since PassLok, like every html file, is a piece of human-readable writing, we consider it an expression of free speech protected by the laws of many countries. Putting into circulation tampered versions of it violates free speech and copyright protection laws.
PassLok contains strong cryptographic methods, which may be illegal to use in some countries. Please check the local laws before using PassLok.
1. You must have entered your secret Key for any items to be stored. You enter this Key by means of the myKey button on the main screen.
2. Write a name for the item in the little box on top. If the name is already taken, something will appear in the large box below it; if you use that name, the stored item will be replaced rather than added.
3. Write or paste the item in the large box. It can be anything: somebody's Lock, a shared Key, a cover text, a list. Don't write your secret Key here; its proper place is the dialog that opens with the myKey button. Then click the Save button.
4. If you write nothing in the large box before clicking the Save button, PassLok will generate a 86-character base64 string, which will be stored under the name supplied in the small box. This way you can use PassLok to make secure passwords for websites, etc.
5. A message confirms that the item has been added, and the item appears in the lower box encrypted with your secret Key, which is the way it is stored.
6. (Chrome app only) The item will also be added to the Chrome sync area, so it is available on a different computer after you log into Chrome.
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=FDNRK4CdW2o
1. You must have entered your secret Key for any stored items to be really retrieved, since they are always stored encrypted. You enter this Key by means of the myKey button on the main screen.
2. Start writing the name of the item in the small box. As you type, the line above the box displays existing items whose names match what you have typed so far, and the encrypted item appears in the large box. You can stop typing once you see the item you're looking for. Search is case-insensitive, so if the item does not appear, that probably means the name is wrong.
3. PassLok can use the item in encrypted form, but if you want to see the original, you can type "Enter" after the correct name is displayed, and the item will be decrypted if the correct secret Key has been entered. The item is also decrypted when you click the Back button. If the item is a cover text, it loads automatically as new cover text.
4. (Chrome app only) If you type "Enter" after a name that was not found on the local database, PassLok will look for it in its Chrome sync area, which syncs across computers, and then adds it to the local directory.
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=FDNRK4CdW2o
1. Start writing the name of the item in the small box. As you type, the line above the box displays existing items matching what you have typed so far, and the encrypted item appears in the large box. You can stop typing once you see the item you are looking for. Search is case-insensitive, so if the item does not appear, that probably means the name is wrong.
2. Click the Del button. A message confirms that the item has been deleted from the local directory.
3. (Chrome app only) If the Chrome sync area is accessible from the computer, the item will also be deleted from there, after a confirmation popup.
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=_rR_ZQZ932c
1. Start writing the name of the item in the small box. As you type, the line above the box displays existing items matching what you have typed so far, and the encrypted item appears in the large box. You can stop typing once you see the item you're looking for. Search is case-insensitive, so if the item does not appear, that probably means that the name is wrong.
2. Click the Reset button. A message confirms that the PFS data for the item has been deleted. You must reset the data pertaining to the other party whenever a PFS conversation has gone out of sync so the PFS process can be restarted.
3. If you click the Reset button with nothing displayed on either box, the copy of your own Lock cached within PassLok will be erased. This is useful if you have changed your secret Key.
Most of this is explained in this video tutorial: https://www.youtube.com/watch?v=_rR_ZQZ932c
Sometimes you may need somebody's Lock and not have it stored in your local directory or anywhere else. This is where PassLok's general directory comes in. When you click the Lock directory button, a new screen opens up where you can search for a Lock, watch the authenticating video belonging to a Lock, or upload your own Lock. The Locks in this directory are indexed by email address.
The Lock directory has its own set of help pages, but here some important things:
a. The Lock directory is a separate webpage from PassLok, which is indicated by a different color scheme. Normally, you will need to copy and paste material between it and PassLok, but if you have found a Lock it gets copied automatically to the Locks screen so the only thing you may need to do is give it a name and save it.
b. PassLok makes no guarantee as to the authenticity of the Locks contained in its general directory. Email confirmation is required to load or update Locks, but this is not very secure. Since users are encouraged to add authenticating videos and the directory screen has a button especially designed to play them, you should watch the video attached to a Lock before you use it for anything sensitive.
c. The PassLok general directory is meant as a convenience, not as a replacement for your local directory. The general directory is not available when you are offline (the local one is). You cannot upload anything but Locks to the general directory.
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=1UQw7MaK3T8
1. Click the All button below the big box. The complete local directory, including PFS and hidden data, is displayed in the box so you can find items and copy them easily.
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=V_DwcEyaeIQ
1. Click the Move button below the big box. The entire directory is first locked with the secret Key, and then placed in the main box. Then a prompt asks you to confirm deleting it from the device. If you click OK, the entire local directory is deleted. There is no going back. If you click Cancel, the locked backup remains in the main box. This is useful whenever you stop using a device or just want to transfer it to another device, or if the directory becomes corrupted.
2. To retrieve a backed-up directory (has PL**dir tags), place it in the main box and click Lock/Unl. If the secret Key has been entered, the database will be unlocked and placed in the Locks screen. Then you can add it to the device's current directory by clicking Merge.
3. (Chrome app only) Even if the local directory is completely deleted, the items in your Chrome sync area remain available.
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=V_DwcEyaeIQ
1. Paste the additional data into the big box. The format is the following: name, followed by a colon (:), new line, item data; then two new lines before the next name, and so forth. If a name also has hidden data and PFS data, those follow the item data, occupying consecutive lines.
2. Click the Merge button. The new data is merged into the local directory. Items are added in encrypted form but are not checked as they are added, so it is possible that different items may need different Keys to be decrypted, if you changed your secret Key in the past.
3. (Chrome app only) If the Chrome sync area is accessible from the computer, the additional data will also be added to that area, so it is accessible from other computers.
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=V_DwcEyaeIQ
1. You can always make a List of Locks and shared Keys, in order to lock a message for multiple recipients, by writing the Locks or shared Keys in separate lines of the Locks box. PassLok will remember it during the current session if you click the List button. Adding one or several items is as easy as putting them in the box and clicking List again. If you click List with the box empty, the current List is displayed.The current List is deleted by pressing the Reset button while the List is displayed.
2. If you want to store a List permanently, you must write a name for it in the small box, then write the items or re-display them by clicking the List button, and then click Save. You must have entered your secret Key before the List can be saved.
3.You can also make a List of items already stored in the local directory, which can be itself stored. To do this, write the name of the item rather than the item itself. If you don't recall the exact name of an item, start typing it in the upper box, and click List when the correct item appears in the space above the box. The item name will be added to the current List.
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=sO-g9x2RAV8
Sometimes you want to make a high-security random Key, which can be used as a shared Key or even as a secret Key. It might be split into several parts for safekeeping, as described in another help screen, or stored in encrypted form rather than memorized. PassLok has a way to make a 86-character random Key:
1. Click Locks, and write a name in the small name box if you want to save the random Key. If the name is not in the local directory, the lower box will end up empty.
2. Then, with the lower box empty, click Save. An 86-character random Key is made, which is immediately encrypted with the secret Key, if it has been previously entered. From then on this random Key, suitable as a shared Key or high-security password, can be recalled by typing its name into the small box. If no name is supplied in the small box before clicking the Save button, the Key is still generated but it is not saved to the local directory.
3.To make the Lock matching this random string as a Key, copy the string, go back to the main screen, click myKey, paste the string there, and click Make Lock. The Lock will appear in the main screen.
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=9gRE1xPr_nE
This operation, which goes by the technical name of "Diffie-Hellman key exchange," combines a Key and a Lock. It is at the core of many PassLok functions. Should you ever want to compute the result manually, here is how to do it:
1. Write or paste the Key or the Lock in the main box.
2. Click Locks, and then write or paste the other item in the lower box. If the item is in PassLok's local directory, you can bring it out by starting to type its name in the upper box.
3. Click the Merge button. The Key and the Lock will merge and the 86-character result is placed in both the Locks and the main screens. If both items or neither of them is a valid Lock, the merging process fails and a message is displayed.
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=L0UC61Z2KAA
It is highly recommended that you make a video whenever you change your secret Key, so that others can be assured that the matching Lock really belongs you. PassLok does not have video functions, but here are a few short instructions on how to do this, using a popular online video resource:
1. If the ID is not displayed above the main box when your Lock is in the box, add a space or any other character to the end, so it is displayed. This should not affect the ID. Copy this ID.
2. Go to a device with a camera and make a video of yourself reading this ID or a substantial portion of it (say, the first four groups of four characters). For better security, have some music playing in the background as you read the ID. You may also want to show to the camera a piece of paper where you've written the ID. The video should be about one minute long. Then post the video on a public online service.
3. Alternatively, you may want to read the code (between the PL**lok tags) of the Lock itself, or a significant portion of it (say, the first twelve characters), in which case you can skip step 1. Bear in mind that some characters are capital letters and some are lowercase, and those are not interchangeable
3. When you post your Lock so that people can use it to lock messages for you, post also the address of the video on the line immediately below the Lock, to facilitate the verifying process in step 4. If you post it this way on the PassLok general directory (accessed by the Lock directory button), users will be able to watch the video by just clicking the Play button.
4. People wishing to authenticate your Lock will generate the ID as in step 1 (which won't be affected by having the video address on the line below), and then if they click the Save button at the bottom of the screen the accompanying video will start playing on a separate browser tab. Then they will be able to compare it with the ID they see you reading on the video. If they know your face and your voice, they will be assured that the Lock is authentic.
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=bODBEB6Oo2I
The easy way: get the ID of the Lock by placing it in the main box and clicking ▶. The ID will be displayed at the top. Then you can call the Lock's owner and ask him/her to read the same ID over the phone, or even a substantial portion of the code inside the Lock proper. But let's say you cannot establish a live conversation. If you are communicating exclusively by email, you can send a person whom you know and who knows you the following message, or something like it:
Dear So-and-So:
I just obtained your PassLok Lock from (cite source), but I still wonder if it is authentic since I am unable to view the authenticating video. Therefore, I ask you to help me authenticate it through the interlock protocol. Here's what I want you to do:
Many thanks. Sincerely, This-and-That
Alternatively, you can ask the other person to split the locked message in two, and send you first one half, then the other half (PassLok has a built-in function to split messages securely, explained in another help screen). The pictures or videos (or recordings) don't need to be locked. Only the instructions for making them need to be locked and transmitted with a two-step process. There is an article in PassLok.com that explains how this protocol works for authenticating Locks.
1. Check that the item is in the main box.
2. Click the ▶ button in order to reveal the button dealing with email, which is above the text box.
3. Click the Mail button. If so configured in the device, a window appears containing the item and some explanatory text. You only need to supply the recipient's email address and a subject line before clicking the Send button. If you do not want any explanatory text, check the No tags checkbox in the main screen before clicking ▶.
4. This only works for sending messages, not for receiving them. If you receive a PassLok-locked message, you must copy it into the clipboard and then paste it into the main screen of PassLok, so it can be unlocked. Be also aware that webmail services, such as Gmail, limit the length of messages that can be composed this way. If you get an error from the mail host, you can always copy the box and paste it into a normal mail compose screen.
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=2zxCkA4rDN8
1. Check that the item to be sent is in the main box.
2. Click the ▶ button in order to reveal the button dealing with text messaging, which is labeled Txt/Img.
3. Click the Select button so the text can be selected.
4. Then click the Copy label as it appears on screen. The item is copied to clipboard.
5. Now you can click the Txt/Img button. A window appears with the default texting app.
6. Touch the input box and then paste the clipboard. Send the message in the usual way.
7. To unlock a locked message received by texting, you must copy it to the clipboard, and then paste it in the main box of PassLok.
If you use Short mode to lock a message, steps 2 and 3 are automatic.
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=2zxCkA4rDN8
1. Put the item in the box on the main screen, and then click the ▶ button.
2. The item should remain in the box as the buttons around it change. Then click the Split/Jn button.
3. A popup asks for the total number of parts to be made, and the minimum number required to retrieve the original. Write those numbers, which must be between 2 and 255, and click OK. The parts appear in the main box, replacing the original item, and a message confirms it. Copy the parts one by one and send/store them as needed. It is okay to strip the tags up to the "=" sign, but not recommended. PassLok will do this automatically if the No tags checkbox is checked prior to locking. It is also okay to split the parts with spaces and punctuation other than = + / or line returns.
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=3-6CNa6iNKc
1. Paste a sufficient number of parts on separate lines of the main box. Make sure that each part is unique. You need as many parts as the second number entered when the item was split, which is written at the end of each PL**p tag. Having more parts than the minimum is okay, so long as they belong to the same set and are not corrupt. They don't need to be placed in any particular order.
2. Click the ▶ button, and then the Split/Jn button. If all goes well, the reconstructed item appears in the box, otherwise nothing happens. Likely problems include: insufficient number of parts, incomplete or corrupt parts, parts belonging to different sets.
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=3-6CNa6iNKc
1. Check that the item to be converted into fake text is in the main box. Then click the ▶ button.
2. If you wish to make fake text that is not English, you will have to change the cover text using the process described in the next help item.
3. The Words button replaces each character of the text with a word from the cover text; the recipient of the message thus encoded must have the same cover text. The Spaces button encodes the text into the spaces of the cover text; the recipient does not need to have the original cover text, but it takes seven times more words than with the other mode. When you click either button, the contents of the box are converted into fake text using the current cover, replacing the previous contents.
4. You can now email the fake text, which to an email scanner will be nearly indistinguishable from real text. You can change the punctuation and merge or split lines without changing the encoded material. If you used Spaces encoding, you should be careful not to add or delete any spaces within the encoded text, but it is okay to add more text to complete the last sentence, which may contain additional spaces.
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=KwAETd2pgy4
1. Put the fake text in the box on the main screen. Then click the ▶ button.
2. If the fake text was encoded with the Words method, you will have to load first the cover text used to do the encoding, using the process described in the next help item.
3. Now click either the Words button or the Spaces button, it doesn't matter which. If successful, the fake text in the box is converted back into the original item and displayed in the box, replacing the fake text.
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=KwAETd2pgy4
To display the current cover text (which is the default cover text after reloading PassLok), click the ▶ button, and then the Cover button (short for Cover Text) with the box empty.
To change the cover text (this is necessary to make fake text in a language that is not English):
1. Copy a sufficiently long text (must have at least 70 different words) and paste it into the main box.
2. Click the ▶ button, and then the Cover button.
3. If the change is successful, the box goes blank. If the change is unsuccessful, a message above the box will say why. Typically, failure to change the cover text is due to not having a sufficient number of different words. Use a longer text and try again.
4. The recipient of your messages turned into fake text must have the same cover text in order to retrieve a text encoded with the Words button. One way to ensure this when using a non-English language is to display the default cover text, copy it into a translation utility such as Google Translate, and then use the translation as the new cover text.
5. Since the cover text is a (weak) sort of password for a Words-encoded item, it may be good to put special cover texts in your local directory. To do this, go to the Locks screen , write a new name in the upper box, then paste the cover text in the lower box, and click Save. The cover text can be retrieved like any other stored item, and it will be automatically loaded if displayed on the Locks screen.
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=sv8epS3qBH8
1. Click the ▶ button, and then the button at the bottom of the screen. Different browsers put different labels on it, such as "Browse", "Choose File", and so forth.
2. A dialog will appear so you can navigate to the file. Mobile devices, unless they are jailbroken or rooted, restrict the user to images stored in the device or acquired with the built-in camera. Be aware that pictures taken by the camera are usually too large for PassLok to handle. If all goes well, the file or image loads into the box as a (long) piece of gibberish text, with some identifying information at the top.
3. Now you can lock it, sign it, or split it like a regular piece of text. The process to retrieve the original file is explained in the help item below.
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=v6jnKzzlwS0
1. Make sure the encoded file, which presumably has been obtained by unlocking or merging parts, is in the main box. Click the ▶ button.
2. Click the Save button at the bottom of the screen. What happens next depends on the browser. Chrome and Firefox will save the file, using the original name if not already taken by another file, into the default location for downloads. Safari does the same, but gives it a generic name that you will have to edit later. Internet Explorer doesn't do anything. Mobile browsers normally open another tab displaying the file contents if the file type is recognized, from where you can send it to another app.
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=v6jnKzzlwS0
1. Make sure the item to be hidden is in the main box, and it remains in the box after clicking the ▶ button . Then click the Txt/Img button above the box.
2. A new screen appears to load the image where the text is to be hidden. To do so, click the "Choose File" or "Browse" button (browsers vary on the name). A dialog will appear, where you can choose the image. Bear in mind that images taken with a mobile camera are usually too large for PassLok to be able to use them for hiding items, because of the processing required.
3. When you see the image, click the Hide button. Processing will start, and a message will say when it is completed. At this point, you can right-click on the image and another dialog will offer to save the image. This image now contains the item from the main box, even though it looks the same as before.
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=lRIYi6IDNzY
1. Navigate to the image hiding screen by clicking ▶, and then Txt/Img.
2. Click Choose File or Browse (browsers vary on this) and select the image containing the hidden item.
3. When the image displays on the screen, click the Reveal button. Processing begins, and a message appears when it concludes, saying that the hidden item has been retrieved. If you click Back at this point, you will see the item in the big box. If the image contained nothing, a message will tell you.
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=lRIYi6IDNzY
The biggest vulnerability of PassLok is how easy it is to view, and consequently modify the html code. As mentioned in our Privacy Statement, we will never weaken the underlying cryptography, but others might. Even though we are taking pains to ensure that PassLok is delivered to you in the most secure way compatible with our budget, you should still make sure that you have obtained the genuine code.
If you have obtained PassLok from the Chrome web store, then you are trusting Google with ensuring that the code has not been tampered with. They have powerful methods involving digital signatures recognized by the Chrome browser, which are better than the method for checking the regular html version of PassLok.
The method described at the end of the "get PassLok" section of the PassLok informational website, to verify the integrity of PassLok in html form, is less than perfect but it works in most situations. Once you are sure that your copy of PassLok is pristine, you can save it and run it as many times as you want from its storage location without having to connect to the page server again. Essentially, the method involves loading the source code, obtaining its SHA256 hash using an external utility such as, and comparing that with what the author, Francisco Ruiz, reads in a video.
A lot of this is explained in this video tutorial: https://www.youtube.com/watch?v=1QSRvme3pVQ
A. fjslk7798+fsdkj/fGJr
B. I'll eat 42 Bananas
C. سوف يأكل الموز
D. All of the above
E. None of the above
Click here for Answer:
D. PassLok does not restrict the user to a particular set of characters. Any string that can be encoded as UTF-8 (most languages are) is valid for a Key
A. Use capitals and smallcase letters
B. Use numbers and special characters
C. Make it long; at least 12 characters
D. If you use words that might be in a dictionary, misspell them
E. All of the above
Click here for Answer:
E. Using a variety of characters increases the number of different Keys that a hacker would have to try in order to guess the correct Key. Of course, the longer, the better. Since hackers try the words contained in dictionaries first, you'll do yourself a favor by not using those.
A. True. Computations take longer for shorter Keys
B. True. Computations take longer for weaker Keys
C. True. Computations are made shorter for weaker Keys
D. True. Encryption is done several times for weaker Keys
E. False. This would cause computations to take too long
Click here for Answer:
B. Key stretching essentially means that a new Key is derived from the user's Key after a lot of roundabout computations, and this new Key is the one actually used for locking, unlocking, and everything else. It does not involve multiple encryptions. PassLok uses the "scrypt" algorithm to lengthen the computations involving weaker Keys, as determined by PassLok's built-in Key strength meter. All features contributing to Key strength are considered, not just the length. If a user uses a Key that is scored as Weak or even Terrible, everything will be very sluggish, although it will still work. This forces hackers to spend a great deal of computer time to go through the weak Keys in their dictionaries, or risk missing those.
A. CGRrN5QjMtr+fp74nY+y93EaeHHBh/PTwvLpjL0hl9a2FuTP3mTGjPjMSrXIEmH4gaG41ea4GUkE81m8tDjwydL
B. PL17lok=CGRrN5QjMtr+fp74nY+y93EaeHHBh/PTwvLpjL0hl9a2FuTP3mTGjPjMSrXIEmH4gaG41ea4GUkE81m8tDjwydL=PL17lok
C. PL17lok=CGRrN5QjMtr+fp74nY+y93EaeHHBh/PTwvLpjL0hl9a2FuTP3mTGjPjMSrXIEmH4gaG41ea4GUkE81m8tDjwydL=PL17lok_https://www.youtube.com/watch?v=SYx-rH5yjA4
D. CGRrN5QjMtr+fp74nY+y93EaeHHBh/PTwvLpjL0hl9a2FuTP3mTGjPjMSrXIEmH4gaG41ea4GUkE81m8tDjwydL=http://vimeo.com/88048071
E. All of the above
Click here for Answer:
E. The core of a PassLok Lock consists of 87 base64 characters (smallcase and capital letters a to z, plus numbers 0 to 9, plus / and +). It may be bracketed by tags, which are separated by the core by = signs. PassLok detects these signs and uses as a Lock the longest string between them. Therefore, video URLs and other material can be added without affecting the function of a Lock. Not all 87-character base64 strings are valid Locks, however. Only about half of those are valid Locks, which PassLok will check right before using it. It is impossible to tell by visual inspection whether a given 87-character string is a valid Lock, however.
A. You get the Lock from the Key, but you cannot get the Key from the Lock
B. You get the Key from the Lock, but you cannot get the Lock from the Key
C. You can get either of them from the other
D. Key and Lock are independent from each other
E. None of the above
Click here for Answer:
A. You get the Lock from the Key, but it is impossible to get the Key from the Lock. This is why the Lock can be made public while the Key remains secret.
A. The message is locked in PassLok, then the user copies it to any email program and sends it over unsecured channels
B. PassLok establishes a secure channel with the user, and then the message is sent to a server where it is locked before it is sent
C. Both sender and recipient connect to the same secure server, and thus the message is never sent over unsecured channels
D. The message is obfuscated but it is not really locked until it reaches the recipient
E. The recipient must first supply a password so the message can be locked before it is sent. This is done transparently to the sender.
Click here for Answer:
A. Locking and unlocking in PassLok involves no servers, and transmission takes place over unsecured channels, such as regular email. This implies that the message is locked before it leaves the sender's device. Answer E comes pretty close, but the recipient does not send a password or Key, which would be secret to everyone but the sender and might be compromised if sent over email; instead, the recipient sends a Lock, from which his/her Key cannot be obtained.
A. Strings placed at beginning and end of PassLok items, so PassLok knows what they are
B. Strings placed at beginning and end of PassLok items, so users know what they are
C. Necessary for PassLok to complete actions such as unlocking a message
D. A way to identify the author of a PassLok item
E. A way to include the date when a PassLok item was created
Click here for Answer:
B. Tags such as "PL17lok" and "PL16sig" tell the user that what is between the tags is a PassLok item (PL), the version under which they were created (1.7 and 1.6, respectively), since sometimes a specific version of PassLok is needed in order to handle an item successfully, and the type of item they are (a Lock and a signature, respectively). PassLok can tell what type of item it is dealing with even if the tags are absent, so long as the rest of the item is complete. The tags in no way identify the author or include any information other than what is mentioned above. If the user wishes to produce items bearing no tags, he/she can do so simply by checking the No tags checkbox.
A. Lock/Unl to lock, Sig/Ver to unlock
B. Sig/Ver to lock, Lock/Unl to unlock
C. Lock/Unl to lock, either Lock/Unl or Sig/Ver to unlock
D. Lock/Unl both to lock and to unlock
E. The button to be clicked depends on the locking mode
Click here for Answer:
D. The Lock/Unl button does everything related to locking and unlocking. PassLok detects if the main box contains a locked message, and if so, the locking mode used and proceeds to unlock regardless of the mode set with the checkboxes below. If no locked message is detected, PassLok proceeds to lock the message instead, using the mode set with the checkboxes.
A. You lock with your Key and the recipient unlocks with your Lock
B. You lock with your Lock and the recipient unlocks with his/her Key
C. You lock with the recipient's Lock, and the recipient unlocks with his/her Key
D. You lock with the recipient's Key, and the recipient unlocks with your Lock
E. None of the above
Click here for Answer:
C. You lock with the recipient's Lock, and he/she unocks with his/her Key. Using your Key to lock a message would mean (assuming it were possible), that the message is going to be unlocked either with your Key, which would imply that you'd have to give your secret Key to someone else (a no-no in PassLok), or with your Lock, in which case the whole world would be able to unlock the message since the Lock is public. You cannot lock with the recipient's Key, since you don't have it. Locking with your Lock would imply that the recipient has your Key, which he doesn't.
A. True, and the message would be unlocked with the recipient's secret Key
B. False. Sharing a Key is a no-no in PassLok
C. False. This is possible sometimes, but not in all modes
D. True, and the message would be unlocked with the same shared Key used to lock it
E. None of the above
Click here for Answer:
D. You can always lock a message with a shared Key, different from your secret Key, and then the message would be unlocked with the same shared Key. A shared Key, like a secret Key, can be any string that can be written with UTF-8 characters. If it contains exactly 87 characters, and those characters are of the base64 set, it will be mistakien for a Lock, so this particular combination should be avoided.
A. Both the sender and the recipent must have the same Key and the same Lock
B. The recipient must have the sender's Lock
C. The sender must have the recipient's Lock
D. Both sender and recipient must have both Locks
E. None of the above.
Click here for Answer:
D. Both sender and recipient must have both Locks. Each party obviously has his/her own Lock. To lock a message in any mode, the sender needs to have the recipient's Lock. In signed mode, the recipient must additionally have the sender's Lock so the origin of the locked message can be verified.
A. False. A locked message contains no information at all identifying sender or recipient
B. False. Only the recipient's identity could be found, by matching his/her Lock
C. False. Only the sender's identity can be found, since his/her Lock was involved in locking the message
D. False. Part of the recipient's Lock or shared Key is included, but it is encrypted
E. True. The recipients need to know what part of the message is meant for them, so there is always some identifying information
Click here for Answer:
D. Regular-length locked messages can be locked for multiple recipients by encrypting the special message Key individually for each recipient. The encrypted Keys are identified by a tag, which is made from some information pertaining to each recipient, but it is also encrypted so no one else can read it. Concerning the sender, the only way to tell who sent a message is by unlocking a message locked in Signed or PFS modes.
A. The message self-destructs after reading
B. Locked messages become unreadable to both sender and recipient after a while
C. The messages cannot be tracked over the Internet
D. Messages contain a hidden message
E. None of the above
Click here for Answer:
B. Messages locked in PFS mode use temporary Keys that are overwritten next time either party locks a message, so a message becomes unreadable even to the sender after the Key used to lock it has been changed, that is, after one more message from both sides. This does not mean that messages cannot be tracked over the Internet, which depends on the software used to transmit them, not on PassLok. Hidden messages are possible, but this is Decoy mode, not PFS. Finally, answer A is partially true: if a message is locked with both PFS mode and Short mode selected, it can only be onlocked once.
A. Are limited in length
B. Can be locked in any mode
C. Can contain hidden messages
D. Are limited to a single recipient
E. All of the above
Click here for Answer:
E. Short mode messages are limited to 160 characters (159 in some modes) after they are locked, so they can be texted easily. This imposes even stricter limits on the length of the unlocked message. All modes are possible: Anonymous, Signed, or PFS, both using Locks and shared Keys. They can also contain a shorter hidden message. Finally, space limitations make it impossible to have more than one recipient who would be able to unlock the message.
A. The same Key or Lock is used to lock a second message
B. A popup automatically asks for the Decoy Password if the message contains a hidden message
C. It is possible to add a second message that is itself unlocked
D. The whole thing is a decoy. There is no real message in there
E. None of the above
Click here for Answer:
E. In decoy mode, a second message of limited length is locked under a different shared Key, which cannot be empty. Answer B comes closer to the truth, but not quite: a popup asking for a Decoy Password will appear whenever Decoy mode is selected for unlocking. There is no way to know whether or not a particular locked message has been locked using Decoy mode, and therefore may contain a hidden message.
A. Always except in Short mode
B. Always except in PFS mode
C. Always except in Decoy mode
D. Always, except when using a shared Key for at least one recipient
E. None of the above
Click here for Answer:
A. There is nothing preventing PassLok from locking a message for multiple recipients in any mode, except that it must include a portion meant for each recipient to unlock, and then the locked message would not fit within the 160-character limit of Short mode. Therefore, only one recipient is allowed in Short mode.
A. A random-looking string that reveals who locked a message
B. A special locking mode that authenticates the contents
C. The reverse of Anonymous locking
D. A special Key that you can actually share safely
E. A random-looking string that reveals who wrote a plain message
Click here for Answer:
E. A digital signature is neither a Lock, nor a Key, nor a locked message, nor the reverse of locking (although it somewhat looks like it). It is associated with a particular plain (not locked) text and with a secret Key. When you apply your secret Key to the plain message by means of the Sig/Ver button, a random-looking string is appended to the message, which remains plain to read. Then people can verify that it was you, the possessor of that particular secret Key, who did this, by applying the Lock matching that Key (the Lock is public, so they know it) to the message plus the signature and clicking Sig/Ver again.
A. In the local directory, unencrypted
B. In the local directory, encrypted
C. In the general directory, encrypted
D. Only between sessions, then it is deleted
E. Never, anywhere
Click here for Answer:
E. The secret Key is never stored anywhere within or outside PassLok. It is retained in a special input box while it is used, but it is deleted as soon as PassLok closes. If the Key is not used by any function within PassLok for five minutes, it is automatically deleted even though PassLok might still be running.
A. Only Locks
B. Locks and shared Keys
C. Locks, shared Keys, and Lists
D. Locks, shared Keys, Lists, and Cover texts
E. Locks, shared Keys, Lists, Cover texts, Lists, and alternative secret Keys
Click here for Answer:
D. Just about anything that PassLok uses can be stored in the local directory. The exception is the secret Key, which is never stored anywhere. Its matching Lock is stored, however, and this is why users are advised to remove this stored Lock by clicking Reset on the Key screen if he/she decides to change the secret Key.
A. Are stored permanently, and cannot be modified or removed
B. Are stored permanently, but can be modified or removed at any time
C. Are stored permanently, and they sync automatically across devices
D. Are stored permanently, and they sync automatically with the general PassLok directory
E. Are not stored permanently. When PassLok closes, they are deleted from memory
Click here for Answer:
B. The point of the local directory is that users can keep handy their contacts' Locks, etc. without having to look them up again. They only need to supply the name they gave to each particular item. If they don't remember it, they can list the complete directory and find it that way. Only the Chrome app version of PassLok syncs across devices, so long as the user logs into his/her Google account within Chrome (because this requires some sort of connection with a server, which PassLok does not have by default). The general directory, though handy, is entirely optional and accepts only Locks.
A. You write the recipients' names in the local directory, one per line, in the Locks lower box
B. You write the recipients' Locks, one per line, in the Locks lower box
C. You write the name of a List containing the recipients' Locks, in the Locks upper box
D. You write the name of a List containing the recipients' names in the directory, in the Locks upper box
E. Any of the above, or any combination of them
Click here for Answer:
E. PassLok will detect automatically if an item entered on its own line in the Locks lower box is itself a Lock or the name of a Lock. If the presumed name is not found in the local directory, PassLok will use it as a shared Key, but will warn you before in case this is a mistake. If you put all those items into a List, it is enough to begin typing the name of the List in the upper box. The only restriction is that Lists are not nested (Lists containing names of other Lists); Lists can be merged if necessary, though.
A. Is built into PassLok, so the program can retrieve other users' Locks as needed
B. Can be accessed from within PassLok and then there is some integration, but it is not necessarily loaded since it is a separate webpage
C. Is a completely separate website that has no integration with PassLok other than a button to load it, since it involves a server
D. Has no connection with the PassLok app, though its server is related to it
E. Is an entirely separate website from entirely different people. PassLok does not endorse it
Click here for Answer:
B. There is as much integration with the general PassLok directory as possible within the "no server" philosophy of PassLok. This means that the general directory, which necessarily involves a server, is actually a separate webpage that is blended as seamlessly as possible within PassLok. You can send your Lock from PasssLok to the directory (you only need to supply your email address, since the directory indexes Locks by email address and confirms changes by email, and click the Post button), and the directory can send Locks to PassLok (you still need to supply a name and click the Save button), but that's where the integration ends. The general directory page is not even loaded unless specifically requested.
A. I must use the Chrome app version of PassLok. It is not possible otherwise since the local direactory is tied to a particular device and browser
B. I can use the Chrome app, or I can export the entire local directory, and then import it into the new device
C. I can use the Chrome app, or I can export that particular Lock so that I can use it in another device
D. I can always get them from the general PassLok directory, since my local directory syncs automatically with the general directory
E. This cannot be done. The local directory is strictly local for security reasons
Click here for Answer:
B. The Chrome app version of PassLok syncs its local directory items, one at a time, through Google, and then the user can retrieve them from there by typing the entire name in the Locks upper box, followed by the Enter key. For the regular html version, however, users must first export their entire local directory so it can be imported into a different device. But this is not difficult to do; just click the Move button, followed by Mail. In most web-based email programs, such as gmail, a draft email containing the encrypted directory will be created immediately, which can be easily retrieved from another machine, and then automatically imported into PassLok as if unlocking a message. The general PassLok directory stores only one Lock at a time, and it must be done by the original owner of that Lock.
A. I downloaded the Lock from the general PassLok directory, which means it is good
B. I have verified a witness's digital signature attached to the Lock
C. I made sure that the Lock actually belongs to the person who claims ownership of it
D. I submitted it to the general PassLok directory, along with some personal information
E. I made a video of myself reading part of the Lock, and appended its URL to the Lock before posting it
Click here for Answer:
C. A Lock should not be taken as authentic until you have made sure that it actually belongs to the person who claims to have made it. Otherwise, you may find yourself locking sensitive information for an interloper to read. One way to authenticate a Lock is when the owner has added a video of him/herself reading a portion of the Lock, or of its ID displayed right above it (easier to read), which you watch. If you recognize the person and the code being read matches what you've got, then you can consider the Lock as authentic. Getting the Lock from the general PassLok directory is not enough, since the general directory authenticates entries only by email confirmation, which could be faked by people having access to mail servers. Even though it is possible to do so, PassLok does not authenticate Locks by "web of trust" or similar signature-based schemes.
A. True. There is no difference at all between PassLok running on a computer vs. a smartphone
B. False. Either the mobile or the non-mobile code is downloaded to the device, depending on what the device is
C. True, but PassLok detects the platform it is running on, and behaves differently according to that
D. False. Chrome apps and extensions don't run on mobile devices (yet)
E. The distinction is meaningless, since the PassLok code is generated on-the-fly for any device
Click here for Answer:
C. There is only one html code for PassLok, but it runs differently on PCs and mobile devices. Some buttons behave differently, however. If you click Txt/Img on a PC, the image hiding screen appears; on a mobile device, the default texting app opens instead. This is because PCs usually don't have a default texting app, and mobile devices tend to modify images as they load them, making image hiding difficult. There are other differences arising from the non-mobile browsers ability to display at different resolutions and with different screen sizes. The packaged Chrome app (which at this point is not yet supported by mobile Chrome) has its code split among different files rather than all in one file because of Google restrictions, but is otherwise identical to the html version, including Chrome-specific functions that the html version cannot use.
A. I have obtained it from a friend
B. I have downloaded it from one of the official mirrors
C. I have downloaded it from one of the official mirrors and verified its SHA256 checksum
D. I have downloaded it from one of the official mirrors, verified its SHA256 checksum, and compared it with what the author reads in a video
E. It is impossible to authenticate PassLok, so "authenticating" actually means getting a false sense of security
Click here for Answer:
D. Someone could hack into a PassLok server and change the code in subtle ways that make it insecure, so it is a good practice to audit the code (if you are adept in cryptography and web app programming) or, for the rest of us, at least make sure the code still is what the author wrote. If you do this, it doesn't really matter how you got the code. The standard way to authenticate the code is very much like for authenticating a Lock, except that you get the SHA256 of the entire code (using a separate utility, not PassLok itself), and then hopefully you recognize the author after having done it a few times. We're looking into engaging a celebrity to do this, but not yet ;-) If you have the Chrome app version, then Google is vouching for its integrity, so it all depends on whether or not you trust Google.
A. Turns text into several random-looking parts, some of which must be joined together to retrieve the original
B. Hides text inside images
C. Turns text into a different text, and back
D. Hides text within the spacing of another text
E. None of the above
Click here for Answer:
A. When you click the Split/Jn button, a popup asks for the number of parts to make, and the minimum number that will be needed to retrieve the original. To reconstruct, paste in a sufficient number of parts form the same set, each on a separate line, and click the same button. If but one part is missing, it is impossible to retrieve even one bit of the original.
A. True. It converts each character into a word, which can be later converted back
B. True. It converts each character into a series of spaces, so the output is hidden in the spacing between words of a text
C. True, but the recipient must have the same Cover text to get the original item back
D. True, but this does not provide any real security
E. All of the above
Click here for Answer:
E. PassLok includes two ways to disguise its random-looking output as text: Words and Spaces. Using the Words method, each character is replaced by a word of the Cover text, which measn that the recipient must have the same Cover text. In the Spaces method, each characters is endoded as single or double spaces between words without altering the words of the Cover text, which the recipient does not need to have, at the expense of a greater length. Neither method provides real security, so PassLok will refuse to apply them to plain text.
A. False because, since the output is random-looking, the images will look like abstract paintings
B. True, but space is limited
C. False, since web browsers always change images as hey load
D. True, but one can tell that there is something hidden in the image
E. True, and this is more secure than hiding within text
Click here for Answer:
B. PassLok can hide its output within images by replacing the least significant digits of the color value of each pixel with the encoded characters. The larger the number of pixels, the more material can be concealed. Current mobile browsers change images as they load, however, so decoding is only possible with non-mobile browsers. The resulting image is usually indistinguishable from the original, but this is not really secure because no password is needed to retrieve the original. Because of this, PassLok does not allow this function to be applied to plain text.
A. False. PassLok is html code runnning in a browser, which is not allowed to alter local files
B. False. There is no way to load files into the PassLok windows
C. True. This works equally well on mobile and non-mobile
D. True, but some browsers don't do his well, especially mobile ones
E. True, but this does not provide any real security
Click here for Answer: