MiniLock is a small, portable file encryption software. The idea behind its design is that
a passphrase, memorized by the user, can act as a complete, portable basis for a
persistent public key identity and provide a full substitute for other key pair models, such
as having the key pair stored on disk media (the PGP approach).
Cure53 conducted a penetration test of MiniLock in 2014 over a period of four days. The test identified one medium-range vulnerability, arguably rather harmless under the considered scope. In addition, ten general weaknesses, minor flaws and issues that warrant security-recommendations. Tests were carried out against the miniLock browser extension itself, its locally-modified versions and the provided sourcecode. Over the course of the pentest, the issues were reported in an ongoing manner by Cure53 and resolved by the author.
The full report and summary of findings can be found below.
This website deploys cookies for basic functionality and to keep it secure. These cookies are strictly necessary. Optional analysis cookies which provide us with statistical information about the use of the website may also be deployed, but only with your consent. Please review our Privacy & Data Policy for more information.