MiniLock is a small, portable file encryption software. The idea behind its design is that a passphrase, memorized by the user, can act as a complete, portable basis for a persistent public key identity and provide a full substitute for other key pair models, such as having the key pair stored on disk media (the PGP approach).

Cure53 conducted a penetration test of MiniLock in 2014 over a period of four days. The test identified one medium-range vulnerability, arguably rather harmless under the considered scope. In addition, ten general weaknesses, minor flaws and issues that warrant security-recommendations. Tests were carried out against the miniLock browser extension itself, its locally-modified versions and the provided sourcecode. Over the course of the pentest, the issues were reported in an ongoing manner by Cure53 and resolved by the author.

The full report and summary of findings can be found below.