Subscribe
Sign in
ZeroKit — Breach-proof user auth & end-to-end encryption SDK in one
33
Replies
@kleneway thanks for the feedback. We believe that authentication, key management, transport and at-rest security should be one single technology, otherwise you're duct-taping technologies together that are not designed to work together securely. Come and join us as an early adopter! http://zerokit.org - pls sign up and let's continue on Slack.
Interesting. I'm reluctant to rely on a 3rd party service for auth, but this looks like a good product.
@estebanrules Thanks so much for the feedback Damian. We interviewed many SaaS companies (of all sizes) who use DIY and open source authentication solutions: most of them didn't realize how vulnerable they were for just a simple "pass the hash" attack to log in on behalf of a user with the stored hash version of the password. Give us a try! http://zerokit.org - register and let's chat on Slack!
@sridhar_kondoji absolutely. The SSL encrypted password terminates on the web server (for the web server code to consume it): as a result, clear data shows up in the server's memory & in log files - #1 hack. #2: pass the stolen hash over to your login function which will just do a string comparison and I'm in. We don't use hashes, but use SRP instead, where pass the hash hacks are impossible; we client-side encrypt everything, too, so they don't terminate on the web server. Register at http://zerokit.org and let's chat, we'd love to make your login secure.
@sridhar_kondoji and consider #2 too (pass-the-hash): check out how SRP works, it's a whole new level of security: https://en.wikipedia.org/wiki/Se... We're free for up to 1,000 monthly active users then 1 cent per MAU beyond. And the bonus: once you logged in your users with our auth service, you can start to end-to-end encrypt and "zero knowledge share" between them.
Will your 📝-taking app use ZeroKit as backend? @istvanlam, how is it coming along btw 🤓 Any news?
@sridhar_kondoji User auth, SSL & at-rest encryption are normally 3 different libraries that need to be glued together and data decrypted at every connection point. We built these 3 to be one component that keeps data encrypted at all times. Check us out, register and let's chat on Slack!
@philipkuklis Thanks Philip! Would love to have you among our early adopters...
It reads like you have everything done right to raise the security bar AND to compete with other cloud storage services in terms of comfort. The only thing i was surprised about was that you reach out to dropbox customers but don't offer a free personal plan.
@hevydevy thanks; can't wait to work with you! If you didn't do it yet, sign up at http://ZeroKit.org and let's continue chatting on Slack if you have any questions.
@robertsimoes thanks for the feedback! We'd love to have you on board as an early adopter. http://zerokit.org - sign up and let's continue on Slack!
@findabhilash thanks for the feedback. Would love to have you onboard as an early adopter...
Looks great. I am founder sendotp.com are you open for any kind of partnership or something?
We're excited to launch ZeroKit, our new SDK to help developers protect their users' security and privacy. ZeroKit makes it easy for teams even without cryptography expertise to implement zero-knowledge user authentication and end-to-end encryption in their apps.
ZeroKit can be integrated in all kinds of apps:
- chat and email
- collaboration tools
- healthcare and medical services
- fintech apps
- enterprise data management tools
The SDK is available for Java, JavaScript and Swift.
ZeroKit uses the crypto and authentication of the Tresorit file sync & sharing app: https://www.producthunt.com/post...
If you have any questions, just ping us or join our next webinars: Feb 7, 2017 11:00am
Feb 15, 2017 11:00am (PT): https://zoom.us/webinar/register... We're eager to hear your feedback!
This is intriguing. Once I have some spare time I'd like to test this alongside Auth0 and Firebase Auth. The former is pricier, while the latter is free but requires some finagling to set up with a separate database. ZeroKit looks like it might fit into the gap between the two.
@alexpete thanks for the feedback, we'd love to have you on board. What truly differentiates us is that we don't use hashes (we use SRP which is more secure) and we enable you not to even see your users' password. Sign up and let's chat in Slack. http://zerokit.org
@alexpete oh, and we're free for up to 1,000 monthly active users then 1 cent/MOU beyond 1,000. But the true cool thing is that once you use our authentication, you can start to end-to-end encrypt and "zero knowledge share" data between your users!
PromptPlays.ai