Enhancing Security and Privacy With Password Protection
At QRClip, our mission is to provide a file and text sharing service that puts security and privacy first. Today, we’re excited to introduce a new feature that will further enhance your experience: password protection for your QRClips. This extra layer of security ensures that your shared data is only accessible to those who have the right password. Let’s find out how this feature works and how it strengthens the security and privacy of your data.
You can set the password by clicking on Password and Deletion
A Step Forward in Security
Password protection serves as an extra layer of protection for your shared data by limiting access only to those who have the correct password. By combining a random 256-bit key, the user’s password and the Argon2ID algorithm, this feature ensures reliable security. Even if someone gets their hands on the link or the QR code, they cannot access the data without the correct password. This is especially beneficial for users who value security and privacy when sharing files and texts. In addition, users can set an access limit so that every unsuccessful password attempt counts against this limit. For example, if the user sets a limit of 5 accesses, an attacker can only try 5 passwords before the QRClip is deleted forever.
How Password Protection Works
For Non-Tech Users
- When creating a QRClip, users can now set a password to provide an extra layer of security for accessing the encrypted data.
- QRClip combines a random 256-bit key with the user’s password and a strong algorithm to create a secure access key.
- This access key is required to retrieve encrypted data from the server, and the data can only be decrypted and accessed by those who possess both the correct password and the link or QR code.
- Even if someone gets the link or QR code, they won’t be able to access the data without the correct password, making it very secure. Users can also set an access limit, so each failed password attempt counts towards that limit, further enhancing security.
For Tech-Savvy Users
Warning: This paragraph is more technical
Password protection in QRClip utilizes a combination of a random 256-bit key, the user’s password, and the Argon2ID algorithm. When the user sets a password, the first 16 characters of the QRClip subID (a random 32 bytes string) are used as the salt, and the password is hashed using Argon2ID to generate a 64-byte hash. The access key is derived by slicing the hash from the 32nd to the 48th byte. This access key is required to retrieve encrypted data from the server (is sent has a header on each request).
The random key(present in the link fragment) and the first 32 bytes of the Argon2ID hash generated from the user’s password are combined into a new array. The salt for the second hashing is taken from the 48th to the 64th byte of the password key. The combined array and the salt are hashed again using Argon2ID to create the encryption key. This ensures that the data remains secure and can only be accessed and decrypted with the correct password.
Moreover, setting an access limit restricts the number of attempts an attacker has to guess the password, further improving the security of the shared data. By using this process, QRClip ensures robust security and privacy for the users’ shared files and text.
For those who are interested in the technical aspects of our new password protection feature, we invite you to visit our GitHub page. There, you will find the Golang CLI that implements password protection, offering a clear and concise explanation of how the feature works behind the scenes.
The introduction of password protection to QRClip reflects our ongoing commitment to delivering a secure and private file and text sharing experience. We encourage you to take advantage of this new feature and enjoy the enhanced security and privacy it provides. We appreciate your continued support and welcome any feedback or suggestions for further improvements. Stay tuned for more updates and new features from QRClip!