Message Vault is a tool for creating and sharing encrypted messages.Message Vault (MV) is a single file (HTML/Javascript) that you save to your local PC (Mac, Win or Linux), then use a Web Browser to create, edit, and encrypt a message.
- MV messages can be created and edited with Internet Explorer 5+ and Firefox 1.5+
- MV messages can be viewed with nearly any modern browser
- MV does not need to be saved locally to view messages (only to create/edit).
- MV saves over itself (much like TiddlyWiki, if you are familiar with that)
- The message itself is encrypted with a 128-bit AES algorithm
- Navigate to this HTML file: messagevault.html, and then save it to a local disk (PC/Mac/Linux).
- Be sure to save as "Web Page, HTML-only"
- Internet Explorer Users: Do not right-click link above to save file. Open the page in a browser window and use "File>Save as..." from your toolbar, or "Alt+f >Save as..."
- Name the file whatever you like, as long as it ends with ".html" - Open the local file in a browser (IE/Firefox) - approve any/all permission request popups.
- Create a password
- Enter the text you wish to encrypt
- Click "Save Changes" - approve any/all permission request popups
(IE will warn you that an ActiveX control may be unsafe, Firefox will warn you it's about to write a file, approve/allow either message) - Share the encrypted, password-protected message - Leave it on your desktop, put it on a jump drive, email it, post it to a website, etc.
(But only share the password with those you want to be able to read the message)
Original Blog post announcing Message Vault here
General discussion of Message Vault is available at its own Google Groups page
Direct questions can be emailed to kokogiak@gmail.com
Full description of Message Vault below
Examples - click to view message in browser, or save to your PC, then open in IE or FF browser to edit:
- Example 1 - The first paragraph of Moby Dick (password: "sample")
- Example 2 - A Recipe for Taco Soup (password: "sample")
Full Description:
Message Vault is just a file - a very flexible file - but just one file, that's it. It is a readable-writable HTML file. It may be easier to say what Message Vault is not, rather than what it is .
Message Vault is:
Supported Browsers
For Editing: Internet Explorer 5+, Firefox 1.5+, and Netscape 8+ (on Windows, Macintosh or Linux desktops)
For Reading: Internet Explorer 4+, Firefox 1+, Netscape 7+, Opera 8+, Safari 2+ and more.
FAQ:
Q) What does this cost?
A) Nothing, it's free.
Q) Why not use PGP?
A) You can use both PGP and Message Vault - MV is just simpler (works in a browser), and does not require any extra software to view
Q) Why not just save the message as a password-protected Word Doc?
A) That works fine - as long as any potential recipient also has a copy of Word for Windows
Q) What sort of message should I store?
A) I have no idea - your Flickr Login, Your mother's chile recipe, Moby Dick (if you have the patience).
Q) What if I forgot my password?
A) Don't forget your password! It isn't stored in your message file in any way, nor is it stored anywhere else. If you forget your password, it's not recoverable, since it's never stored. Don't forget it.
Caveats:
Encryption with Javascript can be slow, so shorter messages are best. Messages longer than 5,000 characters may take a considerable time to encrypt or decrypt.
The stronger (harder to guess) your password, the more secure your message will be! The 128-bit encrypted message is fairly safe (would take a very long time to crack), and your password may also be fairly safe, but it is the easiest point of entry for potential cracking.
What does that mean exactly? Well, if you create a message and save it with a simple password: "cat", that's A) pretty easy to guess, B) short enough for a program to quickly guess by 'brute force' (trying all letter combinations, one after the other) C) Even easier to crack because it's a word found in a dictionary, so an automated cracker could just run through a list of words (a dictionary attack) and try one after the other until they get "cat". For more on password strength, read this article. At the very least, make your passwords longer than 8 characters, and include non-letter characters if you can (#,!,$,9, etc.)
Is Message Vault secure enough for State Secrets? No - Absolutely not. A major weakness of a self-decrypting archive is that it's like a safe that (if they got hold of it) someone could take home and try to crack at their leisure. They may never crack it, but then again, there is no time limit or other restriction to deter a very determined cracker.
Is Message Vault secure enough for your messages? That depends, in most cases, yes, it probably is. If you just want to keep something hidden from casual prying eyes, and easily portable (viewable in most any browser), then Message Vault is probably a good fit.
How can you keep your message safer when sharing it? In declining order of safety, here are some steps you can take:
Legalese:
Encryption Laws vary all over the world - You are responsible for ensuring that you are not violating any local law by downloading, using or distributing any of this cryptographic software.
Message Vault is distributed under a BSD License:
Copyright (c) 2007, Alan Taylor http://kokogiak.com & Contributors
All rights reserved.
This software is provided as-is, without express or implied warranty. Permission to use, copy, modify, distribute or sell this software, with or without fee, for any purpose and by any individual or organization, is hereby granted, provided that the above copyright notice and this paragraph appear in all copies. Distribution as a part of an application or binary must include the above copyright notice in the documentation and/or other materials provided with the application or distribution.
This software is provided by the copyright holders and contributors "as is" and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall the copyright owner or contributors be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement of substitute goods or services; loss of use, data, or profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this software, even if advised of the possibility of such damage.
Message Vault is:
- not hosted
- not a website
- not a webservice
- not a program (executable)
- Create, read and change an encrypted message (using the password as a key)
- Save an encrypted message within itself (using a web browser to save itself with encrypted message and password key inside)
Supported Browsers
For Editing: Internet Explorer 5+, Firefox 1.5+, and Netscape 8+ (on Windows, Macintosh or Linux desktops)
For Reading: Internet Explorer 4+, Firefox 1+, Netscape 7+, Opera 8+, Safari 2+ and more.
FAQ:
Q) What does this cost?
A) Nothing, it's free.
Q) Why not use PGP?
A) You can use both PGP and Message Vault - MV is just simpler (works in a browser), and does not require any extra software to view
Q) Why not just save the message as a password-protected Word Doc?
A) That works fine - as long as any potential recipient also has a copy of Word for Windows
Q) What sort of message should I store?
A) I have no idea - your Flickr Login, Your mother's chile recipe, Moby Dick (if you have the patience).
Q) What if I forgot my password?
A) Don't forget your password! It isn't stored in your message file in any way, nor is it stored anywhere else. If you forget your password, it's not recoverable, since it's never stored. Don't forget it.
Caveats:
Encryption with Javascript can be slow, so shorter messages are best. Messages longer than 5,000 characters may take a considerable time to encrypt or decrypt.
The stronger (harder to guess) your password, the more secure your message will be! The 128-bit encrypted message is fairly safe (would take a very long time to crack), and your password may also be fairly safe, but it is the easiest point of entry for potential cracking.
What does that mean exactly? Well, if you create a message and save it with a simple password: "cat", that's A) pretty easy to guess, B) short enough for a program to quickly guess by 'brute force' (trying all letter combinations, one after the other) C) Even easier to crack because it's a word found in a dictionary, so an automated cracker could just run through a list of words (a dictionary attack) and try one after the other until they get "cat". For more on password strength, read this article. At the very least, make your passwords longer than 8 characters, and include non-letter characters if you can (#,!,$,9, etc.)
Is Message Vault secure enough for State Secrets? No - Absolutely not. A major weakness of a self-decrypting archive is that it's like a safe that (if they got hold of it) someone could take home and try to crack at their leisure. They may never crack it, but then again, there is no time limit or other restriction to deter a very determined cracker.
Is Message Vault secure enough for your messages? That depends, in most cases, yes, it probably is. If you just want to keep something hidden from casual prying eyes, and easily portable (viewable in most any browser), then Message Vault is probably a good fit.
How can you keep your message safer when sharing it? In declining order of safety, here are some steps you can take:
- The first (safest) way is to not create a Message Vault message at all.
- If you choose to use MV, then the best method would be to create an MV message and save it in a safe place on your password-protected, non-networked PC.
- The next safest method is to create an MV message and save it in a safe place on your password-protected PC (accessible to a network).
- The next safest way would be to just save the MV message on your unprotected desktop, or a jump drive/floppy disk.
- Next would be to send your MV message through email.
- The least-safest method would be to post your message on a public website. (Remember the safe-cracker analogy above? This method is like leaving your locked safe lying in the street, just inviting someone to come grab it and try to crack it)
Legalese:
Encryption Laws vary all over the world - You are responsible for ensuring that you are not violating any local law by downloading, using or distributing any of this cryptographic software.
Message Vault is distributed under a BSD License:
Copyright (c) 2007, Alan Taylor http://kokogiak.com & Contributors
All rights reserved.
This software is provided as-is, without express or implied warranty. Permission to use, copy, modify, distribute or sell this software, with or without fee, for any purpose and by any individual or organization, is hereby granted, provided that the above copyright notice and this paragraph appear in all copies. Distribution as a part of an application or binary must include the above copyright notice in the documentation and/or other materials provided with the application or distribution.
This software is provided by the copyright holders and contributors "as is" and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall the copyright owner or contributors be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement of substitute goods or services; loss of use, data, or profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this software, even if advised of the possibility of such damage.