High-security passwords and encryption
ATTENTION CURRENT USERS
PassLok Universal is about to be released in this store. It is very much like FusionKey, except that it also includes PageCage, for isolating pages, and has a tighter integration with email services and login pages. Check it out.
TAKE PRIVACY INTO YOUR OWN HANDS
FusionKey is the fusion of two apps also in this store, PassLok and SynthPass, into a single icon. PassLok provides easy, end-to-end secure encryption for email, plus real-time chat, that does not rely on servers and is therefore immune to hacking or government intervention. SynthPass is a high-strength, easy to use password synthesizer and manager that is also independent of servers. Which application starts depends on what's on the currently displayed page.
--FusionKey is incredibly easy to use--
To encrypt a message or file, just click the FusionKey icon when the Compose or Reply box is showing. A popup will take your private message and encrypt it with the click of a button. Then you can send it out like any other message, or as an attachment.
To decrypt it, click the FusionKey icon. A popup will show the decrypted message or file immediately, or will tell you if there is any problem.
To fill a password, just click the FusionKey icon when the password box appears on the page, then click OK. FusionKey will also supply your user ID if you want. There are no settings to worry about.
FusionKey asks you for your Master Key only once. It can be anything you want, so you can actually remember it. FusionKey will evaluate its strength and compensate for its weakness by lengthening the computations. It won't be stored or sent anywhere, and FusionKey will forget it after five minutes of inactivity.
You'll never have to change your Master Key. If they force you to change a password for a website, just supply a different serial in the dialog. FusionKey will remember it for you.
--Lots of power in a slender package--
You can use either of these three encryption modes, by just clicking a button:
1. Anonymous mode (default): encrypted messages don't contain any information identifying the sender. Useful for posting anonymously, but for email you may want to try the other two modes.
1. Signed mode: encrypted messages can be decrypted again, so long as the recipients supply their authentic Master Keys. Recipients are also assured that the message was encrypted by the sender.
2. Read-once mode: after a few encrypted messages have been exchanged they can no longer be decrypted by anyone, even if they supply the correct Key.
In addition, you can make encrypted chat invitations which, when decrypted by the recipients, open a webRTC real-time chat session where participants are directly connected to one another. The chat session includes text, files, audio, and even video.
FusionKey allows you to encrypt files and images as well. Just load them with a toolbar button. You can also encrypt them separately and load them as regular attachments.
For the very paranoid (and who isn't these days?), FusionKey includes four special features:
1. Encrypt to image: the message is encrypted into an image you supply and then attach to your email, so the presence of a hidden message cannot be detected even by computer analysis.
2. Concealed mode: the encrypted message does not look encrypted, but actually looks like normal text. PassLok still detects it and decrypts it normally, though.
3. Invisible mode: the encrypted material cannot be seen at all. It is hidden in the space between the lines of an otherwise normal message.
4. Hidden msg: there is a hidden message in addition to the regular message, and it is encrypted by a separate key. The hidden message is completely undetectable to those who don't know it exists. Images also can contain hidden messages.
FusionKey set to Email mode is fully compatible with PassLok for Email, also in this store. It is more lightly integrated with email sites, which allows it to support any sort of web mail service (PassLok for Email is limited to Gmail. Yahoo, and Outlook online). It also has more functions than PassLok for Email.
On the password-filling side, FusionKey
- won't pop up and interrupt your flow; it is activated only when you click its icon on the browser toolbar
- won't force you to store anything secret, only user IDs and optional serials, if you allow it
- is always available, because it does not have to connect to "the Cloud"
- makes only strong passwords
- won't ask you for money
- won't show ads
By default, FusionKey synthesizes passwords on the fly rather than storing them, but you can also store a user-supplied password if you insist. In this case it is stored encrypted and it syncs with the browser without additional servers.
--State-of-the art security--
FusionKey is based on the NaCl encryption engine, which uses 255-bit standard elliptic curves vetted against weaknesses by experts. On top of that, it uses the 256-bit XSalsa20 symmetric cipher, a high-performance, open source algorithm, which has been scrutinized by experts for nearly a decade without any practical weaknesses being found.
The password-generating function is based on the WiseHash key-stretching algorithm, which evaluates the information entropy of your Master Key and subjects it to a variable number of rounds of SCRYPT key-stretching. The weaker the password, the more stretching. This forces would-be hackers to spend an inordinate amount of computer time testing weak passwords before they can get to yours. FusionKey displays an accurate measurement of your Master Password's entropy to help you come up with a strong one.
The image-encryption part of FusionKey, developed in-house but open-source, has recently been shown to be much harder to detect than F5, the champion steganography tool until now.
FusionKey does not use servers that might eventually compromise your private data. All encryption is done client-side. All data sent to the email server is encrypted, and they don't have the Key that decrypts it.
With FusionKey, you can actually SEE that that your messages have been encrypted. You can also see the code. FusionKey hides nothing from you.
FusionKey is now in public beta testing. To report any bugs or suggest improvements, please submit them as "Issues" at this GitHub page: