Download - Laverna vs etherpad
![Page 1: Laverna vs etherpad](https://reader035.vdocuments.us/reader035/viewer/2022062514/55b29af3bb61eb45218b4623/html5/thumbnails/1.jpg)
LavernaA tangential explanation of Laverna
![Page 2: Laverna vs etherpad](https://reader035.vdocuments.us/reader035/viewer/2022062514/55b29af3bb61eb45218b4623/html5/thumbnails/2.jpg)
You are Here Laverna
Markdown
Crypto Pbkdf2Unnecesssary Visualization
PBKDF2 For Blue
Synchronization RemoteStorage.io
Markdown.md
Installation
Conclusions
Remotestorage.0wn.su
![Page 3: Laverna vs etherpad](https://reader035.vdocuments.us/reader035/viewer/2022062514/55b29af3bb61eb45218b4623/html5/thumbnails/3.jpg)
What are these words
• Laverna and Etherpad are note taking services• I won’t talk about Etherpad because• Self-hosted alternatives to cloud apps like Evernote• Security and encryption are the focus here
![Page 4: Laverna vs etherpad](https://reader035.vdocuments.us/reader035/viewer/2022062514/55b29af3bb61eb45218b4623/html5/thumbnails/4.jpg)
Laverna
• Node.js based local web page• HTML + JavaScript = no server required• Information is stored in the client you’re using• Encryptomagic• Remote storage options:
• RemoteStorage.io (self-hosted)• Dropbox
• Installation:• git clone [email protected]/laverna-static• Done
![Page 5: Laverna vs etherpad](https://reader035.vdocuments.us/reader035/viewer/2022062514/55b29af3bb61eb45218b4623/html5/thumbnails/5.jpg)
Markdown
![Page 6: Laverna vs etherpad](https://reader035.vdocuments.us/reader035/viewer/2022062514/55b29af3bb61eb45218b4623/html5/thumbnails/6.jpg)
Why?
• Easy to convert into:• HTML• LaTeX• PDF• RTF…
• Who supports MD?• Github (GFM)• Notepad++• SublimeText• Everything on the Internet
![Page 8: Laverna vs etherpad](https://reader035.vdocuments.us/reader035/viewer/2022062514/55b29af3bb61eb45218b4623/html5/thumbnails/8.jpg)
Encryption
• All encryption happens client side (there is no server)• PBKDF2• Manually entered salt (random)• Manually entered password• Can adjust iterations (1000 default)• AES 128 or 256
• Generated ciphers are stored in the browser local storage
![Page 9: Laverna vs etherpad](https://reader035.vdocuments.us/reader035/viewer/2022062514/55b29af3bb61eb45218b4623/html5/thumbnails/9.jpg)
Crypto/Sync JSON
• {"id":"0cc9da4f-a47f-c9fd-e1ba-55cb0ddb14e7",
• "title":"{\• "iv\":\"uSrC4YzSxgvjueOBn+kb3A==\",\
“• v\":1,\“• iter\":\"1000\",\“• ks\":128,\“• ts\":64,\“• mode\":\"ccm\",\"adata\":\"\",\“• cipher\":\"aes\",\“• salt\":\"ZwuH03ajWY0=\",\“• ct\":\"WvpHRh50YbhdGeWFORR5b1xUu
iRb
• UID of the app
• This is the title of my note• This is the IV for the note• Supports versioning of your note• PDKDF2 iterations• Key size is 128• Something else size is 64• Mode is CCM stream cipher• AES• Salt that you set• The cipher text of the title itself
![Page 10: Laverna vs etherpad](https://reader035.vdocuments.us/reader035/viewer/2022062514/55b29af3bb61eb45218b4623/html5/thumbnails/10.jpg)
• DK = Derived Key• PRF = HMAC - pseudorandom function like HMAC-
SHA256• c = Salt
DK = PBKDF2(PRF, P, Salt, c, dkLen)
![Page 11: Laverna vs etherpad](https://reader035.vdocuments.us/reader035/viewer/2022062514/55b29af3bb61eb45218b4623/html5/thumbnails/11.jpg)
DK = PBKDF2(PRF, P, Salt, c, dkLen)
Password
Salt
HMAC-SHAHMAC-SHA
HMAC-SHAHMAC-SHA
HMAC-SHAHMAC-SHA
HMAC-SHAHMAC-SHA
HMAC-SHAHMAC-SHA
HMAC-SHAHMAC-SHA
HMAC-SHA
Derived Key
![Page 12: Laverna vs etherpad](https://reader035.vdocuments.us/reader035/viewer/2022062514/55b29af3bb61eb45218b4623/html5/thumbnails/12.jpg)
What this defends against
“monkey”
Salt
HMAC-SHAHMAC-SHA
HMAC-SHAHMAC-SHA
HMAC-SHAHMAC-SHA
HMAC-SHAHMAC-SHA
HMAC-SHAHMAC-SHA
HMAC-SHAHMAC-SHA
HMAC-SHA
Different Derived key
![Page 13: Laverna vs etherpad](https://reader035.vdocuments.us/reader035/viewer/2022062514/55b29af3bb61eb45218b4623/html5/thumbnails/13.jpg)
JustBlue Takeaway
* This is from the Internet. Based on font, this is probably way off now
![Page 14: Laverna vs etherpad](https://reader035.vdocuments.us/reader035/viewer/2022062514/55b29af3bb61eb45218b4623/html5/thumbnails/14.jpg)
Laverna Crypto
• PBKDF2• Server never knows your key• Server never knows your keys• Fuck the cloud
• Client side Crypto
![Page 15: Laverna vs etherpad](https://reader035.vdocuments.us/reader035/viewer/2022062514/55b29af3bb61eb45218b4623/html5/thumbnails/15.jpg)
Javascript Based Crypto
• Not a big deal - it’ll be fine, what could go wrong• Relying on client side crypto with a
server authenticator• Relying on client side crypto to
protect client side information
Well Actuall
y
![Page 16: Laverna vs etherpad](https://reader035.vdocuments.us/reader035/viewer/2022062514/55b29af3bb61eb45218b4623/html5/thumbnails/16.jpg)
Back to Laverna
![Page 17: Laverna vs etherpad](https://reader035.vdocuments.us/reader035/viewer/2022062514/55b29af3bb61eb45218b4623/html5/thumbnails/17.jpg)
Syncing
• Supports Dropbox
![Page 18: Laverna vs etherpad](https://reader035.vdocuments.us/reader035/viewer/2022062514/55b29af3bb61eb45218b4623/html5/thumbnails/18.jpg)
Syncing
• Support RemoteStorage.io• Self-hosted remote storage similar to dropbox
![Page 19: Laverna vs etherpad](https://reader035.vdocuments.us/reader035/viewer/2022062514/55b29af3bb61eb45218b4623/html5/thumbnails/19.jpg)
Laverna Installation
• Clone repository:git clone [email protected]:Laverna/laverna.git• Switch to stable versiongit checkout 0.5.0• Install dependencies:npm install && bower install• Build minified version:grunt build• Build Dependencies: node.js, bower, grunt.
![Page 20: Laverna vs etherpad](https://reader035.vdocuments.us/reader035/viewer/2022062514/55b29af3bb61eb45218b4623/html5/thumbnails/20.jpg)
Operating Environment
• Can host on any web server because crypto is on the client• Does not require PHP or programming environment• If remotely hosted, should be done over HTTPS• Github provides easy hosting over https for free• Can also run on your own computer
![Page 21: Laverna vs etherpad](https://reader035.vdocuments.us/reader035/viewer/2022062514/55b29af3bb61eb45218b4623/html5/thumbnails/21.jpg)
Wait have I done a demo yet?
https://laverna.cc/index.html#notes
![Page 22: Laverna vs etherpad](https://reader035.vdocuments.us/reader035/viewer/2022062514/55b29af3bb61eb45218b4623/html5/thumbnails/22.jpg)
Here’s a diagram of something
Laverna Etherpad Evernote
License GPL GPL No
Storage RemoteStorage, Dropbox
None Sync with evernote
Encryption PBKDF2 (AES) None (SSL with plugin)
SSL + magic?
Software JavaScript: Node.js, bower, grunt
JavaScript
Collaboration Not Realtime Yes Supports sharing
Subfolders Infinite None Only 1 subfolder allowed
Stored Format Json Export supports PDF, Word, and many other formats
![Page 23: Laverna vs etherpad](https://reader035.vdocuments.us/reader035/viewer/2022062514/55b29af3bb61eb45218b4623/html5/thumbnails/23.jpg)
Conclusion
• Fuck the cloud• Use laverna• Use markdown• Use PBKDF2• Use RemoteStorage.io (remotestorage.0wn.su?)
![Page 24: Laverna vs etherpad](https://reader035.vdocuments.us/reader035/viewer/2022062514/55b29af3bb61eb45218b4623/html5/thumbnails/24.jpg)