This is a brief description of the data security architecture at ThreeTags. If you have questions or concerns, please feel free to post them below.
When a user registers with ThreeTags, he/she creates a username and a password. The password is never transmitted to the server; instead, it is combined with a unique ‘salt’ string and then encrypted in the browser using SHA-1 hashing algorithm. It is this ‘password hash’ that, with the username, is used to identify the user.
User data encryption
Upon successful user authentication, a 256-bit encryption key is created on the client using PBKDF2 key derivation technique. Because ThreeTags server has access only to hashed passwords, and encryption keys are generated using passwords themselves (with unique salts), it is impossible for us to guess user encryption keys.
All user data is then encrypted/decrypted in the browser using AES-256 encryption algorithm, and is transmitted over the Internet and stored on ThreeTags servers in this encrypted state.
This is how a typical request looks like:
Why not just use SSL?
Many web sites use SSL as a mechanism to protect user data. However, this method is supposed to protect only the communication step of the puzzle (and often it is not doing the job well with man-in-the-middle TLS/SSL vulnerabilities); user data is still accessible on the server side to read and interpret. ThreeTags is unique in that even with full access to user data on the server no one can see it unencrypted.
If you really want to use SSL, you can use this URL: https://threetags.appspot.com.
Unfortunately, the most popular web browser, Microsoft Internet Explorer, is also the slowest in aspects that matter most to us. While Firefox and Chrome encrypt/decrypt a 100KB note in 3-10 seconds, depending on your computer configuration and load, Microsoft Internet Explorer can spend several minutes doing the same operation. Thus we recommend Mozilla Firefox or Google Chrome for better user experience.
No information storage/management system is 100% secure. In any online communication, there are four general points of vulnerability: the client computer can be compromised, the server side (web site) can be breached or untrustworthy, and the medium used to transfer data (the Internet) is relatively easy for eavesdroppers to exploit. The fourth vulnerability point in the user him/herself: using pet names as passwords, and writing passwords on post-it notes for everyone to see, are venerable and sad traditions, for example.
ThreeTags is designed to make the communication step and the server side more secure. We also chose to use Google AppEngine as our infrastructure provider, as no other company has more to lose in case of an online security breach.
Security of the client computer is the responsibility of the user.