Clipperz online password manager has security foundations that are made of well known cryptographic algorithms: SRP, AES, SHA2, ECC and Fortuna. The strength of these crypto primitives cannot be questioned (at least, not with us!), but our Javascript implementations and Clipperz’s software architecture could present security flaws. This page explains how to conduct a review of Clipperz code.

Downloading the code

Clipperz is a quite unique and complex web application. The Javascript code does everything, from drawing the interface to execute the encryption routines.

Clipperz include portions of code from few third party libraries, such as: MochiKit, YUI and Ext to allows smoother and quicker coding.

In order to save downloading time and memory space the original Clipperz code is compressed into a large single file using Dojo ShrinkSafe.

This file is quite difficult, almost impossible to work with: spaces and comments have been removed, variables have been renamed. To make life easier to our code reviewers, we maintain a zipped folder with the source files in their original form and instructions on how to use them. Just click on the link below to download it to your hard disk.

• Download Clipperz code!

This folder always contains the latest version, i.e. the code behind the application that is presently running on our servers. An archive with older versions is also available.

For any further information, please post a message to the Clipperz Forum.
Any question or suggestion is welcome!