A place to easily publish encrypted messages on the web

beschizza · June 16, 2016, 2:24pm

thaumatechnicia · June 16, 2016, 2:30pm

Thanks! Great find.

Boundegar · June 16, 2016, 3:27pm

Why wouldn’t you encrypt it yourself and then host it on pastebin? Seems like they’re asking for a lot of trust, at a time when more and more trusted parties are turning out to be quite untrustworthy.

SamSam · June 16, 2016, 5:13pm

This is basically no different from any of the many forms online that let you paste in some text and a key, hit “encrypt,” get back the encrypted text, and then allow you to decrypt it.

The only difference is that it puts the encrypted text itself in the form of a url, and will render HTML for you.

It’s cute as a demo project, but no more useful than one of those forms.

It doesn’t really let you “publish” the messages as no hosting is involved. You still have to pass around the entire encrypted message yourself, by emailing it to someone, or pasting it on an site that actually lets you publish stuff (pastebin etc).

beschizza · June 16, 2016, 5:48pm

No, it posts it to a URL on the internet. Hosting is involved – you just don’t have to get one yourself.

Though it is putting the whole encrypted thing in a URL, which I guess is cheating?

SamSam · June 16, 2016, 6:34pm

No it doesn’t. All the information is contained directly in the hash portion of the URL.

Here are three unencrypted pages I created. Can you guess which one has the least content and which one has the most?

http://xqt2.com/p/e/everything.html#BISwBASg9gRkA

http://xqt2.com/p/e/everything.html#BISwBASg9gRgUKSsHmvRaVPa5G+47Zab5GmEkHFlXnUU2W0vNtMeNcM-190CgA

http://xqt2.com/p/e/everything.html#BISwBASg9gRgUKSsHmvRaVPa5G+47Zab5GmEkHFlXnUU2W0vNtMeNcM-190DWnXoPbd+Q8aOESxIyfLmyZ0qQuVqlqxSvXaNOzbq17TJ88ctHrh2wfv7HZq3acWbD5x7cvP7114B-n6+Pt6BIeHBYUGhETGRsVFx0fFpqRkpWck5SXZAA

It’s simply calling LZString.compressToEncodedURIComponent("Hi Rob") and sticking the result in the hash of the url. If you chose to encrypt, it’s calling mjsCrypt.encryptUint8Array(string) first.

When you go to the url, you’re just going to the same page each time, and the JS code there simply reads the window.loaction.hash and uncompresses it.

You’re passing around the message itself in the url. Nothing is being stored. Look at the network tab if you are unsure.

Edit: Here’s an example I made in two minutes, that “publishes” either encrypted or unencrypted messages (“encryption” done using window.btoa):
http://bl.ocks.org/anonymous/raw/5c1cddd00edec16e7cc8dde01b246daf/#Hi_Rob
http://bl.ocks.org/anonymous/raw/5c1cddd00edec16e7cc8dde01b246daf/#SGkgUm9iIQ==

beschizza · June 21, 2016, 2:24pm

This topic was automatically closed after 5 days. New replies are no longer allowed.

Topic		Replies	Views
Google's end-to-end email encryption moves to Github boing	5	1744	December 22, 2014
Report: NSA slices through most 'net encryption, according to 'Bullrun' documents leaked by Snowden boing	37	4547	September 10, 2013
Lavabit Redux? links	5	982	February 18, 2017
What steps, if any, have you taken to protect your privacy online, since the PRISM scandal?	15	1720	February 18, 2017
Cryptpad: a free/open, end-to-end encrypted, zero-knowledge shared text editor boing	7	1731	October 1, 2016

A place to easily publish encrypted messages on the web

Related Topics