A place to easily publish encrypted messages on the web


#1

[Read the post]


#2

Thanks! Great find.


#3

Why wouldn’t you encrypt it yourself and then host it on pastebin? Seems like they’re asking for a lot of trust, at a time when more and more trusted parties are turning out to be quite untrustworthy.


#4

This is basically no different from any of the many forms online that let you paste in some text and a key, hit “encrypt,” get back the encrypted text, and then allow you to decrypt it.

The only difference is that it puts the encrypted text itself in the form of a url, and will render HTML for you.

It’s cute as a demo project, but no more useful than one of those forms.

It doesn’t really let you “publish” the messages as no hosting is involved. You still have to pass around the entire encrypted message yourself, by emailing it to someone, or pasting it on an site that actually lets you publish stuff (pastebin etc).


#5

No, it posts it to a URL on the internet. Hosting is involved – you just don’t have to get one yourself.

Though it is putting the whole encrypted thing in a URL, which I guess is cheating?


#6

No it doesn’t. All the information is contained directly in the hash portion of the URL.

Here are three unencrypted pages I created. Can you guess which one has the least content and which one has the most?

http://xqt2.com/p/e/everything.html#BISwBASg9gRkA

http://xqt2.com/p/e/everything.html#BISwBASg9gRgUKSsHmvRaVPa5G+47Zab5GmEkHFlXnUU2W0vNtMeNcM-190CgA

http://xqt2.com/p/e/everything.html#BISwBASg9gRgUKSsHmvRaVPa5G+47Zab5GmEkHFlXnUU2W0vNtMeNcM-190DWnXoPbd+Q8aOESxIyfLmyZ0qQuVqlqxSvXaNOzbq17TJ88ctHrh2wfv7HZq3acWbD5x7cvP7114B-n6+Pt6BIeHBYUGhETGRsVFx0fFpqRkpWck5SXZAA

It’s simply calling LZString.compressToEncodedURIComponent("Hi Rob") and sticking the result in the hash of the url. If you chose to encrypt, it’s calling mjsCrypt.encryptUint8Array(string) first.

When you go to the url, you’re just going to the same page each time, and the JS code there simply reads the window.loaction.hash and uncompresses it.

You’re passing around the message itself in the url. Nothing is being stored. Look at the network tab if you are unsure.

Edit: Here’s an example I made in two minutes, that “publishes” either encrypted or unencrypted messages (“encryption” done using window.btoa):
http://bl.ocks.org/anonymous/raw/5c1cddd00edec16e7cc8dde01b246daf/#Hi_Rob
http://bl.ocks.org/anonymous/raw/5c1cddd00edec16e7cc8dde01b246daf/#SGkgUm9iIQ==


#7

This topic was automatically closed after 5 days. New replies are no longer allowed.