Consider getting referenced on the original pagecrypt project?

[titibandit]

I would suggest to try to make it so, that this tool is referenced on the original repo of Max Laumeister. I've actually "ported" Max's tool to nodejs, and wanted to contribute it back to his repo and publish the package to npm, and then only I noticed that the name was already taken. That's how I found out about your (way) more elaborate nodejs implementation of this tool. This would also gain this tool some visibility!

[Greenheart]

Hi! Thanks for the suggestion. I've actually got this planned to post in some previous projects and mention that the pagecrypt module is updated for 2021. I just want to make it have comparable features first so people can easily migrate 😃

Also, glad to hear you enjoy this version! Let me know if you have any further feedback - and welcome to submit your own PR:s to pagecrypt if you want to help make it better! 🌱

[Greenheart]

@titibandit Also, make sure to try out version 4.0.0 (to be released today) which includes major UX- and performance improvements.

It removes the use of <iframe> and instead uses document.write() to overwrite the entire page in the top-level document after successful decryption. This greatly improves performance, and also allows the encrypted apps and websites to get full access to all web API:s for the page.

It also show spinners for Loading... and Decrypting... which may take some time in slower environments or for larger payloads. But with the spinner we don't have to compromise on security (pagecrypt uses 200 000 k PBKDF2 derivations) compared to 100 or 1000 iterations used in two other popular tools. This is a massive security improvement btw.

It also uses sessionStorage to prevent password re-entry while the browser is open if you accidentally refresh the page.

All in all, this will be the largest update so far! Would love to get your feedback on it :smile:

[titibandit]

Okay, I'll try it as soon as you release it. It's true that the only thing I had to see till now about your implementation, is that the decryption was slower that the one from the original tool. But I guess this is solved with 4.0.0 :)

[Greenheart]

And 4.0.0 is done! ✨

It uses 200 000 iterations instead of 1000 or 100 like the other tools which is significantly stronger and harder to brute-force, so it takes longer time because of that. This could easily be changed though!

Maybe we should include an option to control the desired strength? For example we could add -i, --iterations [number] to the CLI and iterations option to the JS API. Look for the 2e6 that represents number of iterations in both index.js and decrypt.js

Feel free to try out the code and add a PR for this! :)

[titibandit]

Okay I've updated, and it's really cool, it really feels like an improvement over the original tool. The fact that you don't have to re-enter the password upon refresh is really cool. Thanks for the code!

[Greenheart]

@titibandit Thanks for the feedback! Glad you liked it :smile:

Btw I just fixed an issue that affected Chrome and Safari and released version 4.0.1.