Tygs / 0bin

Client side encrypted pastebin
https://0bin.net
Do What The F*ck You Want To Public License
1.38k stars 198 forks source link

How to use an encrypted pastebin? #129

Closed ExcaliburPrime1996 closed 4 years ago

ExcaliburPrime1996 commented 4 years ago

How to use or open an encrypted pastebin?

ook commented 4 years ago

Hum, I guess you ask for "proper" or "safe" use of 0bin?

So, imagine you create an encrypted content: https://paste.ookook.fr/paste/DuYi7ymM#BLKX+rhSCWlbtU4G3uJagP24ytcQhBK38F3160yJ3fy It seems "clear" for you. But look at the full url: see the # in it then the string? It's the key needed to decrypt the message.

If someone "bruteforce" the server, it can eventually found the crypted version: https://paste.ookook.fr/paste/DuYi7ymM But without the key, the message won't be readable. Just try something like: https://paste.ookook.fr/paste/DuYi7ymM#N0tTh3c0rr3ctK3y the page tell it's probably the wrong key. Brute forcing is still possible… but will take years, decades. Does the message deserve it? The attacker doesn't know it.

A usage

you can send the link with the key (as the first link) on a secured channel to the recipient, directly.

Another one

you can send the link w/o the key where you want, and the key on another (hopefully secured channel so it can get it clear.

HTH.