search

Upload / Up1

Client-side encrypted image host web server
MIT License
810 stars 98 forks source link

Content Id and the Key #50

Closed xeverse closed 8 years ago

xeverse commented 8 years ago

What part of the uri is content identifier and which is the key? http://uploadereqo2cmg7.onion/#f3qY8nEX81J1tmMKFzpeyQ

ultramancool commented 8 years ago

The part after the # is both. Rather, SHA512 is used on that random string to produce a 128 bit IV, 256 bit key and 128 bit random identifier. On Feb 16, 2016 12:25 PM, "xeverse" notifications@github.com wrote:

What part of the uri is content identifier and which is the key? http://uploadereqo2cmg7.onion/#f3qY8nEX81J1tmMKFzpeyQ

— Reply to this email directly or view it on GitHub https://github.com/Upload/Up1/issues/50.

xeverse commented 8 years ago

Ahh ok, thanks. So only 128 bit identifier gets sent to the server side by the js. Correct?

ultramancool commented 8 years ago

yes, that's correct. Key and IV are kept entirely on the client side and never sent to the server. On Feb 16, 2016 12:39 PM, "xeverse" notifications@github.com wrote:

Ahh ok, thanks. So only 128 bit identifier gets sent to the server side by the js. Correct?

— Reply to this email directly or view it on GitHub https://github.com/Upload/Up1/issues/50#issuecomment-184792658.

xeverse commented 8 years ago

I miss super cool https://github.com/imgbi. Been down for quite some time. So i just want to be sure that both apps are equally secure. The implementation looks similar a least. Minus time expire secure deletion thing. Transparency idea is cool as well.