Closed szabodanika closed 1 year ago
I'm really looking forward to having e2e encrypted pastas, but I might suggest implementing it in such way that the key is encoded in the URL itself, that way it is 0 addition effort from the user and pastas are 100% secure and data are only between those that have the link
I really like the animal names approach as it is pretty easy to write and use everywhere. It would be really awesome if we could keep that awesome feature while being able to encrypt. Maybe using the “animal names” as an encryption key?
Currently there is no way to password protect your pastas. There should be a flag (e.g.
--enable-encryption
, since--private
is taken, or perhaps make the existingprivate
also enable password protection) that enables the end user to enter a password to encrypt their pasta using JS in the browser and send the encrypted data to MicroBin, then when MicroBin serves the encrypted data, it will prompt the user for a password and decrypt the content in the browser, again with JS. Ideally this should use no fancy libraries or anything, it must be as vanilla as possible, and security takes priority over speed when it comes to choosing algorithm.