undefined | Better HN

0 pointsJeaye9y ago0 comments

> Your content is being sent to the server encrypted, but it gives you a URL which decrypts it on demand. TLS already does this, right?

No, since TLS doesn't have anything to do with the original content being encrypted, such that the server can't read it. safepaste should combine TLS with this client-side encryption/decryption (as the hosted version does).

> Relying on this is a very bad idea...

Considering it's FLOSS, I don't think any of those points are valid. I agree that, for it to be more trusted, it should be self-hosted. So, self-host it! Verify it's not logging! Verify the "burn after reading" does the deletion! If you care at all about security, and hosting a secure service, that's going to be essential anyway.

Boiling down the FLOSS project to its provided hosted version is quite missing the point.

> If the website can spit out out a URL that you're then able to view your unencrypted data in, that website is no more secure than pastebin.com.

Given that the encryption/decryption happens entirely on the client side, this simply does not apply. The server knows the paste id, not the secret key. That's kind of the whole point. :)

- Edited for clarification

0 comments

3 comments · 1 top-level

sillysaurus39y ago· 2 in thread

The server gives you a URL like https://safepaste.org/10dab736#595f4642d2fbcf14a235a9de40a37.... When you load it, the end result is that you're viewing your decrypted data. That means the server can also load the URL (which it generated for you originally, and therefore knows) and decrypt the data. What am I missing?

This isn't valid. The fact is, this service isn't self-hosted and is encouraging people to use the non-self-hosted version. There is no guarantee that the code running on the server is identical to the github repo.

JeayeOP9y ago

> What am I missing?

The key part; the secret key is never sent to the server. http://stackoverflow.com/questions/14462218/is-the-url-fragm...

This was explained in safepaste's about page:

-- The hash section of the URL, after the #, is never sent to the server; it's used only by the browser and safepaste takes advantage of that to store the secret key. --

Thus, the server cannot know the contents of the paste, since all encrypting/decrypting is done client-side. It's just a blob store for encrypted data.

> There is no guarantee that the code running on the server is identical to the github repo.

Agreed. That's why the whole paragraph you just quoted said you should run your own copy and verify it does what you want. That doesn't mean you should run your own for everyone else, it means you should run your own for you and those who trust you.

sillysaurus39y ago

Ah, thanks for clarifying. I retract my comments.

j / k navigate · click thread line to collapse