this post was submitted on 27 Jan 2025
57 points (95.2% liked)
Privacy
671 readers
249 users here now
Protect your privacy in the digital world
Welcome! This is a community for all those who are interested in protecting their privacy.
Rules
~PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!~
- Be nice, civil and no bigotry/prejudice.
- No tankies/alt-right fascists. The former can be tolerated but the latter are banned.
- Stay on topic.
- Don't promote proprietary software.
- No crypto, blockchain, etc.
- No Xitter links. (only allowed when can't fact check any other way, use xcancel)
- If you post news exclusive to a country please name it. ~(This isn't a bannable rule, just a recommendation!)~
- If in doubt, read rule 1
Related communities:
- !opensource@programming.dev
- !selfhosting@slrpnk.net / !selfhosted@lemmy.world
- !piracy@lemmy.dbzer0.com
founded 3 months ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Interesting!
How do I decrypt the data when I download my friends holiday photos he shared with me?
How big can they be, can I share my favourite Judas Priest album with my niece?
This is not a criticism, but was there some specific reason for using GCM?
Good work!
As stated at the beginning of the post, it's not mine, feel free to share your concerns on the author's Github: https://github.com/osbytes/crypt.fyi/issues !
Oh sorry for that!
Mebbe get the person over here :-)
Tried already: https://reddit.com/comments/1iarxev/comment/m9f5zmq
Cool, smart move!
I hope he does, I have my own secure sharing protocol so it would be wonderful to discuss a bit!
They're decrypted automatically in your browser via the
keyin the URL and additionally a password (assuming one was set when created). Both thekeyand password are used to encrypt the contents so the key alone is not sufficient to decrypt the contents. Regardless, it happens automatically entirely in your browser without ever sending the key or password to the API server.I have the limit set to ~500kb right now. That's after encrypting the contents. How large is your favorite Judas Priest album? Maybe I can uptick to accommodate it haha.
Given the different tradeoffs on performance, security, and implementation complexity, GCM seemed like a reasonable choice. I'm making sure to use the OWASP recommended PBKDF iterations 1 2. I'm also looking into post-quantum options recommended by NIST 1.
Edit: Hi & welcome! Nice to come by and discuss these kind of things!
How is the key circulated? Over RSA or something? Or do you have to send the link+key somehow to the recipient?
Yeah GCM is nice with the inbuilt authentication. AES 256 I guess?
NIST is aaaabout to chose an algo, right? I dug deep down in all that quantum stuff like a year ago, but it didn't seem like they'd chosen Rivests algo just yet ^^
BTW is the GCM adding a lot of space? I'm on AES CTR (which just aligns to the block size) + RSA for authentication.
The key is transmitted in a URL query parameter. I'm planning to optionally have it transmitted separately from the URL but ultimately, the decryption key would be transmitted via otherwise insecure / normal means. This is where the understandable and healthy critique around the security/privacy of the tool stems. I shared with another user that this tool is an incremental step in the direction of more secure and ephemeral transmission of data with convenience and accessibility as a core tenant of the tools existence. Yup it is AES 256 and I believe NIST has finalized post-quantum recommendations. I'll likely be using ML-KEM which increases the resulting data size considerably but is also considerably faster.
Thanks for the explanation!
Yeah, you could let the user encrypt the sensitive data with "your" public key for example (or use ssh I guess). For sharing keys, that's more complicated of course, especially if the person that is going to get the key doesn't know it will get the key beforehand (or the key can be encrypted with their shared public key).