

Paste.sh - client-side encrypted pastebin - dgl
https://paste.sh

======
bblax
The authorization cookie has neither the secure flag or http flag set.

i.e. If you could get the client to redirect to
[http://paste.sh](http://paste.sh) it would send the full auth cookie in the
(now unencrypted) headers. (Man-in-the-middle can then use the cookie.)

Edit: For anyone checking, the cookie is only set upon the first edit.

~~~
dgl
Thanks, I'd meant to set Strict-Transport-Security to solve that, now done.

------
brasetvik
See also: [http://www.matasano.com/articles/javascript-
cryptography/](http://www.matasano.com/articles/javascript-cryptography/)

~~~
dgl
I linked to that from [https://paste.sh/about](https://paste.sh/about) \--
creating pastes only works on browsers with crypto.getRandomValues (or with
the command line client).

Okay, there are still issues with the JS environment but this does eliminate
one of the worst issues IMO

~~~
tptacek
The worst issue with JS cryptography is that it's almost always pointless, as
it is here. Your users can't trust that you'll protect their secrets, because
any coercive adversary who would ordinarily operate by copying those secrets
off the server directly will instead simply force you to host a backdoor that
breaks the crypto.

That's the worst problem with JS crypto, but we haven't enumerated all of the
problems on this thread, nor does my (old) post on our website do so either.

~~~
tokenizerrr
It's open source and can be self hosted. With proper SSL would you still
consider it pointless in that case?

~~~
tptacek
Yes.

------
D9u
[https://paste.sh/v03bdePB#O9LNWj3DJ2SKDKD2B8tdR0Oc](https://paste.sh/v03bdePB#O9LNWj3DJ2SKDKD2B8tdR0Oc)

------
legion050
looks alot like [https://ezcrypt.it/](https://ezcrypt.it/) though I do like
options..

------
cryptocatsyndro
so that is pasting the key within the url? so when you contact a page anyone
sniffing the net knows the key? are you serious?

~~~
dgl
Did you read the about section?

The fragment is never sent to the server.

~~~
cryptocatsyndro
you are right, this falls back in "normal" crypto-as-js security
considerations.

