

0bin: A Client-Side Encrypted Pastebin - bigjoecumbo
http://0bin.net/

======
rabidsnail
The problem with these is that even if the code is set to be cached forever,
there's no easy way for the user to verify that this is the case. How do you
defend against an attacker (say, the FBI) taking control of the servers and
causing them to serve javascript which sends the messages to themselves
unencrypted?

~~~
arkem
At the moment an attacker doesn't even need to take control of the servers
since all the code is sent without SSL so a MITM attack would be enough.

Edit: though of course if the javascript is never requested again it limits
the window of opportunity to man-in-the-middle.

~~~
sturmeh
This was on HN previously, but not at this domain, they said the key
generation and link formation was performed client-side, at no point does the
key get sent to the server.

You send the encrypted message to the server and the javascript serves the url
that combines the client side key and the servers uid for the paste.

See: <http://sebsauvage.net/paste/>

~~~
fatjokes
This should be a top-level comment.

------
tomlanyon
"Error Paste could not be saved. Please try again later."

Damn.

~~~
sametmax
Just fixed that. First day out, first bug out :-)

------
cnu
The short URL feature doesn't work. The short URL created is
<http://0bin.net/paste/undefined>

------
Aeons
Just a note, the 0 (zero) in the page logo/title is (or looks a lot like) the
Scandinavian letter Ø, which is in no way related to the number 0.

------
mxxx
nice idea though.

