

Show HN: CryptoNote is an open source, encrypted, one time view message app - alainmeier
https://cryptonote.org/

======
daeken
Good on you for having a list of known weaknesses, but here's the one that
really makes this completely unsafe:

The server dictates what's run on the page, and thus can access the plaintext
data in any way it sees fit. The trust model is fundamentally broken in
client-side crypto of this nature.

Edit with two more thoughts: 1) Even if you trust the person running the
service, how much do you trust the other users (who may be using stored XSS to
compromise your data)? How much do you trust the hosting service behind it, if
there is one? 2) Am I the only one that finds it massively irresponsible to
not have a huge flashing "DO NOT TRUST THIS UNTIL IT'S BATTLE HARDENED" sign
over it? This goes for just about every project of this nature.

Edit with a final thought: Most of the time, we think in terms of "relative
goodness". A good car is better than a bad car, but a bad car is still better
than no car at all. This logic _completely breaks_ when it comes to crypto.
Simply put, bad crypto (and bad implementations) when released on the world
put lives at risk. This should be taken seriously.

It's one thing to build a project for learning (and please, please do!) but
cover every friggin' surface you can with disclaimers.

~~~
rmrfrmrf
If you're that paranoid, you shouldn't be using a hosted service at all. There
could be a guy right outside your house intercepting your cable line and
filtering all traffic to and from cryptonote.org and routing it to his own
instance of the app. That doesn't mean that cryptonote is responsible for that
happening.

~~~
uh_oh
No, he can't. Not without a valid SSL certificate for cryptonote.org. Sure,
there are problems with CAs, but it would nevertheless be very difficult to
obtain such a certificate.

~~~
mindcrime
_but it would nevertheless be very difficult to obtain such a certificate._

Not if you're the government. Just send the root CA a "National Security
Letter" and bob's yer uncle.

~~~
uh_oh
We were are talking about a random guy in front of the house, not the
government.

~~~
mindcrime
But the set of "random guys" who might appear in front of your house includes
potential government agents.

~~~
lmm
No, they're nonrandom. And more to the point, it's worth defending against
some threats even if you can't cover all.

------
alfg
This is neat, and the I really like the UI too.

I made something similar (except the one-time view part) not too long ago just
to experiment with storing the base64 encoded message into the URL. It also
has an option to add a key, which uses a javascript implementation of
blowfish.

[http://alfg.co/jot](http://alfg.co/jot)

[https://github.com/alfg/jot](https://github.com/alfg/jot)

Since the message is stored within the URL, there's no backend needed, though
that means the message needs to be short since most modern browsers can only
support up to about 2000 characters in the URL and the messages can generate a
long base64 string rather quickly.

~~~
alainmeier
I experimented with that too, but the character limitation was what made me go
server-side. Cool project though, works really well

------
jhorman
Looks useful. I am seeing though

message[pre_encryption]

with my unencrypted message in the POST data?

~~~
alainmeier
Good catch, I'll take that out right now thanks.

Edit: fixed. If anybody thinks of anything else, please let me know. This is
as much of a learning exercise as anything for me.

~~~
tptacek
This whole thread is like a textbook example of why people like me (breakers)
have itchy trigger fingers when it comes to people building cryptography
features.

I'm glad if this has been a good learning experience for you (may I suggest
another?†), but real secure systems aren't, to steal a phrase from Richard
Stallman, "debugged into existence": they start from a foundation of a secure,
well-considered design and are verified piece by piece as the system is
assembled.

† _[http://www.matasano.com/articles/crypto-
challenges](http://www.matasano.com/articles/crypto-challenges) _

~~~
alainmeier
I didn't know about those, they look very cool. Thanks for the link.

~~~
estsauver
(His company produced the challenges also, for what it's worth.)

------
manish_gill
Also see: [https://oneshar.es](https://oneshar.es)

I created a similar web application in Django as part of a College minor
project last year. Best part was implementing the AES algorithm ourselves. :D

~~~
tptacek
You felt comfortable implementing AES yourself?

~~~
manish_gill
For learning purpose, why not? Taught me a lot more about crypto than I would
have by simply reading about it. Of course, it wasn't meant for real-world
use. :)

~~~
manish_gill
> How comfortable did you feel with AES when you were done with the project?
> Could you try to put into a sentence or two what you (i) didn't know about
> using AES before you did the project, and (ii) knew at the end of the
> project?

Frankly, I didn't know much about AES (or encryption in general) before I
started working on the project. My only _direct_ encounter with encryption was
ROT13 in IRC channels. I felt that without doing at least some "difficult"
task myself, the application would be a lot more easy, and nothing new in it
for me to learn. So I read how AES works, and created a small implementation
myself.

Afterwards, I had a bit more understanding of all the moving parts of AES.
Gained a huge appreciation for the algorithm and security in general. Now that
I think about it, I guess you don't really have to implement it yourself in
order to understand it, but I did it anyway, because, well, I felt like it.

It was just a toy project tbh. I certainly don't consider myself an expert on
the algorithm, and will still trust tried and tested library implementations
over my own. But now I know what's going on under the hood.

~~~
tptacek
This is interesting. Thanks for playing along with me.

Can I ask another question? Now that you've implemented the algorithm, would
you feel more comfortable employing AES encryption on a future project, or
less comfortable?

~~~
manish_gill
Is your question specific to AES itself, or just my own implementation? If
it's the latter, I'm hesitant to say more comfortable. It's not something you
can just implement in a couple days from memory. There's always a chance
something might go wrong.

If you mean will I be more comfortable in using the _algorithm_ itself, then
definitely yes. At least for the moment. IIRC, there have been some partially
successful attacks against AES, but nothing that has managed to break it
fully.

------
deepdog
Why is the password stored in plain text "for now"? What is so hard about
running bcrypt or pbkdf2 against the password before storing it in the
database?

~~~
alainmeier
I was just getting this out as soon as possible. There's nothing hard about
it, I just wanted to put it out there and keep working on it.

------
ryandetzel
Just use vanish.io

~~~
alainmeier
There are a lot of single view self destruct sites, but I wanted to make a new
one because I wanted to let people host their own instead of relying on the
site provider.

