Skip to content

anbud/ybin

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
css
css
 
 
fonts
fonts
 
 
js
js
 
 
lib
lib
 
 
README.md
README.md
 
 
index.php
index.php
 
 
robots.txt
robots.txt
 
 
save.php
save.php
 
 
support.js
support.js
 
 
worker.js
worker.js
 
 

Repository files navigation

ybin

Abstract

Everybody has a right to privacy. ybin has been created with a simple idea in mind. It’s a simple pastebin where users can paste anything privately with a simple to use, purely minimalistic user interface and no complicated options.

The service based on this code can be accessed here.

Basis

ybin is based on the work of wonderful developer(s) behind an open-source encrypted pastebin project called ZeroBin. Most of the encryption algorithms used on ybin are taken directly from ZeroBin without modifications.

Encryption

All data pasted through ybin is encrypted with AES256, which is borderline impossible to crack by bruteforcing. Check the following link to get a better idea. In short, exhausting half of the AES256 keyspace using resources we don’t yet have would take more time than the age of our beloved Universe.

Encryption is done solely on the client side, using an open-source sjcl JavaScript encryption library. When a paste is submitted, sjcl generates a random encryption key and encrypts pasted data with AES256 using that key. Then, it send the cipher to the server and redirects the paster to the paste page and appends the key to the URL, after the # symbol. Since everything is done on the client side, the data is only transmitted to the server in encrypted form (pure cipher), meaning both the original pasted data, and the generated key are completely private. The server only stores cipher data.

Example

Let's take a look at the following link: http://ybin.me/p/4eed1e530abe8348#aWImxYyjpqd62atEr1T9AP6rvHnO0vB1cvYvgifGmyM=.

First of all, you can see that the key is aWImxYyjpqd62atEr1T9AP6rvHnO0vB1cvYvgifGmyM=, extracted from the URL. When you visit the link, you'll see the following pasted data:

Hello to zx readers from ybin!

But, the only data on the server of this paste is this:

{"data":"{"iv":"WrwCmvLidI4XFuIegejGjg==","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"+0C2wdjPPDo=","ct":"kP6sLss/j08mmDbe36mpdhvXgxXm8ifspuL/T5RYGfu4qMzGW6Pce0DmP9CVQtcKiG6YLA=="}"}

Additional information

If you're interested in more details, including implemented privacy measures and safety information regarding the actual service, you can read it on my blog: http://zx.rs/7/ybin---paste-data-privately/

About

ybin - a private pastebin project.

Resources

Readme
Activity

Stars

18 stars

Watchers

2 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages