We built something very similar a couple years ago except all encryption/decryption is done broswer side, so no keys are ever sent through our server. Also, it uses actual tweets as opposed to DM's.
Users need to verify the source code to cryptwit.com on every single page load to ensure that the "client side" code is not leaking the key/plaintext. There are many highly creative methods for leaking this information that would pass unnoticed through a quick code review. For this reason (amongst numerous others) the site is useless at best and harmful at worst (false sense of security for unsuspecting users).
dhx|14 years ago