top | item 4000774

0bin: A Client-Side Encrypted Pastebin

17 points| bigjoecumbo | 14 years ago |0bin.net | reply

11 comments

[+] rabidsnail|14 years ago|reply

The problem with these is that even if the code is set to be cached forever, there's no easy way for the user to verify that this is the case. How do you defend against an attacker (say, the FBI) taking control of the servers and causing them to serve javascript which sends the messages to themselves unencrypted?

[+] arkem|14 years ago|reply

At the moment an attacker doesn't even need to take control of the servers since all the code is sent without SSL so a MITM attack would be enough.

Edit: though of course if the javascript is never requested again it limits the window of opportunity to man-in-the-middle.

[+] sametmax|14 years ago|reply

You don't. That's not the purpose.

0bin is not made to prevent the user from being buster. 0bin is made so that it's difficult to sue the host for hosting hot content since he can claim he can't moderate it.

[+] tomlanyon|14 years ago|reply

"Error Paste could not be saved. Please try again later."

Damn.

[+] sametmax|14 years ago|reply

Just fixed that. First day out, first bug out :-)

[+] cnu|14 years ago|reply

The short URL feature doesn't work. The short URL created is http://0bin.net/paste/undefined

[+] Aeons|14 years ago|reply

Just a note, the 0 (zero) in the page logo/title is (or looks a lot like) the Scandinavian letter Ø, which is in no way related to the number 0.

[+] mxxx|14 years ago|reply

nice idea though.