Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/franciscop/secretdiary

Script to create and store secret entries.
https://github.com/franciscop/secretdiary

Last synced: 13 days ago
JSON representation

Script to create and store secret entries.

Host: GitHub
URL: https://github.com/franciscop/secretdiary
Owner: franciscop
Created: 2013-02-12T00:51:44.000Z (almost 12 years ago)
Default Branch: master
Last Pushed: 2013-09-21T06:33:41.000Z (about 11 years ago)
Last Synced: 2024-04-23T13:43:35.976Z (7 months ago)
Language: PHP
Homepage:
Size: 176 KB
Stars: 0
Watchers: 4
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

Secret Diary
============

Introduction

You are innocent until proven guilty. Based on this, you deserve privacy in your communications, not to be under surveillance constantly by governments and corporations.

This is a small project on cryptography I have developed just for fun. While I did my best, it might have some bugs. Please feel free to hunt them down and point them out, the code is Open Source and can be found on Github.

For clarity on this page, a secret is the message to be hidden, a door is the entry point for it where we ask for your key, a password. A door has the following format: http://secretdiary.org/ID/ , where the ID is the file id which is stored in the database.

IMPORTANT: The site is not complete, we still do not provide https nor have a certificate.
How does this page work?
Overview

To store the text, we use the password to encrypt the message and save it in the database. After storing the encrypted text and providing you with a link to it, the password is permanently deleted.

To retrieve the text, you enter the link provided and the password. We retrieve the encrypted text for the link you provided and attempt to decrypt it.

Detailed description of the process: Encryption.

You write and submit your text.

The filename and password are autogenerated as hashes (sha1) of strings generated randomly (8 alphanumeric characters) if they are not set by you.

The message is encrypted using MCRYPT_RIJNDAEL_256, the most secure symmetric encryption algorythm.

The encrypted text and filename are stored in the database while the password is not.

The link for the message is shown but the password is only shown if this was autogenerated. When you navigate away from this page, the password is gone for good.

Detailed description of the process: Decryption.

Relevant: Are https URLs encrypted?
Tipical uses

Bob and Alice
Frequently asked questions

Q: I forgot my password/key, can I recover it?

A: We are sorry to hear that, but you cannot recover it. We simply don't have the means to do so. If we did, we could read your messages.

Q: Can anyone without the key but with the link to my secret message read it?

A: No. All the data is kept encrypted and the key is required for decrypting it. The data stored in the database is nothign but a bunch of random numbers with little to no value for anyone that doesn't hold the key used originally to encrypt it.

Q: Will you hand over my encrypted message to the authorities if a search warrant is issued?

A: Yes. We will abide by the law. This page does not support any illegal act, so we will both hand the encrypted data and delete it from the database if a court order is emited to do so. However, this is useless data to anyone unless you chose a short, simple password or they have had access to it (e.g. you stored it in your hard drive and they have also a search warrant for it).

Q: Can YOU read my message?

A: No. Read the precedent answer for more information.

Q: Can I use plausible deniability in this site somehow?

A: Actually yes. See the howto for more information about how to accomplish this.
Terms and Conditions

You must not use this page to do anything illegal.