Service destructing encrypted messages, notes

in #secur6 years ago (edited)

Secserv.me

There is a function of group chat, as well as a nice section with video manuals. Missing Google Analytics and Yandex-Metrikana Secserv.me. HTTPS connection with AES-256 and RSA 2048-bit encryption. Any file types up to 7 MB with data encryption capability are supported.

There is no decryption of the key on the server, you cannot reopen the message URL. Possibility of additional protection by passphrase. The key is created from random browser data + your passphrase + unique random data using the algorithm Fortuna PRNG.

After reading the message the link starts to lead to the randomnomu image-it is the only thing that can be seen after "use " links. But the main osobennostsecserv. Me is that the encryption of the message using the AES-256 algorithm is performed in the browser before sending the anonymous text to the server.

The first part of the URL is a unique identifier of the encrypted message and is sent to the server, the second part is the decryption key (starts after the # symbol). Therefore, the key is not sent to the server, so the server cannot decrypt the message and view its contents.