undefined | Better HN

0 pointsEwanToo7y ago0 comments

The url effectively contains the decryption key, so the web server could be set to capture the urls and decrypt files.

If you want, you can also set a passphrase on the file to share via another channel

0 comments

That's why the key is in the hash part of the URL; the server can't access that (unless it also sends client Javascript that parses it and sends it back to the server, but that could be detected).

SamuelAdams7y ago

What if I'm on a network I don't trust? Is the only option to set a passphrase? More importantly, the UI doesn't call this out explicitly, so uninformed users may think it's "secure enough" without a passphrase.

fzzzy7y ago

The browser will never send the key across the network by itself because it is in the fragment. Of course, you have to get the url with the fragment off your computer and to the intended recipient, so a MITM of this communication could intercept and download the file before the intended recipient. The intended recipient would know that this has happened, though, as the link will then be expired (assuming it was set to 1 download); if this is a fear, I would suggest adding a passphrase and sending the passphrase out of band, for example over a voice call.

e12e7y ago

The anchor hash/fragment (#hello) isn't sent over the network.

https://tools.ietf.org/html/rfc3986#section-3.5

"(...) the fragment identifier is not used in the scheme-specific processing of a URI; instead, the fragment identifier is separated from the rest of the URI prior to a dereference, and thus the identifying information within the fragment itself is dereferenced solely by the user agent, regardless of the URI scheme."

Ed: as for an untrusted network, tls should be able to secure that. Except if the network owner can insist on/enforce a tls stripping mitm/proxy.

SamuelAdams7y ago

> The url effectively contains the decryption key, so the web server could be set to capture the urls and decrypt files.

If that's the case, I think setting a passphrase should be mandatory. Proxy servers are extremely common at every workplace. Since they probably log all requests, they will capture all keys in the URL.

fzzzy7y ago

The key is in the fragment and thus is not sent to any server.

j / k navigate · click thread line to collapse

0 comments

Vinnl7y ago

That's why the key is in the hash part of the URL; the server can't access that (unless it also sends client Javascript that parses it and sends it back to the server, but that could be detected).

SamuelAdams7y ago

fzzzy7y ago

e12e7y ago

The anchor hash/fragment (#hello) isn't sent over the network.

https://tools.ietf.org/html/rfc3986#section-3.5

Ed: as for an untrusted network, tls should be able to secure that. Except if the network owner can insist on/enforce a tls stripping mitm/proxy.

SamuelAdams7y ago

> The url effectively contains the decryption key, so the web server could be set to capture the urls and decrypt files.

fzzzy7y ago

The key is in the fragment and thus is not sent to any server.

j / k navigate · click thread line to collapse