Bitcoin Forum

---

Very cool, but I think the current functionallity is too limited, it would be cool if you developed it either into a system of notes (like evernote) or into shared interactive notebook (like piratepad).

all data are encrypted in my browser ? so If I purge the cash or I use Tor, your website won't work ?
if I lose my computer or I had to reinstall my os or just my browser, I lose everything ?

If I can access to data from any device, it means that the browser do not do anything to encrypt the data, it just browse the website (that's it).

"It uses client-side JavaScript (in your browser) to encrypt the data with AES256 encryption" Ohh that's so fancy using technical words ...

The main issue is that : the pass-phrase that cipher the text is the same that a user will use to reverse the ciphering (that means you can read every freaking messages people send & receive using your "super encryption tool".

You can have every bitcoin address by generating private keys!!!!  :o

Thank you !

I really wanted how you will behave if I push you up a little bit, I expected some aggressive answers but I got the opposite.

Suggestion : try to make the background a bit darker if you can, good luck with your service.

Interesting, then what is the different between this and pastebin

thank you, I will try this

Have used it before.So you were the one who bought project from devthedev .Cool. No substantial changes have been made since the last time I used it.

This is excellent and gave me a cool spin-off idea too. Thanks!

This is a very cool service! It is also quite fun to search what other users have written  ;D

It's a great idea, but there's not much functionality besides sending encrypted notes to others, but there are also better ways to do this.

But it's a cool idea, and it's given me a cool idea for a site, myself! I'll tip you if it's successful.

No, you don't lose your data until the website shuts down. The opening line "passphrase.io is back" suggests they have shut down at least once before, so this doesn't seem like a good way of storing anything important.

The problem is JavaScript using in the Web browser. If you do not use Java, then you can not use notepad. For security reasons it is much better not to use Java.  ;D

Please stop crossposting reddit links unless you will do them within 5 seconds of each other instead of enough delay here for them to be solved by redditors already.

https://www.reddit.com/r/Bitcoin/comments/4waf4d/i_have_hidden_another_005_btc_at_passphraseio/ Fri Aug 5 13:37:11 2016 UTC
https://bitcointalk.org/index.php?topic=1372368.msg15829272#msg15829272 August 05, 2016, 14:22:59 UTC

I really like the concept.

You should add a "time bomb" / "time expiration" to self-delete the note stored on your server, depending on the user choice.

How does the random phrase generator works? Collisions are possible?

The design on the homepage says everything. Attach it on the first post  ;)

https://passphrase.io/images/encryption.png

I definitely love this idea, but wouldn't including those hashing algorithms supported by ASICs be a bad idea after all?

I found a bug.
I was able to remove the js code to filter text greater than 32768 chars. But backend have a lenght limit control too (great!).

So I went further.. I replicated the post request with postman, and edited manually the form-data parameter "text" by changing the ciphered text. Success! I updated a passphrase text and now the passphrase is no more usable.
Passphrase: It should resolve of its own volition.

Error: sha256.js:10 Uncaught Error: Malformed UTF-8 data

Try to add some sort of control on server-side (if it's possible)

I advise us not to confuse JavaScript with Java, though. Java was removed from browsers a very long time ago while JavaScript is still widely used in stable projects. Unless you know what you are doing, disabling JavaScript is advised, but the nature of the JavaScript that web sites use is that the script runs on client side so it is possible to white-box analyze it in a secure environment and if you find it safe, you may enable JavaScript for that site. Using JavaScript is not a Devil's tool nowadays!

It could still be used as a lethal tool to spoof or manipulate anything you want.For example,you might have played google's offline game when your Internet goes down.By running a simple script in the browser,you can hack that game to score unlimited points.That's where the client side javascript is use for devil stuff.This is just an example of what you can with the script on the client side.I believe,the complications or encrypting the data should be left to the back-end only.

You got a point but the encryption takes place on the server side ,isn't it ? I upload my content,use one of the algorithms that "YOU" have implemented on the website to store the encrypted data.Now,since you have implemented the code,only you would know if it actually looks like what it is or data is being available at the back-end.