You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.rst
+8-8Lines changed: 8 additions & 8 deletions
Original file line number
Diff line number
Diff line change
@@ -27,23 +27,23 @@ How it works
27
27
28
28
When creating the paste:
29
29
30
-
- the browser generate a random key;
30
+
- the browser generates a random key;
31
31
- the pasted content is encrypted with this key using AES256;
32
32
- the encrypted pasted content is sent to the server;
33
-
- the browser receives the paste URL and add the key in the URL hash (#).
33
+
- the browser receives the paste URL and adds the key in the URL hash (#).
34
34
35
35
When reading the paste:
36
36
37
37
- the browser makes the GET request to the paste URL;
38
38
- because the key is in the hash, the key is not part of the request;
39
-
- browser gets the encrypted content et decrypt it using the key;
40
-
- the pasted decrypted content is displayed and code is colored.
39
+
- browser gets the encrypted content end decrypts it using the key;
40
+
- the pasted decrypted content is displayed and sourcecode is highlighted.
41
41
42
42
Key points:
43
43
44
44
- because the key is in the hash, the key is never sent to the server;
45
-
- therefor it won't appear in the server logs;
46
-
- all operations, including code coloration, must happens on the client;
45
+
- therefore it won't appear in the server logs;
46
+
- all operations, including code coloration, happen on the client-side;
47
47
- the server is no more than a fancy recipient for the encrypted data.
48
48
49
49
Other features
@@ -76,15 +76,15 @@ Known issues
76
76
77
77
- 0bin uses several HTML5/CSS3 features that are not widely supported. In that case we handle the degradation as gracefully as we can.
78
78
- The "copy to clipboard" feature is buggy under linux. It's flash, so we won't fix it. Better wait for the HTML5 clipboard API to be implemented in major browsers.
79
-
- The pasted content size limit check is not accurate. It's just a safety net, so we thinks it's ok.
79
+
- The pasted content size limit check is not accurate. It's just a safety net, so we think it's ok.
80
80
- Some url shorteners and other services storing URLs break the encryption key. We will sanitize the URL as much as we can, but there is a limit to what we can do.
81
81
82
82
What does 0bin not implement?
83
83
=================================
84
84
85
85
* Request throttling. It would be inefficient to do it at the app level, and web servers have robust implementations for it.
86
86
* Hash collision prevention: the ratio "probability it happens/consequence seriousness" `is not worth it`_
87
-
* Comments: it was initially planed. But comes with a lot of issues so we chose to focus on lower handing fruits.
87
+
* Comments: it was initially planed. But comes with a lot of issues so we chose to focus on lower hanging fruits.
88
88
89
89
90
90
.. _moderate the pastebin content: http://www.zdnet.com/blog/security/pastebin-to-hunt-for-hacker-pastes-anonymous-cries-censorship/11336
0 commit comments