Monday, April 27, 2009

Send passwords securely

It has always bothered me that there has only been two ways to use encryption to send secure information around. Either you do it the hard way which means both the sender and the receiver have to use special tools and copy and paste long ugly base64 strings.

Or you can trust a 3rd party with your information and he will take care of all the encryption mess. But the whole point of encryption is you don't want a 3rd party to have your information. You should not have to trust your email provider with your secure communications.

So I created a website to solve this.

DropSecret is the easy and secure way to send passwords, credit card numbers, or any other sensitive information to those whom you trust.

How easy? To send a message you don't need to know any crypto information, have a password, or even have an account. To receive your messages all you need to keep track of is your pass phrase.

How secure? So secure that even with complete control of the server we don't know what your messages are. A drop secret page has a 1024 bit public key that the web browser will use to encrypt your messages. Then the only way to decrypt the message is to use your with your pass phrase.

And why should you trust me that I've implemented everything securely? You shouldn't. That's why I've open sourced the Drop secret encryption library. People should check it out and make sure there are no mistakes (or back doors for that matter). And if you like the library but don't like dropsecret then feel free to use the library make something new yourself.

No comments: