Advance and Be Mechanized

Sending passwords (or other short sensitive information like credit card numbers etc) on emails doesn't seem like a good idea. Trying to do diminish that risk I coded as a "weekend project" WhisperPassword.com.

The site is built using as stack: Debian Linux, PostgreSQL (I try to avoid MySql when possible, ask me why), Django (Python) & Apache. For some reason the encryption part doesn't work in Internet Explorer, but then again, what does.

Now I'll just copy-paste the explanations that are on the site. Also I'm very aware that JavaScript encryption is no the best security idea; for example the user still has to trust that the web page is doing what is supposed to and it hasn't been cracked.

WhisperPassword mitigates (doesn't solve) the security problem of sending passwords or other secret information in the clear.

1) The secret text is encrypted right here in the browser with very strong encryption using a random key; the code doing the encryption is the Stanford Javascript Crypto Library. The secret text is never transmitted or stored anywhere. Only the encrypted text and an ID (optionally also an email) is sent to our server; the key is not sent to our server so we cannot decrypt and get the secret text.

2) You send the recipient the link containing a random ID and the key to decrypt the secret text. You can send these two pieces separately in different channels for added security. The link and key are valid for only 48 hours.

3) The recipient clicks on the link and enters the key in the page. The page in the recipient's browser decrypts and shows the secret text, if it hasn't been retrieved before. The link and key work one-time only and therefore the secret can only be disclosed once; after the first disclosure the encrypted data is deleted from the server.

Optionally if you entered an email address, you get a confirmation email message with information about when the secret text was accessed in our server and from what IP address.

The link and key could still be intercepted but if they are used the receiver (and optionally the sender) would know if the password was already revealed.

Other sites that encrypt in the browser and give you just a link are flawed; since the encryption key is in the URL, when the recipient uses it the key is sent to the server where the encrypted secret is. This is not a good idea since a malicious or hacked site could use the key at that moment to decrypt the secret.