You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Burnernote is not end-to-end encrypted, allowing a malicious server or MitM on TLS to read contents of notes. This is not solvable with the current design of performing encryption on the server. However, the required APIs are available in WebCrypto.
The above is sufficient for end-to-end encryption, but could be improved at the cost of additional complexity.
Protect Ciphertext
The proposal above keeps the plaintext and key secret, but still allows an external attacker to download the ciphertext with only the URL (no fragment). This allows an offline attack of the ciphertext. It also leaks metadata about the plaintext (e.g., it's length) even if the attacker is unable to decrypt it.
An additional shared signing key can be generated. This key is shared with the server when a secure note is created, but not shared when a note is viewed.
The rough idea:
Client generates a signing key
Client uploads the signing key with the encrypted note
On view, when fetching the ciphertext, the client uses the shared secret to sign a token containing the note id and a timestamp.
The server uses the shared secret uploaded previously to verify the signature on the token. It additionally checks that the timestamp is within a tolerance. Only after validation does it provide the ciphertext.
This could also be done with an asymmetric key (e.g, RSA) to prevent the sharing secret from being sent to the server. But, in practice this doesn't provide any benefits:
An attacker that is able to see the signing secret in transit could see the ciphertext at the same time
Someone that is able to view the signing secret in the database could also view the ciphertext
The text was updated successfully, but these errors were encountered:
Burnernote is not end-to-end encrypted, allowing a malicious server or MitM on TLS to read contents of notes. This is not solvable with the current design of performing encryption on the server. However, the required APIs are available in
WebCrypto.Proposal
Create Secure Note
In the client:
Read a secure note
In the client:
Optional Improvements
The above is sufficient for end-to-end encryption, but could be improved at the cost of additional complexity.
Protect Ciphertext
The proposal above keeps the plaintext and key secret, but still allows an external attacker to download the ciphertext with only the URL (no fragment). This allows an offline attack of the ciphertext. It also leaks metadata about the plaintext (e.g., it's length) even if the attacker is unable to decrypt it.
An additional shared signing key can be generated. This key is shared with the server when a secure note is created, but not shared when a note is viewed.
The rough idea:
This could also be done with an asymmetric key (e.g, RSA) to prevent the sharing secret from being sent to the server. But, in practice this doesn't provide any benefits:
The text was updated successfully, but these errors were encountered: