Write a message... Once read it'll be burned to digital ash

The perfect way to share passwords, credentials, VPN configs, pre shared keys, certificates and any other secrets

Please enter a subject

Please enter a message
This note will self destruct on the date below
Please note, all notes will self destruct after 30 days
Need a quick password? Click here to generate random character password
 
Passwords are generated by your browser and never stored

Burn After Reading

This service has been created to offer a secure means to transfer one off information between two parties, such as passwords, login details, pre shared keys and other text.

How to send secure information


Write message

Encrypt and save

Get link

Share link

Get key

Share key

How to receive secure information


Receive link

Decrypt and open

Read message

Message destroyed

Receive key

There are some basic principles this has been designed to:

  1. That the writer can create a single note
  2. That the reader can read the note once, and once only
  3. After the note has been read, the contents are erased

To support this we have ensured that only the writer and the reader can ever know the contents. So, technically behind the scenes the following happens:

  • The writers note is submitted, and has any non-safe HTML removed to prevent any XSS attacks.
  • A random dice ware pass phrase is created.
  • The pass phrase is used to encrypt the writers message, which is then stored encrypted.
  • The pass phrase is then hashed and stored. This hash value cannot be used to decrypt the message.
  • The URL and pass phrase are displayed to the writer and this is the only time the pass phrase is shown
  • When the correct URL is put into a browser, the pass phrase is checked against the stored hash. If correct, the given pass phrase (not the hash) is used to decrypt the message
  • The message is then deleted from the database - effectively burned to ash

There are a few limitations and enhancements we are working on.

  • Messages are limited to 0.5 MB or 512 KB. It is something we're looking at larger sizes for subscribers
  • Images are embedded into the message as a Base64 encoded image, so encrypted with the text as the above process
  • Notes are checked to be auto burned every 15 minutes, so if you have a very specific time it may be a small lag of it being burned
  • All times are in UTC
Planned enhancements are:
  • Increased message sizes
  • Local timezones added via your profile
  • Language localisations
  • Headed notes, add your company stationary to the top of the messages
  • Company and user management - have multiple users per company account with central features
  • Login with LinkedIn

Currently, we keep the subject line and plan to add user registration so that you can see the subjects that you have shared, and when they were burned. Watch this space.

Advertisement

How to send passwords securely

  1. Enter the password or secret information into Burn After Reading
  2. Burn After Reading will encrypt the message
  3. You are given a link to share along with the key to decrypt the message
  4. The recipient then opens the link
  5. The key is then used to decrypt the message
  6. The message is presented to the recipient
  7. The encrypted message is deleted from the database

Read then burn

  1. Enter the messages into Burn After Reading
  2. You are given a link to share along with the key to decrypt the message
  3. The recipient then opens the link and decrypts the message with the key
  4. The message is read
  5. The encrypted message is digitally burned

How does it work exactly?

  1. Your create your note above
  2. We create a random pass phrase and encrypt your message with it
  3. We one way hash the pass phrase and store it - this means we can't decrypt and reverse this process
  4. The pass phrase is presented to you, along with the link
  5. You can share, either:
    1. The whole link with the pass phrase embedded - just a one click to open, or,
    2. The link and pass phrase separately. This is greater security if you then share the pass phrase via another channel, such as SMS, Slack, Teams and the link shared by email for example
  6. The recipient then opens the link
  7. When clicked to read it, the pass phrase is once again hashed and ensured to match what we have stored
  8. The pass phrase is then used to decrypt the message
  9. The message is presented to the recipient
  10. The encrypted message is deleted from the database and the record marked as deleted
Advertisement