Burn After Reading
This service has been created to offer a secure means to transfer one off information between two parties.
There are some basic principles this has been designed to:
- That the writer can create a single note
- That the reader can read the note once, and once only
- After the note has been read, the contents are erased
To support this we have ensured that only the writer and the reader can ever know the contents. So, technically behind the scenes the following happens:
- The writers note is submitted, and has any non-safe HTML removed to prevent any XSS attacks.
- A random dice ware pass phrase is created.
- The pass phrase is used to encrypt the writers message, which is then stored encrypted.
- The pass phrase is then hashed and stored. This hash value cannot be used to decrypt the message.
- The URL and pass phrase are displayed to the writer and this is the only time the pass phrase is shown
- When the correct URL is put into a browser, the pass phrase is checked against the stored hash. If correct, the given pass phrase (not the hash) is used to decrypt the message
- The message is then deleted from the database - effectively burned to ash
Currently, we keep the subject line and plan to add user registration so that you can see the subjects that you have shared, and when they were burned. Watch this space.