Babble Browser Extension
Babble is a platform agnostic browser extension that allows for easy encryption and decryption of text data across the web. With Babble, users can create encryption keys from passwords, encrypt text with any of these keys, and decrypt any ciphertext they have a key for. Babble is meant to be dead simple to use, so people of all backgrounds have the ability to encrypt sensitive data on any service.
A list of supported websites can be found here.
How it works
Click the key icon inside of the Babble popup and you'll be brought to the Babble Keystore. From there, you can add, search, select, edit, and delete key-base pairs.
Encryption and Encoding
Encryption can begin when you type into the textbox inside of the Babble popup.
For supported sites, the encrypted text will be automatically filled into the
webpage's textbox. Hitting
Ctrl+Enter will trigger sending the message from
the webpage. For unsupported sites, you can click the copy icon and paste the
encrypted text to the textbox you want. The popup can also be activated by
Babble uses Argon2i algorithm to
generate a 256-bit encryption key (with salt
BabbleBabbleBabb). The key
derivation process is slow (takes about 0.5-2s in the browser) to prevent brute
force attack. The encryption algorithm is
The cipher text is then (byte-by-byte) encoded to UTF-8 characters using a
256-character base. The default base is 256 Chinese characters taken from a
frequency table. You can use whatever base you'd like, as long as it's 256 UTF-8
characters and only contains unique characters.
Decryption can begin when the unlock icon inside of the Babble popup is
clicked. This action launches the element picker, highlighting the DOM element
under the cursor purple. The extension will walk the DOM starting at that
element looking for data to decrypt. Decryption can also be activated by
Babble operates under the assumption that every website is running hostile
created whose source is a web accessible
All ciphertext targeted for decryption is transferred to the iframe, where it
is then decrypted and displayed to the user. Web accessible resources are
utilized because they have unique protocols (
chrome-extension:// on Chromium
moz-extension:// on Firefox), and protect our plaintext from being
In the keystore page, users can generate a keypair, share it with a
correspondent, and both parties derive the same passphrase (UUID) using
Elliptic-curve Diffie-Hellman ephemeral
Point multiplication is done on
Curve25519 and the shared UUID is
UUID(hash(secret || publicKey1 || publicKey2)). It is not unheard
of for different keypairs to produce the same point on the curve, so the public
keys are hashed with the shared secret to produce a more secure output (per
The resulting UUID is to be used as a source for key