Minimal Point Release

@atoponce atoponce released this Jan 3, 2015 · 22 commits to master since this release

Changes in this release include:

  • Closer adherence to PEP 8 conventions.
  • POST to a generic /post/ URL rather than including the random URL.
  • Generated passphrase and duress key match URL length and character classes.
  • Add ISAAC CSPRNG and Blum Blum Shub for generating secure passphrases client-side if the browser does not support the Web Crypto API.
  • Many HTML and CSS changes.
  • Replace Crypto.Random with os.urandom for RHEL/CentOS 6 compatibility with python-crypto 2.0.
  • Bug fixes.
  • Jun 10, 2014


    Initial release, ready for production use. Features include:
        - 128-bit random nonce used for the URL
        - 3 dynamically generated static salts for building file, AES, and HMAC
        - Keys dynimacially built with PBKDF2
        - All notes AES-256 CTR encrypted
        - All notes protected and authenticated with HMAC-SHA512
        - Hashcash tokens minted by the client and submited to the server
        - Anonymous browser fingerprints used for the Hashcash resource string
        - QR code created for sharing the encrypted note via mobile devices
        - POST data hidden to discourage server-side logging of the URL