@atoponce atoponce released this Jan 3, 2015 · 22 commits to master since this release

Assets 2

Changes in this release include:

  • Closer adherence to PEP 8 conventions.
  • POST to a generic /post/ URL rather than including the random URL.
  • Generated passphrase and duress key match URL length and character classes.
  • Add ISAAC CSPRNG and Blum Blum Shub for generating secure passphrases client-side if the browser does not support the Web Crypto API.
  • Many HTML and CSS changes.
  • Replace Crypto.Random with os.urandom for RHEL/CentOS 6 compatibility with python-crypto 2.0.
  • Bug fixes.
Jun 10, 2014


Initial release, ready for production use. Features include:
    - 128-bit random nonce used for the URL
    - 3 dynamically generated static salts for building file, AES, and HMAC
    - Keys dynimacially built with PBKDF2
    - All notes AES-256 CTR encrypted
    - All notes protected and authenticated with HMAC-SHA512
    - Hashcash tokens minted by the client and submited to the server
    - Anonymous browser fingerprints used for the Hashcash resource string
    - QR code created for sharing the encrypted note via mobile devices
    - POST data hidden to discourage server-side logging of the URL