question about database security #27

Closed
ericjang opened this Issue Nov 13, 2012 · 1 comment

Comments

Projects
None yet
2 participants

hi there,

this is really cool! My concern is that the url for the paste (containing both the identifier and the private key) are more or less public.

Therefore in a hypothetical database raid, couldn't the raiders just find the identifier and key by searching the internet for the particular identifier?

Owner

sebsauvage commented Nov 13, 2012

Yes they could.

If the key is disclosed, there's nothing that prevents reading the
pastes, except if they were deleted

(thus the expiration option).

Example: You want to discuss privately with someone, leaving no trace
in your email box.

Send a ZeroBin URL with discussion enabled and expiration set.

If, after paste expiration, the ZeroBin server is seized (or even your
mailbox seized), nobody will be able to

read the discusion, even knowing the key.

Le Mar 13 Novembre 2012, à 19:38, Eric Jang a écrit :

hi there,

this is really cool! My concern is that the url for the paste
(containing both the identifier and the private key) are more or
less public.

Therefore in a hypothetical database raid, couldn't the raiders just
find the identifier and key by searching the internet for the
particular identifier?

Reply to this email directly or [1]view it on GitHub.

[kdwLAUgbum6dq8i3_XyJKwgeeIc87gyjN8QScbmARudahFYnhmLuYmZt1-pbpA_2.gi
f]

Sébastien SAUVAGE

sebsauvage at sebsauvage dot net

http://sebsauvage.net

OpenPGP ID: 0x6C73DA99

References

  1. #27

@sebsauvage sebsauvage closed this Feb 22, 2013

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment