Update Readme to clarify some security aspects
* Clarify that HTTPS is essential * Clarify how/when user data is protected in case of a server breach, fixes https://github.com/sebsauvage/ZeroBin/issues/45 * Clarify the password-strength matters when you post the URL publicly * some rewording
This commit is contained in:
parent
24f33c26fe
commit
25ac3322d9
31
README.md
31
README.md
|
@ -5,9 +5,11 @@ knowledge of pasted data.
|
||||||
|
|
||||||
Data is encrypted/decrypted in the browser using 256 bit AES.
|
Data is encrypted/decrypted in the browser using 256 bit AES.
|
||||||
|
|
||||||
This fork of ZeroBin refactored the source code to allow easier and cleaner
|
This is a fork of ZeroBin, originally developed by
|
||||||
extensions. It is still fully compatible to the original ZeroBin 0.19 data
|
[Sébastien Sauvage](https://github.com/sebsauvage/ZeroBin). It was refactored
|
||||||
storage scheme. Therefore such installations can be upgraded to this fork
|
code to allow easier and cleaner extensions and has now much more features than
|
||||||
|
the original. It is however still fully compatible to the original ZeroBin 0.19
|
||||||
|
data storage scheme. Therefore such installations can be upgraded to this fork
|
||||||
without loosing any data.
|
without loosing any data.
|
||||||
|
|
||||||
## What ZeroBin provides
|
## What ZeroBin provides
|
||||||
|
@ -19,7 +21,7 @@ without loosing any data.
|
||||||
|
|
||||||
+ Pastebin-like system to store text documents, code samples, etc.
|
+ Pastebin-like system to store text documents, code samples, etc.
|
||||||
|
|
||||||
+ Encryption of data sent to server, even if it does not provide HTTPS.
|
+ Encryption of data sent to server.
|
||||||
|
|
||||||
+ Possibility to set a password which is required to read the paste. It further
|
+ Possibility to set a password which is required to read the paste. It further
|
||||||
protects a paste and prevents people stumbling upon your paste's link
|
protects a paste and prevents people stumbling upon your paste's link
|
||||||
|
@ -27,26 +29,35 @@ without loosing any data.
|
||||||
|
|
||||||
## What it doesn't provide
|
## What it doesn't provide
|
||||||
|
|
||||||
- As a user you have to trust the server administrator, your internet provider
|
- As a user you have to trust the server administrator. If the server you use does
|
||||||
|
not use HTTPS (which is *not* recommend!) you also have to trust your internet provider
|
||||||
and any country the traffic passes not to inject any malicious javascript code.
|
and any country the traffic passes not to inject any malicious javascript code.
|
||||||
Ideally, the ZeroBin installation used would provide HTTPS, secured by
|
All ZeroBin installation should use HTTPS. Ideally secured by
|
||||||
[HSTS](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) and
|
[HSTS](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) and
|
||||||
[HPKP](https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning) using a
|
[HPKP](https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning) using a
|
||||||
certificate either validated by a trusted third party (check the certificate
|
certificate either validated by a trusted third party (in most cases Certificate
|
||||||
when first using a new ZeroBin instance) or self-signed by the server operator,
|
Authorities) or self-signed by the server operator, validated using a
|
||||||
validated using a
|
|
||||||
[DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) protected
|
[DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) protected
|
||||||
[DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities)
|
[DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities)
|
||||||
record.
|
record.
|
||||||
|
|
||||||
- The "key" used to encrypt the paste is part of the URL. If you publicly post
|
- The "key" used to encrypt the paste is part of the URL. If you publicly post
|
||||||
the URL of a paste that is not password-protected, everybody can read it.
|
the URL of a paste that is not password-protected, everybody can read it.
|
||||||
Use a password if you want your paste to be private.
|
Use a password if you want your paste to be private. In this case make sure to
|
||||||
|
use a strong password and do only share it privatly and end-to-end-encrypted.
|
||||||
|
|
||||||
- A server admin might be forced to hand over access logs to the authorities.
|
- A server admin might be forced to hand over access logs to the authorities.
|
||||||
ZeroBin encrypts your text and the discussion contents, but who accessed it
|
ZeroBin encrypts your text and the discussion contents, but who accessed it
|
||||||
first might still be disclosed via such access logs.
|
first might still be disclosed via such access logs.
|
||||||
|
|
||||||
|
- In case of a server breach your data is secure as it is only stored encrypted on
|
||||||
|
the server. However the server could be misused or the server admin could be legally
|
||||||
|
forced into sending malicious JavaScript to all web users, which grabs the decryption key
|
||||||
|
and send it to the server when a user accesses a ZeroBin.
|
||||||
|
Therefore do not access any ZeroBin instance if you think it has been compromised. As long
|
||||||
|
as no user accesses this instance with a previously generated URL, the content cannot be
|
||||||
|
decrypted.
|
||||||
|
|
||||||
## Options
|
## Options
|
||||||
|
|
||||||
Some features are optional and can be enabled or disabled in the [configuration
|
Some features are optional and can be enabled or disabled in the [configuration
|
||||||
|
|
Loading…
Reference in New Issue