Skip to content
HN On Hacker News ↗

DropLock

▲ 24 points 7 comments by apitman 1mo ago HN discussion ↗

Pangram verdict · v3.3

We believe that this document is fully human-written

0 %

AI likelihood · overall

Human
100% human-written 0% AI-generated
SEGMENTS · HUMAN 1 of 1
SEGMENTS · AI 0 of 1
WORD COUNT 266
PEAK AI % 0% · §1
Analyzed
Jun 2
backend: pangram/v3.3
Segments scanned
1 windows
avg 266 words each
Distribution
100 / 0%
human / AI fraction
Verdict
Human
Pangram v3.3

Article text · 266 words · 1 segments analyzed

Human AI-generated
§1 Human · 0%

Simple safe secret sharing

Receive a secret The link below is like an open lock box that belongs to you. Anyone you share it with can put a secret inside and create a locked link that only you can open.

Share a secret This page is like an open lock box that someone shared with you. Type a message below, then you can create a new link that is a locked version of the box that only that person can open. Text Secret link

Secret Opening...

How it works and security Your browser creates a public/private key pair. The public part is in your lock box link. The private part is saved by this browser as a non-extractable key, so it cannot be exported and secret links can only be opened in the same browser profile where the lock box was created. Each device or browser gets a different lock box. When someone locks a secret for you, their browser uses your public key plus a one-time key to create an AES-GCM key with HKDF-SHA-256. The secret is locked locally, and the result is placed in the link fragment, which is not sent to the web server. Tradeoffs: DropLock does not use fingerprint checking. If someone can replace the lock box link in transit, they can make the sender lock the secret for them instead. For stronger assurance, have the receiver send the lock box link over two different channels and compare that the links are identical, or use one channel you fully trust. Warning: DropLock has not been reviewed by a security expert.

Source code