Update
You can now encrypt plain text, so anything you want. With this, you can send sensitive information over insecure channels or share publicly with real plausible deniability. (below 2000 characters works without issue)
Changes
I rebuilt the system with a different encryption design, and address many of the flaws pointed out in V1.
I really wanted any password to always decrypt so you never know if you are right. I found the XOR algorithm that does this, but there is an entropy problem, where an incorrect password will almost always output non-common characters, I attempted to solve this at its core by diving into the math and some research papers but got nowhere, as it seemed to be almost impossible.
I tried finding an algorithm that would give me perfect plausible deniability, so if you shared a link X with a password you could use a different password and get Y, saying you never intended to share X. It doesn't exist 😢 I came up with a workaround by adding decoys which are mutable XOR ciphers joined, it allows you to set what other data is included, so you can tailor your alibi.
Here is the demo link. There are three memes you can find > Password: test1, test2, test3
Safety
It should be safe to share data encrypted with this method, I did some basic brute force tests and did not find any shortcuts, I have a rough estimate of a billion years on a server farm for a 12digit password.
Considerations
@calcopiritus@lemmy.world said: > "There’s 2 secrets here: the link and the password. And to share it with someone you need to share 2 secrets: the locked link and the password."
A strong password is almost impossible to crack, but you can use a popular text link tool like pastebin with expiry to mask the encrypted data. As for eliminating the password, I have considered using the site as the 'shared secret' so you share just the cipher, and if you know the URL you can paste it in, and it would be encrypted/decrypted with a derived key the site stored.
fr, windows hides the file type by default.
Om, AppImage is portable exe. Has it's uses.
I'm not so sure about those beginner-friendly distros, they seem a little doggy and miss out on the massive work that the Debian and Ubuntu teams do that a smaller team can not. Snap is good for small, one time use or untrusted apps. But most of the time, its performance is really slow. It needs some work.
I know it's not that hard $ dpkg -i but opening the terminal gives normies an aneurysm and thanks to the crazy gatekeeping gen alpha doesn't know what a file type is now.
I use Ubuntu btw. Personally, the App store's on Linux confused me a ton, setting up Flatpak and some other package repositories. I much preferred the windows way, shocker, with just downloading and double-click the exe file.
Do I have to make a pull request myself to get this done, or what is the debate on this?
Yep definitely, If you open source when you are a small team or individual a company will steal your code and, with their massive teams, wipe the floor with you. That is why I like what Plausible Analytics (Google Alternative) is doing, https://plausible.io/blog/open-source-licenses there AGPL-3.0 licence scares big tech because by using code with it, you must open source all code using or related to the code you use, and they have the means to enforce that.
Files are a whole other issue. If I was to make a file upload, it would be my site (encrypts & uploads data)->uploadthing.com->AWS T3 Buckets->returns link. Because if it was bad content my site cant do the decryption without being liable, so for decryption->open sauce decryption system->hosted on popular free platforms you can't block->decrypts data and hides original file.
Yeah, I appreciate the feedback. I need to do more, so the link isn't a secret, e.g. any password will decrypt any link to text so if you use the wrong password you get wrong data possibly a different link, that hides if you were wrong or right. Then you only need to share one secret via a separate channel.
Sorry 😂 Thought I exempted the /anon route from headless, VPN and proxy checks but forgot one of the VPN functions, fixed now! The /anon route is not checked. It was unfortunately needed because of a very costly bot attack abusing a service I had.
I made this tool so you can share 'locked' links safely & anonymously with a password. It gives you plausible deniability and crowd blending when sharing privates links.🔒
https://qrc.site/anon (open sauce) 🦑