Senditonthenet - secure file sending service

Hi guys,

My name is Jon Taylor and I have just launched a new file sending service that I think you guys might be interested in.

http://www.senditonthenet.com/

There are many file sharing sites out there, but the thing that I have done differently is to build it with a "host-proof" design at its core.

What this means, is that I give the user all the tools to verify and audit the service before they have to enter any personal details. The service does encryption in the web browser, and thus makes extensive use of javascript. All the code is sent to the browser in one single file, then all the other pages are ajaxed in so no more javascript gets sent to the browser.

The code that handles page transitions checks any input it receives from the server and strips out any script tags or javascript that might be in it. So I can't simply send code down to steal the keys.

RSA keys are generated when you first log in, your public and private keys are pushed up to the server but your private key is AES encrypted with a key derived from your password (which is never sent to the server) so you can recall it without us knowing what it is.

We require that recipients sign up before you can send to them which is a potential usability downside. However we need this because you can't send a file to somebody if you don't have their public key. We cannot do the key generation on somebody else's behalf since then you'd have to trust us! You only have to confirm a contact once though, and then you store a copy of your contacts keys AES encrypted in a similar way to what we do with your private key. This is so that you don't have to double check a public key every time you try to send.

We want the service to be as open and transparent as possible, so that people can send files without complexity, but also in a way that doesn't require the same level of trust you have to have with other solutions.

I'd be really pleased if you guys could give me your opinions on the service. Also since you guys are more security inclined i'd be interested to know if you think there are any weaknesses or attack vectors that I hadn't considered.

Many thanks

Jon

 

What about the possibility that someone with access to the server modifies the javascript code that creates the initial private encryption keys to mount a man-in-the-middle attack?

I was also thinking that if I zip a file with a password it would be equally protected, there are lots of offline encryption tools out there that one can use to hide uploaded files from the hosts, some people find WinZip easier to use than public/private keys. And I was reading the site and saw "See who accessed files and when", this could be a very useful log for law enforcement too.

 

The primary attack vector in a host-proof application is somebody modifying the javascript code.

For the application to remain host-proof the user would have to audit the javascript code every time they log in. Or at least audit it once and then check for changes before they log in subsequent times.

I realise that in practise most users wont actually do this, i'm in the process now of creating an open source tool that would allow people to more easily check for changes in any host-proof application as i'm a proponent for the technology thats used too.

Offline encryption tools are actually the best thing for keeping your data secure. You can download easily auditable open source tools, compile them once and know they wont change, and you can choose to use bigger keys.

However they are typically relegated to the confines of quite advanced users, and in the winzip example you still have to get the secret passphrase to the other user.

Online tools are a lot more accessible, but typically have the problem of having to trust the host, I'm trying to find a way of bridging the gap.

Thankyou for your thoughts!

 

hmmmm...interesting