spb or "sleuthpaste"
...or how I learned to stop worrying about pasting sensitive information publicly and love the Web.
spb a.k.a. "sleuthpaste" is the only totally secure, auditable, entirely open-source pastebin.
Quint was working on a project that needed short-term self-deleting symmetrically encrypted storage for small blobs of text, but no open-source pastebin lets users encrypt their pastes with a passphrase, and the only pastebin with any sort of encryption is closed source and comes with several security caveats that can downgrade end users' security unexpectedly. We both use a popular pastebin called
pb (hosted at ptpb.pw) and felt its API was well-designed enough to extend to symmetric encryption.
We think this is a good use of AWS, as EC2 is cheap enough that we can run a public service like this without ads or a paid option, entirely out of our own pockets.
What it does
spb is a fork of
pb that encrypts text entirely client-side in the browser. Because of the way its design integrates with
pb, it inherits many of
pb's benefits, including:
- deleting pastes
- setting per-paste automatic deletion
- vanity URLs to double as a URL-shortener of sorts
- extensible API
- integration with existing tools
How we built it
Quint forked pbwww (running instance here) to add symmetric encryption to the submission form, removing features that were incompatible with the level of encryption provided; this provided the front-end.
Challenges we ran into / What we learned
- severe sleep deprivation
- turns out W&M's DNS servers cache for a very long time
- node can act as a very flexible Flask replacement, but only if you like callbacks
- Flask can act as a very flexible node replacement, but only if you like decorators
- competition with a systems programming assignment
Accomplishments that we're proud of
We're the only open-source encrypted pastebin on the internet. It filled a very concrete need for a real project that I will be using as early as this week.
What's next for spb
Even tighter integration with
pb and support for arbitrary binary blobs (a much harder task because of the inability to use HTTP to send large files through an encrypting stream).