What is CryptBro?
CryptBro is a tool for sharing encrypted messages. All encryption is performed on your own computer using the AES encryption algorithm, used by the US Government and SSL servers everywhere for secure communications. You can be quite sure no one but the intended recipient can read your message, as long as common-sense security protocols are followed.
How does it work?
It's quite simple. There are two modes of operation, Encrypt and Decrypt. To encrypt a message, click Encrypt, pick a passphrase for your shared key, type your message, and click Crypt. Your message is first encrypted, then the encrypted message is sent to the server to be saved. You are then given a URL which you can send to the recipient where they can read the message.
When your recipient opens the link you've sent them, they are shown the encrypted text. They will then type the key you've shared with them, and click Crypt.
How can I be sure it's secure? Are you sure nobody can read my message?
Nothing is transmitted to the server in plaintext. Because all encryption is performed on your own computer, you can be sure the message is as secure as your computer is, as long as common-sense security protocols are followed.
To know if your message is secure, start by asking yourself these questions:
- "Is my key based on a dictionary word or something easy to guess?"
- "Are there any spyware or keyloggers on my system?"
- "Could anyone have access to the key that shouldn't?"
Answering negatively to these and perhaps other questions should assure you of your message's security.
What's really going on under the hood?
Once you've entered your key and message and submit the form, CryptBro takes the key and stretches it using the PBKDF2 algorithm. With this key, it then makes an HMAC hash of the message. Finally, the message is AES encrypted. The encrypted message, the HMAC hash, and the salt for the stretched key are rolled up together, and sent to the server for storage (if the user does not disable server-side storage).
On the decryption side, CryptBro takes the rolled-up message, gets the salt, and stretches the key to obtain the same stretched key it was encrypted with. It then makes an HMAC hash and checks it against the original hash; this is checks that the user supplied the correct key. If the hash is right, the message is decrypted and displayed.
Back to CryptBro