Online encryption tools Review
If you still want to use for example Whatsapp or Skype for your messages you can use external tools to encrypt or decrypt messages. It is not the easiest way to send secure messages because you have to copy and paste a lot but sometimes there is no other way to do so.
Ranked in these QuestionsQuestion Ranking
Cons
Con Shared passwords have many flaws compared to other approaches to encrypted messaging
Passwords invite crackability, since the user might not opt to generate them randomly. Password compromise means the compromise of every message encrypted with the same password, past and future. Symmetric encryption means you need a different password for each group. If there are more than two people passing shared messages together, the encryption scheme doesn’t add proof of a message’s origin, unlike other options.
Con Not open-source
(applies only to infoencrypt.com)
The JavaScript is minified and no original source is provided.
Con Weak use of encryption primitives
- Both services currently listed derive keys from passwords with 1,000 iterations of PBKDF2. The NIST-recommended minimum is 10,000.
- infoencrypt.com uses a fixed, public secret key for its HMAC, meaning the message can be tampered with undetectably without knowing the password:
Secret key is simply
infoencrypt.com,AES,128b
in binary representation ([0x69, 0x6e, 0x66, 0x6f, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x41, 0x45, 0x53, 0x2c, 0x31, 0x32, 0x38, 0x62])
Con In-browser encryption is hard to audit
With local open-source tools, you can read the source before running; with reproducible builds, you can also confirm that any precompiled packages are genuine. In a browser, it’s much harder to make sure that the source you’re looking at is what’s actually running, and that nothing else from the same origin is interfering with it. And your recipient has to do the same!