Here’s the Deal
Slant is powered by a community that helps you make informed decisions. Tell us what you’re passionate about to get your personalized feed and help others.
Passwords invite crackability, since the user might not opt to generate them randomly. Password compromise means the compromise of every message encrypted with the same password, past and future. Symmetric encryption means you need a different password for each group. If there are more than two people passing shared messages together, the encryption scheme doesn’t add proof of a message’s origin, unlike other options. See More
Both services currently listed derive keys from passwords with 1,000 iterations of PBKDF2. The NIST-recommended minimum is 10,000. infoencrypt.com uses a fixed, public secret key for its HMAC, meaning the message can be tampered with undetectably without knowing the password: Secret key is simply infoencrypt.com,AES,128b in binary representation ([0x69, 0x6e, 0x66, 0x6f, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x41, 0x45, 0x53, 0x2c, 0x31, 0x32, 0x38, 0x62]) See More
With local open-source tools, you can read the source before running; with reproducible builds, you can also confirm that any precompiled packages are genuine. In a browser, it’s much harder to make sure that the source you’re looking at is what’s actually running, and that nothing else from the same origin is interfering with it. And your recipient has to do the same! See More