CryptoBin is a secure pastebin service
What is CryptoBin?
CryptoBin is a secure pastebin service.
How does it work?
Submitted plain text is first encrypted into cipher text using AES with a 256-bit key. This key is derived from a password that you may either specify or have generated. The encrypted cipher text is then sent securely to CryptoBin and assigned a unique identifier, forming part of the link used to access the paste.
From that link the encrypted cipher text is sent securely back from CryptoBin and after entering the password, decrypted into the original plain text. This allows you to share the link over an unsecure connection without anyone being able to read your content unless provided with the password by you.
How secure is my content?
Your plain text and password are never transmitted, all cryptographic functionality takes place client-side in your browser prior to submission. Only your encrypted plain text or cipher text is transmitted between you and CryptoBin, achieved securely using SSL with validation of our certificate is available here. CryptoBin is also included in Chrome's HSTS preload list, with Firefox and Safari also having HSTS preload lists which include the Chrome list.
What information is kept?
CryptoBin keeps your encrypted cipher text, your specified expiration time, the time submitted and the unique identifier assigned to your paste. Your user agent string or IP address is never kept with your paste.
Is there a limit to the amount of content?
Plain text submissions are currently limited to 16,777,215 characters. More than enough to hold the longest novel ever as declared by the Guinness Book of World Records.
What was revised in the last major update?
The front-end was given a facelift with a cleaner, more intuitive and responsive design as was the decision to use SJCL as the default cryptographic library, due to its continual development and proven reliability.
Older pastes will continue using the former library for decryption, having been kept for backwards compatibility. The back-end was also overhauled to ensure that it remains secure and constant with the latest changes in security standards and software.
I misplaced my password, is my content recoverable?
No, nor is it meant to be. Your plain text and password are never submitted, what you see when viewing your paste is the only information kept.
What if someone submits harmful content?
Only those with the password will know, otherwise that paste is nothing more than garbled characters until decrypted. Contact us if you believe a paste may contain harmful content, ensuring that you provide the password in order for us to fulfil your request.
Have you considered going open source?
Yes, perhaps at a later date after improving code readability and providing written documentation. Client-side code is already open to inspect by nature.
What can I do to support CryptoBin?
Using and promoting CryptoBin is the best possible way to support us. Should you be kind enough to donate, Bitcoin is now accepted at the addresses on the bottom of the page. Donations help us fund the costs associated with running and maintenance, without the need for advertisements.
