The idea was simple, I wanted to “store and share a message”, so that:
1. anyone with knowledge of two pieces of information can retrieve and decrypt the secret message
2. the password should not be stored on the database
3. the message should not be stored on the database
4. even if the database gets compromised one should not be able to decrypt the messages
5. save and retrieve quickly your message
6. not have to register to use the service

so we created “SecureMessages” an web based application, to exchange, securely, messages between any party.

We are using the Blowfish algorithm with CTR cipher mode for the encryption of the message, the ciphertext is the being stored on our server along with the SHA-512 digest of the password the user chooses.

The plain password is not saved in the server, is not even transmitted to us – actually it never leaves your browser. Any party who wants to read your secure messages needs to know a) “your token” and b) “your password” – in a similar way the decryption part is taking part again on your browser, nothing gets exposed.

The password you are setting it up at the time you are saving your secret message, the token gets generated by the server side code once your ciphertext message get successfully stored on the database.

Read more at: http://www.secuid0.net/smessages/help.php

by