Support #BlackLivesMatter and the Equal Justice Initiative.

Share your secrets securely

1time.pw it's like snapchat for secrets. Need to send a password? Love Note? Haiku? This is the place.


About

1time.pw is a simple tool for securely share passwords, message, and other text. Message self destruct after its specified expiration time. Messages are never sent to the server. Encryption is done completely client side. In order to enforce the expiration time, the encryption key is stored on the server. The actual encrypted message is stored in the URL.


Note that this service is not intended to store large amounts of data (only short messages such as passwords). As URL lengths are often limited, you may only have up to 2k characters in certain browsers. You should use other forms of encryption for anything super sensitive or larger in size.

How it works?

Technical Details

Encryption:

  • A random encryption key is generated on the client side.
  • Your message is encrypted with the randomly generated key (and your password if specified)
  • The client hashes the encrypted message.
  • The client sends both the hash and the encryption key to the server for storage.
  • At this point, you may share the encrypted message.

Decryption:

  • The client hashes the encrypted message.
  • The client sends the hash to the server and gets back the encryption key.
  • The client decrypts the message.

Security Specifics

We use AES for encryption and SHA-256 for hashing. The server uses a simple Redis store for mapping the hashes to encryption keys. Expiration is done using the native Redis expiration feature.

Analytics and Adverts

A quick note on analytics and advertisements. It is our promise that we will never serve ads, or collect your data.

We do however use a very minimal version of Google Analytics call Minimal Google Analytics Snippet. We only use it to keep a record of how many people view the site. This helps us plan for scalability