Frequently asked questions
What is Cryptobin?
Cryptobin is a secure pastebin service, based on an original project dating back to 2005. After becoming aware that such a service did not exist for the general public, the project was rewritten and launched publicly in May 2011. Cryptobin has undergone two major updates since its release, the first in January 2015 and most recently in March 2020.
How does it work?
Plain text is encrypted into cipher text using AES with a 256-bit key. This key is derived from a password specified by you, or generated using our secure password generator in your browser. Once submitted, the encrypted cipher text is transmitted securely to Cryptobin and assigned a unique identifier, forming part of the shareable link used to access the paste.
Upon accessing the paste link, the encrypted cipher text is retrieved from Cryptobin and when provided with the correct password, decrypted into the original plain text. This allows for the link to be shared over a public or unsecure connection safely, remaining encrypted and unreadable even if the transmission is intercepted.
Only those provided with the password at your discretion will be able to access the original content.
How secure is my content?
Your plain text and password are never transmitted, all cryptographic functionality takes place client-side in your browser prior to submission. Only your encrypted plain text or cipher text is transmitted between your browser and Cryptobin. SSL is also enforced with validation of our certificate available here.
Cryptobin is included in Google Chrome's HSTS preload list, which is further included in preload lists used by Firefox and Safari. Other external appraisals of our security polices are available from Mozilla Observatory and SecurityHeaders.
What information is retained?
Cryptobin stores your encrypted cipher text, specified expiration time, the time submitted and the unique identifier assigned to your paste. Your IP address and user agent string are never retained with your paste.
Is there a limit to the amount of content?
Plain text submissions are currently limited to 16,777,215 characters. More than enough to hold the longest novel ever as declared by the Guinness Book of World Records.
What was revised in the last major update?
The user interface was overhauled with a cleaner, more intuitive and responsive design. Prior to that, the transition was made to SJCL as the default cryptographic library due to its proven compliance and reliability. Legacy pastes will continue using the former library during decryption for backwards compatibility.
The back-end was also updated to ensure that it remains secure and constant with the latest changes in security standards and software.
I misplaced my password, is my content recoverable?
No, that is the point. Your plain text and password are never submitted beyond your browser to Cryptobin. If the password is misplaced, the original content is gone forever.
What if someone submits harmful content?
Contact us if you believe a paste may contain harmful content. Keep in mind that all pastes in our databse are entirely unreadable due to encipherment. As such, please ensure that the correct password is provided along with the link when submitting a removal request.
Have you considered going open source?
Client-side code is open and welcome to inspect should you wish to conduct your own security evaluation prior to use.
My question was not answered here.
Visit our Support page.