CryptoBin is a secure pastebin service, launched publicly in May 2011. CryptoBin was originally based on a privately used project, circa 2005 before realisations that such a service was inexistent for the general public. CryptoBin was rewritten just prior to launch before another major update in January 2015.
Submitted plain text is first encrypted into cipher text using AES with a 256-bit key. This key is derived from a password that you may either specify or have generated. The encrypted cipher text is then sent securely to CryptoBin and assigned a unique identifier, forming part of the link used to access the paste.
From that link the encrypted cipher text is sent securely back from CryptoBin and after entering the password, decrypted into the original plain text. This allows you to share the link over an unsecure connection without anyone being able to read your content unless provided with the password by you.
Your plain text and password are never transmitted, all cryptographic functionality takes place client-side in your browser prior to submission. Only your encrypted plain text or cipher text is transmitted between you and CryptoBin, achieved securely using SSL with validation of our certificate is available here.
CryptoBin keeps your encrypted cipher text, your specified expiration time, the time submitted and the unique identifier assigned to your paste. Your user agent string or IP address is never kept with your paste.
Plain text submissions are currently limited to 16,777,215 characters. More than enough to hold the longest novel ever as declared by the Guinness Book of World Records.
The front-end was given a facelift with a cleaner, more intuitive and responsive design as was the decision to use SJCL as the default cryptographic library, due to its continual development and proven reliability.
Older pastes will continue using the former library for decryption, having been kept for backwards compatibility. The back-end was also overhauled to ensure that it remains secure and constant with the latest changes in security standards and software.
No, nor is it meant to be. Your plain text and password are never submitted, what you see when viewing your paste is the only information kept.
Only those with the password will know, otherwise that paste is nothing more than garbled characters until decrypted. Contact us if you believe a paste may contain harmful content, ensuring that you provide the password in order for us to fulfil your request.
Yes, perhaps at a later date after improving code readability and providing written documentation. Client-side code is already open to inspect by nature.
Using and promoting CryptoBin is the best possible way to support us. Should you be kind enough to donate, Bitcoin is now accepted at the addresses on the bottom of the page. Donations help us fund the costs associated with running and maintenance, without the need for advertisements.
Visit our contact page.