1
0
mirror of https://github.com/Tygs/0bin.git synced 2023-08-10 21:13:00 +03:00
Go to file
2020-08-15 13:27:59 +02:00
docs Bumped python version in doc 2015-05-10 19:53:55 +02:00
tools Add https support for cli tool 2015-04-28 17:59:42 +02:00
zerobin Merge branch 'v2' of github.com:Tygs/0bin into v2 2020-08-15 13:27:59 +02:00
.editorconfig Bumping version, adding editor config file and a contribution section to the readme. 2014-06-22 11:00:05 +07:00
.gitignore Add delete paste 2020-08-11 16:37:03 +02:00
.pylintrc Add btc tip 2020-08-14 16:41:45 +02:00
compress.sh Update bundling machinery 2020-08-14 18:18:17 +02:00
LICENCE Add licence file 2020-08-12 16:52:47 +02:00
README.rst Edit README and setup.cfg for prod 2020-08-15 13:24:46 +02:00
requirements.txt Add paste title 2020-08-14 15:08:55 +02:00
screenshot.png Added screenshot and modified README 2012-05-01 21:18:32 +07:00
setup.cfg Edit README and setup.cfg for prod 2020-08-15 13:24:46 +02:00
setup.py Edit README and setup.cfg for prod 2020-08-15 13:24:46 +02:00

0bin: a client side encrypted pastebin
===========================================

0bin is a pastebin that encrypts the user content in the browsder and can run without a database.

* Try it: `0bin.net <http://0bin.net>`_
* `Report a bug <https://github.com/sametmax/0bin/issues>`_

0bin allows anybody to host a pastebin while welcoming any type of content to
be pasted in it. The idea is that one can (probably...) not be legally entitled
to `moderate the pastebin content`_ as they have no way to decrypt it.

It's an Python implementation of the `zerobin project`_, created by sebsauvage, under the `WTFPL licence`_.

For now tested with IE9, and the last opera, safari, chrome and FF.

There is a `good doc <http://readthedocs.org/docs/0bin/en/latest/>`_,
but in short::

    pip install zerobin
    zerobin

0bin runs on Python 3.7+.

How it works
=============

When creating the paste:

- the browser generates a random key;
- the pasted content is encrypted with this key using AES256;
- the encrypted pasted content is sent to the server;
- the browser receives the paste URL and adds the key in the URL hash (#).

When reading the paste:

- the browser makes the GET request to the paste URL;
- because the key is in the hash, the key is not part of the request;
- browser gets the encrypted content end decrypts it using the key;
- the pasted decrypted content is displayed and sourcecode is highlighted.

Key points:

- because the key is in the hash, the key is never sent to the server;
- therefore it won't appear in the server logs;
- all operations, including code coloration, happen on the client-side;
- the server is no more than a fancy recipient for the encrypted data.

Other features
======================

- automatic code coloration (no need to specify the language);
- pastebin expiration: 1 day, 1 month or never;
- burn after reading: the paste is destroyed after the first reading;
- clone paste: you can't edit a paste, but you can duplicate any of them;
- code upload: if a file is too big, you can upload it instead of using copy/paste;
- copy paste to clipboard in a click;
- own previous pastes history;
- reader mode;

Known issues
============

- 0bin uses several HTML5/CSS3 features that are not widely supported. In that case we handle the degradation as gracefully as we can.
- The pasted content size limit check is not accurate. It's just a safety net, so we think it's ok.


.. _moderate the pastebin content: http://www.zdnet.com/blog/security/pastebin-to-hunt-for-hacker-pastes-anonymous-cries-censorship/11336
.. _zerobin project: https://github.com/sebsauvage/ZeroBin/
.. _node.js: http://nodejs.org/
.. _is not worth it: http://stackoverflow.com/questions/201705/how-many-random-elements-before-md5-produces-collisions
.. _WTF licence: http://en.wikipedia.org/wiki/WTFPL

Contributing
=============

We cannot accept contributions for the moment, and will ignore PR.