privacyguides
/
privacytools.io
Archived
1
0
Fork 0
Code Issues 304 Pull Requests 47 Activity

🆕 Software Suggestion | Hat.sh #1056

New Issue
Closed
opened 2019-07-25 19:10:44 +00:00 by sh-dv · 15 comments
sh-dv commented 2019-07-25 19:10:44 +00:00 (Migrated from github.com)
Copy Link

Basic Information

Name: Hat.sh
Category: File Encryption - (AES-256)
URL : https://github.com/sh-dv/hat.sh or https://hat.sh

Description

hat.sh is a javascript app that provides secure file encryption using the AES-256-GCM algorithm in your browser.

It's fast, secure and Serverless, the app never uploads the files to the server.
in a small amount of code the app can encrypt any type of files at any size within seconds.
free and available in browser + windows/mac/linux.

## Basic Information Name: **Hat.sh** Category: **File Encryption** - (AES-256) URL : **[https://github.com/sh-dv/hat.sh](https://github.com/sh-dv/hat.sh)** or **[https://hat.sh](https://hat.sh)** ## Description hat.sh is a javascript app that provides secure file encryption using the AES-256-GCM algorithm in your browser. It's fast, secure and Serverless, the app never uploads the files to the server. in a small amount of code the app can encrypt any type of files at any size within seconds. free and available in browser + windows/mac/linux.
nitrohorse commented 2019-07-26 02:17:22 +00:00 (Migrated from github.com)
Copy Link

Hey @sh-dv, just wondering why you closed the previous issue?

Hey @sh-dv, just wondering why you closed the [previous issue](https://github.com/privacytoolsIO/privacytools.io/issues/1037)?
sh-dv commented 2019-07-27 20:45:33 +00:00 (Migrated from github.com)
Copy Link

@nitrohorse yes , sure , it's my first time opening an issue on github and apparently i didn't know what i was doing. Sorry.

@nitrohorse yes , sure , it's my first time opening an issue on github and apparently i didn't know what i was doing. Sorry.
👍 1
blacklight447 commented 2019-08-09 12:08:20 +00:00 (Migrated from github.com)
Copy Link

Question, is there anything preventing the admins of Hat.sh from inserting backdoored JavaScript when loading the webpage?

Question, is there anything preventing the admins of Hat.sh from inserting backdoored JavaScript when loading the webpage?
sh-dv commented 2019-08-09 18:24:01 +00:00 (Migrated from github.com)
Copy Link

1.the app site is served statically directly from the github repository (sync)
2.the app is not linked to any 3rd party sites or scripts , it runs only on the bundled js file.(source and requirements are seen in the repo)
3.there is no connection to any network or server by any means , nothing is logged , nothing is saved , even in localstorage or cookies , we don't even run an analytics script.
4.there is no server side language in the app, everything runs locally.
5.everything can be checked from the developer tools .
6.my love and respect for privacy and crypto prevents me from doing such things.

-thank you for your question.

1.the app site is served statically directly from the github repository (sync) 2.the app is not linked to any 3rd party sites or scripts , it runs only on the bundled js file.(source and requirements are seen in the repo) 3.there is no connection to any network or server by any means , nothing is logged , nothing is saved , even in localstorage or cookies , we don't even run an analytics script. 4.there is no server side language in the app, everything runs locally. 5.everything can be checked from the developer tools . 6.my love and respect for privacy and crypto prevents me from doing such things. -thank you for your question.
blacklight447 commented 2019-08-09 18:27:30 +00:00 (Migrated from github.com)
Copy Link

My point is, if you were to turn bad and tried to backdoor it, could you give specific users bad versions when they visit your website.

My point is, if you were to turn bad and tried to backdoor it, could you give specific users bad versions when they visit your website.
sh-dv commented 2019-08-09 18:29:18 +00:00 (Migrated from github.com)
Copy Link

no.

no.
👍 1
blacklight447 commented 2019-08-10 10:15:14 +00:00 (Migrated from github.com)
Copy Link

Ive tested it out and works pretty smoothly, also using Wireshark, it seems like no communication is made with their web server once the webpage is loaded, which indicates everything does really stay inside the browser. I propose adding it as worth mentioning under the file encryption section.

Ive tested it out and works pretty smoothly, also using Wireshark, it seems like no communication is made with their web server once the webpage is loaded, which indicates everything does really stay inside the browser. I propose adding it as worth mentioning under the file encryption section.
👍 1 😆 1
TNTBOMBOM commented 2019-08-12 06:01:16 +00:00 (Migrated from github.com)
Copy Link

It doesnt work with Tor Browser with safest security (mean No JS) , JS is needed to make this operation. Well JS services are the worst for security.

Suggestion: (if there is no way to get rid of JS)

libre your JS of the website by using these instructions:

https://www.fsf.org/campaigns/freejs

otherwise sorry but your service doesnt add anything new to security.

It doesnt work with Tor Browser with safest security (mean No JS) , JS is needed to make this operation. Well JS services are the worst for security. Suggestion: (if there is no way to get rid of JS) libre your JS of the website by using these instructions: https://www.fsf.org/campaigns/freejs otherwise sorry but your service doesnt add anything new to security.
blacklight447 commented 2019-08-12 22:18:49 +00:00 (Migrated from github.com)
Copy Link

Tntbombom, will I appreciate that you think of the tor browser users among us, you should note that there are people with much lower threat models, and easy to use web based tools like these could really help them out.

Tntbombom, will I appreciate that you think of the tor browser users among us, you should note that there are people with much lower threat models, and easy to use web based tools like these could really help them out.
👍 2
TNTBOMBOM commented 2019-08-13 03:17:16 +00:00 (Migrated from github.com)
Copy Link

its not about me , its about JS. allowing JS services into userspace is not real ideal security.

like i said , if there is no way but to use JS ok fine but use open source libraries. (same as what invidio.us done)

its not about me , its about JS. allowing JS services into userspace is not real ideal security. like i said , if there is no way but to use JS ok fine but use open source libraries. (same as what invidio.us done)
sh-dv commented 2019-08-14 10:06:09 +00:00 (Migrated from github.com)
Copy Link

every line of js code in the app is opensource.
the app itself : https://github.com/sh-dv/hat.sh
password strength estimation : https://github.com/dropbox/zxcvbn
layout and design UI : bootstrap and fontawesome (icons)

every line of js code in the app is opensource. the app itself : [https://github.com/sh-dv/hat.sh](https://github.com/sh-dv/hat.sh) password strength estimation : [https://github.com/dropbox/zxcvbn](https://github.com/dropbox/zxcvbn) layout and design UI : [bootstrap](https://github.com/twbs/bootstrap) and [fontawesome (icons)](https://github.com/FortAwesome/Font-Awesome)
👍 1
TNTBOMBOM commented 2019-08-14 13:46:26 +00:00 (Migrated from github.com)
Copy Link

in this page:

https://hat.sh/bundle.js

either proprietary/unlicensed can you check?

btw you can check your website JS easily using libreJS extension.

after completing the process (whether removing,replacing,checking the used JS license) list all JS used in the website with their licenses e.g same as invidious done:

https://invidio.us/licenses

by finishing this your website respect users privacy :) . ThX!

in this page: https://hat.sh/bundle.js either proprietary/unlicensed can you check? btw you can check your website JS easily using [libreJS](https://addons.mozilla.org/en-US/firefox/addon/librejs/?src=search) extension. after completing the process (whether removing,replacing,checking the used JS license) list all JS used in the website with their licenses e.g same as invidious done: https://invidio.us/licenses by finishing this your website respect users privacy :) . ThX!
sh-dv commented 2019-08-14 15:25:31 +00:00 (Migrated from github.com)
Copy Link

thank you.
the Bundle.js file is the file that cointains all the javascript codes put in one file, which are required in the app.js file in the top lines :

  1. bootstrap
  2. jquery
  3. popperjs (comes with bootstrap)
  4. zxcvbn
  5. the app js code

all these 5 are bundled in one js file called "bundle.js"
and i did as you said and listed them here : https://hat.sh/licenses.html

thanks.

thank you. the Bundle.js file is the file that cointains all the javascript codes put in one file, which are required in the [app.js](https://github.com/sh-dv/hat.sh/blob/master/src/js/app.js) file in the top lines : 1. bootstrap 2. jquery 3. popperjs (comes with bootstrap) 4. zxcvbn 5. the app js code all these 5 are bundled in one js file called "bundle.js" and i did as you said and listed them here : [https://hat.sh/licenses.html](https://hat.sh/licenses.html) thanks.
👍 2
nitrohorse commented 2019-08-14 16:08:04 +00:00 (Migrated from github.com)
Copy Link

...easy to use web based tools like these could really help them out.

I agree; I think this would be good to include. It works well, has good documentation, and can be used offline which is really helpful.

> ...easy to use web based tools like these could really help them out. I agree; I think this would be good to include. It works well, has good documentation, and can be used offline which is really helpful.
TNTBOMBOM commented 2019-08-15 03:44:04 +00:00 (Migrated from github.com)
Copy Link

Thank you! although you have done all needed processes. One thing kept which is that AES-GCM is not ultimate which is secure as someone would just blindly using it, it has flaws like uses weak keys (GMAC) , needs uniqueness of IV.... Thus needs to be operated correctly.

Ref:

Note: This is just a side note not sure if there is any improvements to be added.

Thank you! although you have done all needed processes. One thing kept which is that AES-GCM is not ultimate which is secure as someone would just blindly using it, it has flaws like uses weak keys (GMAC) , needs uniqueness of IV.... Thus needs to be operated correctly. Ref: - https://security.stackexchange.com/questions/184305/why-would-i-ever-use-aes-256-cbc-if-aes-256-gcm-is-more-secure - https://en.wikipedia.org/wiki/Weak_key#List_of_algorithms_with_weak_keys - https://en.wikipedia.org/wiki/Galois/Counter_Mode#Security Note: This is just a side note not sure if there is any improvements to be added.
This repo is archived. You cannot comment on issues.
No Branch/Tag Specified
Branches Tags
master
dependabot/bundler/nokogiri-1.13.6
dependabot/bundler/addressable-2.8.0
freddy-m-patch-3
pr-add_RemoveMyPhone_sponsor
pr-browser_cleanup_1257_1328_1430
freddy-m-patch-2
freddy-m-patch-1
pr-vpn_hated_one_video
cdn
update-nitrohorse-image
promote-metager-to-card
hardware
pr-add_azirevpn
pr-add_mailfence
shop
1673
pr/1658
i18n-simple
sponsorship-edits-nov2019
i18n
ipfs
blacklight447-ptio-patch-3
blog
remove-windows-icons
pr/1147
i18n-testing
add-beautify
Labels
Clear labels   
🔍🤖 Search Engines

   
approved

approved, waiting for a PR

  
dependencies

Pull requests that update a dependency file

  
duplicate

   
feedback wanted

   
high priority

   
I2P

The Invisible Internet Project (I2P)

  
iOS

   
low priority

   
OS

Operating Systems

  
Self-contained networks

   
Social media

   
stale

A label for stalebot if it gets added

  
streaming

Anything related to media streaming.

  
todo

   
Tor

Anything covering the Tor network

  
WIP

active work in progress, do not merge or PR (yet)!

  
wontfix

Issues or bugs that will not be fixed and/or do not have significant impact on the project.

  
XMPP

Extensible Messaging and Presence Protocol

  
[m]

Matrix protocol

  
₿ cryptocurrency

   
ℹ️ help wanted

   
↔️ file sharing

   
⚙️ web extensions

Browser Extension related issues

  
enhancement

   
software removal

   
💬 discussion

   
🤖 Android

   
🐛 bug

   
💢 conflicting

   
📝 correction

Correction of content on the website

  
🆘 critical

   
📧 email

   
🔒 file encryption

   
📁 file storage

   
🦊 Firefox

Firefox & forks, about:config etc.

  
💻 hardware

   
🌐 hosting

   
🏠 housekeeping

Anything primarily related to site cleanup.

  
🔐 password managers

   
🧰 productivity tools

   
🔎 research required

   
🌐 Social News Aggregators

   
🆕 software suggestion

   
👥 team chat

   
🔒 VPN

Virtual Private Network

  
🌐 website issue

*Technical* issues with the website.

  
🚫 Windows

   
👁️ browsers

   
🖊️ digital notebooks

   
🗄️ DNS

Domain Name System

  
🗨️ instant messaging (im)

   
🇦🇶 translations

Anything covering a translated version of the site

No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
enhancement
software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
1 Participants
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: privacyguides/privacytools.io#1056
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?