One arrow hit two targets: Mozilla wants to share and want to encrypt the file
Mozilla has just launched a new service called Send, which allows users to create encrypted copies of a file on the device, store it on a remote server and share it with a recipient. Once shared, this encrypted data will also be deleted from the server.
Send solves the problem that is quite common, it is sending heavy files via email. Email services limit attachment sizes, and while many services continue to do so - such as Gmail with a maximum limit of 25MB - many names like Apple or Google have begun. Use the same service as iCloud or Drive to support the download of content.
However, Send offers an alternative solution for sharing files up to 1GB, content is encrypted and the interface is very simple.
Send is part of Mozilla's Test Pilot program to evaluate experimental features on the company's Firefox browser. However, it can also work on other modern browsers.
Send is based on Node.js code, followed by Redis database running on Amazon Web Services. After selecting the file, the software will encrypt the file on the client side, upload it to AWS and create the URL containing the decryption key that the user can share with the recipient.
'Every link sent will expire after one person has downloaded it or within 24 hours, all files sent will be automatically deleted from Send's server,' Mozilla explained.
The file will be deleted after someone downloads it or within 24 hours
Send based Web Cryptography JavaScript API with AES-GCM algorithm to encrypt and decrypt the client side. When asked if Mozilla could unlock the archived files, the company representative replied no.
Mozilla does not have the decryption key
'With Send, Mozilla will not be able to access the file users upload,' the company representative explained. 'A' fragment 'in the URL (the part after the # sign) contains an encryption key so the user can share it with others, but these fragments are not sent to the server when the user submits the request, so Mozilla will not get the key '.
Although this method can be secure, it is not perfect. AWS can recover deleted files or save them, the key can be returned from the log or messaging service that the user has sent it to the recipient.
Besides, it is still possible to improve security. Mozilla knows that the file name is sent as text, along with other information such as file size, that the company can use to evaluate the service. But the problem with the source code has been indicated on GitHub Issues, the current version of Send also sends the SHA256 hash code of the shared file as text, and it can be used to identify the file.
Responding to this, Mozilla engineer Danny Coates said that Send's security has been revised to reflect the hash function used and the code will be updated next week to remove the hash of the hash function.
'With the current functionality of the page, it is not necessary to send a hash function file as text, but we can test the feature that requires hashing of the file,' Coates said, 'it is used to test Check uploads from malicious databases'. It also needs to check the hash function related to the image or video that violates the law.
You should read it
- Mozilla released Firefox Send - a free encrypted file sharing service
- How to share files unlimitedly on Tresorit Send
- How to use Send Secure to share confidential files
- How to share files via QR codes on Fladrop
- How to use Firefox Send to share large files
- 7 self-destruct file sharing sites
- How to use Surge Send secure file sharing
- How to use CowTransfer to send unlimited self-destruct files
- How to transfer files quickly on Windows 10 with Near Share
- How to create file sharing links on Dropp.me
- Services of sending files, sharing large files via the Internet
- How to check what computer is sharing data
Maybe you are interested
TOP best free survival games 2022 The 5G concept on Android 11 will be more 'troublesome' than you might think Synthesis of shortcuts on Youtube very well Qualcomm unveiled the third-generation 5G Modem-RF system Snapdragon X60 Please download Last Survivor Diaries, the survival game about the zombie disaster, which is free Please download Live or Die: Zombie Survival Pro, the survival game is very good and is free