Is the content safe contains within a long URL, without any password to open this URL?

[rockman413]

Describe the problem/question

Hi there,
Can someone try all kinds of combination of letters as the URL to open every possible PrivateBin pastes?
My friend send me a long URL of PrivateBin privately, when I click the link it doesn't require a password to open it.
Is the content within safe? Technically only my friend and I have it but I assume anyone can "crawl" out a workable URL and get the content inside a working URL?

Did you use the FAQ section?

• Yes, I have read the FAQ and I found no solution/answer there.

What you did?

...

What happens

No response

What should happen

No response

Additional information

No response

Server address

No response

Server OS

No response

Webserver

No response

PrivateBin version

No response

Browser and version

No response

Local operating system and version

No response

Issue reproducibility

No, I cannot reproduce it on https://privatebin.net.

[elrido]

See also: https://sebsauvage.net/wiki/doku.php?id=php:zerobin#how_does_it_work

In short, that long URL contains two pieces:

1. identifier - 8 bytes long
2. key - 32 bytes long

The identifier is a Fowler–Noll–Vo 1a hash of the submitted paste (used to be md5, which was controversial/misleading). It only serves to avoid that the same content is uploaded twice (at the same time). If a paste with the same hash already exists, it is rejected. It is only 8 bytes long, so with "only" 2^64 requests, all possible pastes of an instance can be retrieved. This is not impossible, but would likely take many years if not parallelized massively. Such an operation would likely trip up any DDoS protections of the providers that host your instance and get blocked on that end.

But the pastes stored / retrieved contain an encrypted payload. To actually decrypt & read the contents of that message, the key is required. It is a cryptographic random number, generated by the paste creator. Assuming no additional password is set and no weakness in AES being discovered, it could be "brute-forced", that is discovered by trial and error, by trying to decrypt the message at most 2^256 times. At this time we would assume that to take a very long time, longer than either of us will likely remain alive.

So to your question, "is the content safe": Your content should be hidden, as long as the URL is not shared/intercepted with/by unwanted parties. But the meta-data of the paste is not hidden - that includes the time of the paste creation, which IP created it, which IP accessed it and when, etc.

You can increase confidentiality by: Creating pastes as "burn-after-reading", so it can only be opened once and immediately gets deleted (less risk for third parties finding it by walking the identifiers), creating it with a password set or using a different tool / form of encrypted communication.

[rockman413]

I would sure hope so
---> Do you mean you would assume it's safe or it is the case (responding to my question of it should be 99.9% safe)

[elrido]

I can not provide you with a formal proof, amongst other things because I do not know the details of the inner workings of the other, proprietary services that you compare it to. I am also obviously biased towards this project, that I collaborate on.

I am under the assumption that our software is secure when used responsibly. The biggest risk, AFAIK, is not that anyone would guess your paste ID and learn about it that way, but rather that your link URL leaks, because it is transmitted via a method that turns out not to be secure enough or made public (on purpose or accidentally). I assume this to also apply to access-links for iCloud and Co. since they use similar mechanisms.

If anyone does find scenarios where this is not the case or has any suggestions on how to improve our softwares' design, I would hope these get disclosed to us or reported as an issue, so we can look into it and improve on it.

[rockman413]

Ah, understood. Thank you. Just to let you know I'm not asking for a formal proof~ I just want to understand how things work. That's why I said 99.9%, not 100% safe.

So in order to learn about this and similar cases( like iCloud or office 365 shared link), I understand as: multiple guess or try at different URL will likely trip DDns protection (or take years to try out successfully) so the PrivateBin link should be (like 99%, but of course not 100%) safe. Am I correct?

[rockman413]

Ah, understood. Thank you. Just to let you know I'm not asking for a formal proof~ I just want to understand how things work. That's why I said 99.9%, not 100% safe.

So in order to learn about this and similar cases( like iCloud or office 365 shared link), I understand as: multiple guess or try at different URL will likely trip DDns protection (or take years to try out successfully) so the PrivateBin link should be (like 99%, but of course not 100%) safe. Am I correct?

[rugk]

See also https://github.com/PrivateBin/PrivateBin/wiki/FAQ#if-i-use-privatebin-and-post-the-link-in-a-forum-in-social-media-etc-is-my-content-secure and https://github.com/PrivateBin/PrivateBin/wiki/FAQ#the-url-is-so-long-cant-i-just-use-an-url-shortener for why URL shortener are discouraged.

The TL;DR is: as long as the url you share is private, the content can be considered secure. If e.g. it is shared publicly in a forum or so, (and it is scraped or manually accessed by a human) obviously no magic can make it "secure".

Also you always have a way to set a password. But similarly to the url: if that is shared publicly or to all who know/have access to it, it is accessible by all of them.
After all, this is the aim of this project. Being a storage for information that can be shared/read by someone. Somehow someone needs to get access.

The URL can practically not be guessed, as explained before.

[rugk]

For a full more detailed security analysis, you can also have a look at our documented threat model: https://github.com/PrivateBin/PrivateBin/wiki/Threat-Model