This Link Will Self Destruct is an service wich you can use to send links to an private party. With the use of this service you are sure that the link is not shared or mis-used. You can place an password on the link and restrict the amount of clicks.
- Compact: Short URL. Ideal for sending over SMS and Twitter. Password recommended.
- Medium: Standard level of brute-force resistance to your Self-Destroying Hyperlinks.
- Secure: Long URL. Nearly impervious to brute-force attacks.
When someone accesses your SDH, the server will take 1 point away from the life of the hyperlink. When its life reaches 0, the file containing the hyperlink information will be shredded (learn more) from our server.
(Optional): You may also supply a password to your SDH. When users load the SDH in their web browser, they will be asked for the same password before they can continue to the destination URL. Supplying a password encrypts your destination URL.
- Pseudo-randomly generated self-destroying hyperlinks
- AES encryption for password-protected destination URLs
- Compact — 16 pseudorandom bytes (128 bits) are fed into an SHA1 hash, which is truncated.
- Medium — 20 pseudorandom bytes (160 bits) are fed into an SHA1 hash, which is truncated.
- Secure — 20 pseudorandom bytes (160 bits) plus another 20 random bytes (160 bits) are fed into an HMAC-SHA1 hash, which is NOT truncated.
The end result is a base-36 number preceded by the letter "u". For example, if you generate 1w8a2, then the URL you are provided is https://tlwsd.in/u1w8a2.
- The SHA-512 hash is taken of the password.
- The hash generated in step 1 is split in half. The first half is stored for hash-comparison. The second half is used as the encryption key.
- The SHA-256 hash is taken of the password.
- The password is encrypted with AES-256-CBC (IV = SHA256(password))
My reasoning for this is as follows: Since the SHA-512 hash is split in half, you end up with two 256-bit values that resulted from the same input but do not reveal the other's value. Combine this with a third 256-bit value (to use for an Initialization Vector) from the same input, and it becomes to possible to store a hash of the password while still having two more-or-less independent values for the key and IV for AES-256-CBC encryption.
Even if I were a malicious user, having SHA-512-Left does not give me SHA-512-Right, nor SHA-256 and especially not AES-256-CBC.
Line 1 is the number of times this link can be used again.
Line 2 is the stored hash of the user-supplied password.
Line 3 is the AES-encrypted URL.