[tatersolid]

Simple, yes.

Secure, not so much.

Saying “I used encryption” doesn’t make it secure; password distribution is a key management problem which is not solved by encryption.

Your secret is stored in a DB you don’t own, and the encryption keys are on a random third party’s servers.

No way to verify anything is actually deleted.

Email filters will visit the links if you send the URL via email, further exposing the password.

Even if sharing a limited-time “reset” password that is forced to be changed immediately there are tons of simpler and more secure options for distribution.

I don’t know what scenarios this is useful for in the real world, but I certainly don’t advise using it for anything even approaching important.

[jc_sec]

Hi, author here...

Firstly, this project is open source. If you suspicious of where the data is being stored or my intentions, you are free to fork and run it yourself.

That being said.. I am not claiming to have achieved some novel security accomplishment. Yes, this is a simple symmetric encryption using a vetted crypto lib, backed by a key value store, and using UUID4 to generate the links.

Its a trade of for convenience and security. It's better than emailing passwords in plaintext and makes security more accessible to folks who dont have the time/incinlination/technical ability to set up keybase and/or estbalish PKI for sharing secrets.

Understand the audience this is targeting..

[tatersolid]

> It's better than emailing passwords in plaintext

How exactly? The link is completely equivalent to the password from a security perspective. The whole system adds zero security over sending the password in clear text.

At $dayjob we have the help desk staff give initial passwords on a small card in person, and the system forces a change on first use.

For remote users the help desk uses a voice call, calling the user on a number provided by HR, and asking a few questions before giving the initial password.

This system is not uncommon and has been used by organizations for decades without being a commonly exploited vulnerability. It is more secure than pass.sh as it adds physical or at least weak verbal authentication. It is also much simpler, requiring no trusted third parties, and does not expose the secrets on the Internet at all.

[jc_sec]

Lol, its not equivalent because its a link that deletes itself automatically after X days and X views. In a scenario where an email/slack/etc account becomes compromised down the road a password sent in plaintext is immediately compromised where as a password shared with pass.sh has expired and is no longer a valid link.

If you cant understand the very basic security control there then I really can't help you. You sound like someone who has been stuck in IT too long.

You are kidding yourself if you think relying on over a support agent to verify identity is better than the solution here. Humans are inherently fallable as social engineering has proven time and again.