[nickmerwin]

We built something very similar a couple years ago except all encryption/decryption is done broswer side, so no keys are ever sent through our server. Also, it uses actual tweets as opposed to DM's.

http://cryptwit.com

You can see an example here:

http://cryptwit.com/decrypt

Enter "yickster", then passphrase "hackernews"

[dhx]

Users need to verify the source code to cryptwit.com on every single page load to ensure that the "client side" code is not leaking the key/plaintext. There are many highly creative methods for leaking this information that would pass unnoticed through a quick code review. For this reason (amongst numerous others) the site is useless at best and harmful at worst (false sense of security for unsuspecting users).