Hacker News new | ask | show | jobs
by Edd314159 432 days ago
It has to, how would it deliver the password to the URL’s recipient otherwise?

I suppose to keep it fully stateless you could encode the password in the URL itself somehow, but then that would defeat the purpose of not having the secret hang around in perpetuity.
1 comments
bn-usd-mistake 432 days ago
Encrypt password with a given key, send that to the server. Include the key in the `#fragment` of the URL to Share.
link
Edd314159 432 days ago
Oh I was just talking about the “transmitting to the server _at all_” part, but yeah some end-to-end encryption would be nice.
link