Security Architecture
A technical deep dive into how GhostPaste keeps your code private
Zero-Knowledge Architecture
GhostPaste implements true zero-knowledge encryption. This means we have zero ability to access your plaintext data, zero knowledge of your encryption keys, and zero way to comply with requests to decrypt your data.
What You Can See
- Your original code and files
- The encryption/decryption key
- When and how to share
- Complete control over your data
What We Can't See
- Your unencrypted code
- Your encryption keys
- What your paste contains
- Who you share with
Encryption Implementation
Encryption Flow
Key Generation
A cryptographically secure random 256-bit key is generated using crypto.getRandomValues()
Client-Side Encryption
Your data is encrypted using AES-256-GCM with a unique IV for each encryption
Binary Format
Encrypted data is packed into a custom binary format with version info and file metadata. Enforces limits: 500KB/file, 5MB total, 20 files max
Server Storage
Only the encrypted blob is sent to and stored on our servers
Key in URL Fragment
The encryption key is placed in the URL fragment (after #) which never reaches any server
Cryptographic Details
- Encryption Algorithm
- AES-256-GCM (Galois/Counter Mode)
- Key Size
- 256 bits (32 bytes)
- IV Size
- 96 bits (12 bytes) - unique per encryption
- Auth Tag Size
- 128 bits (16 bytes)
Infrastructure Security
- Hosting
- Cloudflare Workers (Edge Computing)
- Storage
- Cloudflare R2 (S3-compatible)
- Transport
- TLS 1.3+ enforced
- DDoS Protection
- Cloudflare automatic protection
- Data Residency
- Global edge locations
Password Protection & Authentication
GhostPaste offers optional password protection for your gists, allowing you to control who can edit or delete them. This feature uses industry-standard password hashing to ensure your password remains secure even if our servers are compromised.
How Password Protection Works
Password Creation
When you set a password, it's sent securely to our server where it's immediately hashed using PBKDF2-SHA256 with 100,000 iterations and a random salt
Secure Storage
Only the hash and salt are stored in our database. Your original password is discarded immediately after hashing
Edit Verification
When editing, your password is sent to the server where it's re-hashed with the same salt and compared against the stored hash
Zero Knowledge
We can verify your password without ever knowing what it is, maintaining zero-knowledge principles
Hashing Specifications
- Algorithm
- PBKDF2 with SHA-256
- Iterations
- 100,000 (OWASP recommended minimum)
- Salt Size
- 128 bits (16 bytes) of cryptographically secure random data
- Hash Output
- 256 bits (32 bytes)
- Password Requirements
- 4-20 characters with at least one letter and one number
Security Benefits
- Brute-force resistance: 100,000 iterations make cracking computationally expensive
- Rainbow table protection: Unique salts prevent precomputed attacks
- Server compromise safety: Even if hashes leak, passwords remain protected
- Zero-knowledge: We never see or store your actual password
- Timing attack protection: Constant-time comparison prevents timing-based attacks
Password Best Practices
Use a unique password not used elsewhere
Consider longer passwords for sensitive data
Include numbers, letters, and symbols
Avoid common patterns (1234, password)
Don't reuse passwords from other services
Remember: password protects edits, not viewing
Data Retention & Cleanup
Automatic Expiration
- All gists have mandatory expiration times (default: 7 days)
- Encrypted data is permanently deleted after expiration
- No data recovery possible after expiration
- Metadata (size, timestamp) is also purged
View-Once Security
- Gist is immediately deleted after first view
- Perfect for sharing sensitive credentials
- Prevents accidental re-access
- Link becomes permanently invalid
Security Guarantees
End-to-End Encryption
Data is encrypted before leaving your browser and decrypted only in the recipient's browser
Forward Secrecy
Each paste uses a unique encryption key that's never reused
Authenticated Encryption
GCM mode ensures data integrity and authenticity
Browser Security & Privacy
What's Encrypted
- All file contents and code
- File names and descriptions
- Programming language information
- Number of files in gist
Visible Metadata
- Gist ID and creation timestamp
- Expiration time and view-once status
- Encrypted blob size (but not content size)
- Whether password protection is enabled
Browser Requirements
Modern browser with Web Crypto API support
JavaScript enabled for encryption/decryption
HTTPS required (enforced automatically)
Chrome 37+, Firefox 34+, Safari 11+
Mobile browsers with crypto support
Internet Explorer not supported
Threat Model
What We Protect Against
Server compromise - encrypted data remains secure
Network eavesdropping - TLS + client encryption
Legal requests - we cannot decrypt your data
Data breaches - only encrypted blobs exposed
Replay attacks - unique IVs and auth tags
Tampering - GCM authentication detects changes
Limitations
Compromised device: If your device is compromised, attackers can access decrypted data
Phishing: Always verify you're on ghostpaste.dev before entering passwords
Link sharing: Anyone with the complete link can decrypt - share carefully
Browser security: We rely on browser's WebCrypto implementation
Trust, but Verify
Don't just take our word for it. GhostPaste is fully open source, allowing you to:
Audit the Code
- • Review our encryption implementation
- • Verify no backdoors or data collection
- • Check for security vulnerabilities
- • Ensure keys stay client-side
Run Your Own Instance
- • Deploy to your own infrastructure
- • Control your data completely
- • Customize for your needs
- • Perfect for sensitive environments
Security Disclosure
Found a security vulnerability? We appreciate responsible disclosure.
Please review our security policy for responsible disclosure guidelines:
View Security PolicyWe'll acknowledge your report within 48 hours and work with you to understand and resolve the issue quickly.
Security Through Transparency
Our code is open, our encryption is proven, and your data remains yours.