The "Your Links" section is the first and main section of the linkin.link site. The linkin.link site is your own generated link directory. The catalog is divided into groups and subgroups. All actions are kept to a minimum. Adding a link to the catalog means copying a new link into the input field and pressing the “add” button. Finish. All other actions are taken over by the linkin.link website. The link is checked for functionality. Corrected upon redirect. If necessary, cookies are broadcast between requests. For a link, its name is pumped out. And the final result is already placed in the directory.
The catalog has the broadest possibilities for customizing the display and management of added links.
For more details on the capabilities provided, see the current description in the “Links” section .
If you want your links not to be seen by site administrators. As well as users who, for one reason or another, went to the linkin.link site under your username - but who do not know the special password, then this section is for you.
The section on the functions provided is similar to the section “Your Links”. But links are stored encrypted on the server.
To do this, when a new link is added by the user, the link is encrypted on the client side (in the browser) and is transmitted and stored on the server side only in encrypted form.
When a user views links, downloaded encrypted links from the server are decrypted on the client side. Those. unencrypted data is only on the client side. On the server side - the data is only encrypted. Crypto operations occur only on the client side. The crypto key never leaves the client side.
Because the server does not access your links in the open form, then the "Encrypted links" section has some restrictions compared to the "Your links" section. For example, the server cannot download the title of the link or for the logo icon or screenshot of the site. This will have to be done manually.
Algorithm
AES256 CBC mode was chosen as a crypto algorithm. Today this crypto algorithm has no vulnerabilities and is accepted as a standard all over the world. Finding an
AES256 key will take approximately 3.31x10
56 years. time longer than the possible existence of the universe before thermal death. The
AES256 encryption algorithm is in the
aes256.js file
Description of the cryptosystem
When you first enter the
"Encrypted Links" section or after deleting the key, the next page is waiting for you.
This means that no key has been entered into the browser.
The user comes up with a crypto-key. The key can be any characters and be at least 10 characters long. Expandable to 32 bytes with SHA512. hashing. Further, the crypto-key is recorded on paper for storage. Or remembered by the user. Loss of the key threatens the inability to decrypt the data!
Next, the crypto key is entered into the browser. And the enter button is pressed. A key hash is generated and sent to the server. The key hash is the signature of your key. It identifies your key, but you cannot encrypt or decrypt data with it. It uses the modern SHA512. algorithm for hash. Further, depending on the current server mode, two scenarios are possible.
Server operating mode
The server can be in two modes:
- Key hash reception mode
- Work mode
If the hash of the key has never been saved on the server or the hash of the key has been deleted, then the server is in the mode of “accepting the hash of the key”. In this mode, the new received key hash is saved and the server goes into operational mode.
If the server is in working mode, the new received key hash is compared with the existing one. If the hashes match, a message is sent to the user that the key is valid. Otherwise, a message is sent that the entered key is invalid.
Why is this done?
It is a security system that prevents entering different keys on the client side and storing links with different keys. And as a result, the impossibility of subsequent decryption of the data. This system also works when saving links.
Key entered successfully
If a message is sent from the server that the key has been entered successfully, then the entered key is saved in the local memory of the browser, and the “Encrypted links” section will look like the “Your links” section. Those. you can save encrypted links.
The key is stored through javascript in the browser's local memory - the window.localStorage. object . This memory keeps the browser variables even after a reboot. Attention - if you choose to clear the browser cache or click the Exit button, the key will be erased from memory! To view encrypted links, you will need to re-enter and save the key to the local memory of the browser.
If the key on the server is changed in another browser, then there is a protective mechanism to prevent the saving of links encrypted with the old key. The hash of the current key is passed along with the link to the server. And if your passed hash does not match the one stored on the server, a warning will be displayed that the keys do not match!
To view encrypted links in another browser, you will also need to enter the key. If you want to change the key, in the user profile (link in the upper right corner in the form of a username or email) in the Encryption item, enter a new key and confirm the selection. All links will be downloaded to the browser - re-encrypted and uploaded back to the server.
Key generation
If you are too lazy to come up with a key - that is, a button for generating a random key in the form of a dice. When you click on the cube, a randomly generated line will be placed in the key entry field. However, such a key must be saved to a file or on paper. It is unlikely that you will remember this line. The cube can be pressed multiple times.