Security Model
Understanding how Pass It Around protects your secrets, and what its limitations are.
Encryption
All encryption and decryption happens in your browser using the Web Crypto API, which is built into every modern browser.
| Property | Details |
|---|---|
| Algorithm | AES-256-GCM (authenticated encryption) |
| Key derivation | PBKDF2 with 600,000 iterations (when a password is used) |
| Key size | 256 bits |
| IV (nonce) | Random 12 bytes per chunk |
| Chunked encryption | Large files are encrypted in 1 MB chunks, each with its own IV |
What the Server Knows vs. Does Not Know
| Server knows | Server does NOT know |
|---|---|
| An encrypted blob was stored | What the secret says |
| The size of the encrypted data | Whether it is text or a file (encrypted identically) |
| When the secret was created | The encryption key |
| When the secret expires | The password (only a hash of a hash is stored) |
| How many views remain | File names or file types |
| Whether a password is set (yes/no) | Who created or viewed the secret |
How the Key Stays Private
The encryption key is placed in the URL fragment (the part after the # symbol). By design, browsers never send URL fragments to servers. When you share a link like:
https://example.com/#/s/abc123/secretKeyHereThe server only receives a request for /. The #/s/abc123/secretKeyHere part stays entirely in the browser. This is a fundamental property of how URLs work, enforced by all browsers.
Password Protection
When you set a password, Pass It Around uses double hashing:
- Your browser hashes the password using PBKDF2 (600,000 iterations) to derive an encryption key and a password hash.
- The password hash is sent to the server, which hashes it again (SHA-256) before storing it.
- To retrieve the secret, the recipient's browser performs the same PBKDF2 derivation and sends the hash to the server for verification.
This means even if the server's storage is compromised, the attacker gets a hash of a hash, which cannot be used to derive the encryption key.
Rate Limiting
The server enforces rate limiting on password attempts to prevent brute-force attacks. After several failed password attempts, further attempts are temporarily blocked.
Passkey Encryption for Stored Links
When you store secret links in local storage (via "My Items") or save notification URLs (via "Remember notification settings"), that data contains sensitive information. To protect against someone with physical access to your browser reading it, you can enable passkey encryption.
This uses the WebAuthn PRF extension to derive an AES-256-GCM key from your device's passkey (biometric, security key, or PIN). The derived key encrypts stored link fields and saved notification URLs in local storage. The key itself is held in JavaScript memory only and is cleared when you lock or close the tab.
See Tracking Your Items for setup instructions.
What Pass It Around Does NOT Protect Against
Compromised Browser or Device
If your device or browser is compromised (malware, keyloggers, malicious browser extensions), the attacker can see your secrets before they are encrypted or after they are decrypted. Pass It Around cannot protect against a compromised endpoint.
Compromised Server Serving Malicious JavaScript
Since the app's JavaScript runs in your browser, you are trusting the server to serve honest code. A compromised server could theoretically serve modified JavaScript that exfiltrates your secrets. This is a limitation of all web-based encryption tools. To mitigate this, you can self-host your own instance.
Link Interception
If someone intercepts the share link (which contains the decryption key), they can decrypt the secret. Using a password adds a second layer that the interceptor would not have. Always consider the security of the channel you use to share links.
Network-Level Metadata
While the secret content is encrypted, an observer can still see that you are using Pass It Around and roughly how much data you are exchanging. Use a VPN or Tor if this metadata is a concern.
Best Practices
- Use a password for sensitive secrets, and send the password through a different channel than the link.
- Set max views to 1 for the most sensitive secrets, so they are automatically deleted after being read.
- Use short lifetimes for highly sensitive data. A 1-hour lifetime limits the window of exposure.
- Self-host to eliminate trust in a third-party server.
- Use multi-link instead of high view counts when sharing with multiple people.
- Verify the URL in your browser's address bar before entering any secrets, to ensure you are on the correct instance.