This release switches the used encryption and compression libraries and addresses several problems with mangled URLs and pastes.
We fixed several issues in this release. We now tell Chrome not to send the whole page, including the decrypted text, to it's translation services. Thanks to the use of blob instead of data URI's, Chrome can now deal with attachments larger then 2 MiB. The raw text mode escapes HTML correctly again (a regression introduced in 1.2). PrivateBin can now handle URLs mangled by Facebook.
Translations for Czech has been added since the last release.
We threat modeled the application in preparation for the changes in the API, JSON format and encryption.
The main change of this release was the switch from the SJCL and rawdeflate JavaScript libraries to the browser integrated WebCrypto API and zlib C library (via WebAssembly) as well as various modernizations of our use of JavaScript. We still fully support reading older pastes and comments, but newly generated pastes use a different, more efficient and flexible format. Some of these changes lead to us dropping the support for Internet Explorer and we suggest to use Edge instead, if no other modern browser is available (see Appendix A below).
The change to WebCrypto API means that the cryptographic functions are now handled by the browser integrated libraries instead of code that has to be transferred from the webserver to the client. While this can't prevent a malicious party to inject logic to extract the key or decrypted contents, it does increase the trust users can have in the cryptographic functionality of PrivateBin as well as speed up both initial page load as well as the en/decryption itself.
Over the years we encountered several cases where the deflate implementation used in the rawdeflate JavaScript library produced results that couldn't be decompressed by itself or other deflate implementation. While the latter mainly affected third-party CLI clients, the first lead to pastes that couldn't be read even by PrivateBin itself. We had initially planned to use the pako JavaScript library, but during implementation of the new format found that the zlib C library used in most other languages for deflate support can be used in JavaScript as well, via compilation into WebAssembly. This is a very stable library with no currently known bugs and even performs better then pako.
Server operators now have an additional configuration option that lets them disable compression. While the compression before encryption reduces the size of most text, source code, markdown pastes and text comments drastically, when having file upload enabled and mostly using an instance to share already compressed files (office documents, PNG or JPG images, etc.) this slows down the creation of the pastes unnecessarily and without gain. Furthermore some security minded administrators may wish to disable compression to avoid potential security risks that would make brute forcing keys easier for shorter, compressed pastes.
As usual we have also upgraded all used libraries to their latest releases. The identicon library now requires PHP 5.5, so this is the new minimum required PHP version.
Finally the newly used JSON format and API was taken as an opportunity to implement some, otherwise breaking, changes like the use of base58 for the hash key encoding instead of base64, which addresses the Outlook mail client stripping trailing equal signs from URLs. The number of iterations in the PBKDF2 key derivation got increased from 10k to 100k to make it more costly to brute force the password of a paste. The server now uses Fowler–Noll–Vo checksums instead of md5 to generate unique paste IDs.
Benefits of switching to the new release
Due to some rather annoying bugs in the raw paste view and with URLs mangled by Facebook and Outlook, we do recommend an upgrade on instances that are more widely used. While most users never encountered cases where the pastes got mangled in the deflate compression, users that frequently upload office documents and certain source code and compiler outputs would trigger this rather reliably. There are also several improvements that increase the security of the encryption.
Update procedure
Two new configuration options, compression
and httpwarning
got introduced.
As usual, you can download the archive for a manual upgrade and can find more details in the installation instructions.
We offer a Docker container that includes the recommended secure setup with the non-essential files and data outside of the web servers document root. Note that the latest docker containers use different user IDs then the older ones, so you will have to change the ownership of the attached data volume.
If you do have to use the new release on a PHP 5.4 environment, you can attempt to change the icon
option to vizhash
or none
and decrease the MIN_PHP_VERSION
in the lib/Controller.php file.
Changes since version 1.2.1
- ADDED: Translation for Czech (#424)
- ADDED: Threat modeled the application (#177)
- ADDED: Made compression configurable (#38)
- CHANGED: Minimum required PHP version is 5.5, due to a change in the identicon library
- CHANGED: Minimum required browser versions are Firefox 54, Chrome 57, Opera 44, Safari 11, Edge 16, due to use of WebCrypto API, async/await, ES6 & WebAssembly features - all Internet Explorer versions are incompatible
- CHANGED: JSON and encryption formats were changed to replace SJCL library by browser integrated WebCrypto API (#28, #74)
- CHANGED: Replaced rawdeflate.js with zlib.wasm to resolve decompression failures and gain compatibility with standard deflate implementations (#193, #260, #328, #434, #440)
- CHANGED: Increase PBKDF2 iterations to 100k (#350)
- CHANGED: Replaced last use of MD5 with Fowler–Noll–Vo checksum which produces the exact length we need for the paste ID (#49)
- CHANGED: Simplified some PHP code & renamed PrivateBin class into Controller, to make MVC pattern use more obvious (#342)
- CHANGED: Upgrading libraries to: identicon 1.2.0, random_compat 2.0.18, jQuery 3.4.1, Showdown 1.9.0, DOMpurify 1.0.11 & kjua 0.6.0
- FIXED: Prevent Chrome from sending content of paste to Google for translation (#378)
- FIXED: To support attachments larger then 2 MiB in newer Chrome versions, we switched to blob instead of data URIs (#432)
- FIXED: Since Outlook strips trailing equal signs in links, the key in URL hash is now base58 encoded, instead of base64 (#377)
- FIXED: Facebooks started injecting parameters into shared URLs for tracking that lead to inaccessible pastes (#396)
- FIXED: Properly escaped HTML in raw text mode (#358)
- FIXED: Made download links better readable in the dark bootstrap theme (#364)
- FIXED: Allow Letsencrypt bot to access on apache servers (#413)
Help wanted & greatly appreciated
Apart from the large tasks that require deeper insight and time, there are also smaller issues were help is wanted, topics open to debate and of course many languages that still remain to be translated. We are also still looking for additional long term maintainers among our frequent issue helpers.
If you are interested in helping with any of these points, we have prepared a development guide including design goals, code structure and tools that should get you started.
Plans for future releases
The next release will focus on user interface improvements.
Appendix A - Browser feature compatibility
The following table provides an overview of when support of the newly used JavaScript features got introduced in the major browsers:
Browser/Feature | async/await | Web Crypto API | WebAssembly | ECMAScript 2015 (ES6) | first version to support all features | Release date |
---|---|---|---|---|---|---|
Chrome | 55 | 37 | 57 | 51 | 57 | 2017-03-09 |
Edge | 15 | 12 | 16 | 15 | 16 | 2017-09-26 |
Firefox | 52 | 34 | 52 | 54 | 54 | 2017-06-13 |
IE | no | 11 | no | 11 | none | none |
Opera | 42 | 24 | 44 | 38 | 44 | 2017-03-21 |
Safari | 10.1 | 11 | 11 | 10 | 11 | 2017-09-19 |
Except for Internet Explorer, all major browsers support the new features since March to September 2017. Internet Explorer 11 lacks support for WebAssembly (used for zlib compression) and async/await. The WebCrypto API is based on Promise
interfaces and we use await
to avoid having to rewrite large code segments from synchronous function calls to Promise
-based, asynchronous logic. In light of this, we decided to drop support for Internet Explorer, as Windows users that can't install other browsers can use PrivateBin with the Edge browser instead.