My first public site using Phoenix - gentle criticism needed!

I recently built out a site using Elixir and LiveView that allows you to store your documents (potentially uploaded by clients) encrypted. The files are encrypted using public key cryptography and are unencrypted on the fly. The unencrypted files are then deleted off the server every 10 minutes by a cron job.

One thing to note is that the design really sucks. Unfortunately, I am not a designer, but if you know one who is willing to work on the site either for free (temporarily) or for very cheap (I’ve been out of work for a while now), please tell them to get in touch with me.

Please offer your criticism gently as this is my first public facing website and idea. Here it is:

https://protected-docs.io

To get started, first sign up for the site. Then you need to input your password again to create the GPG public/private keypair on the backend. Then, create a client with the “New client” button. Click on that client, and from there, you can upload a document (max 10MB for free users at the moment). Click on that document, and the site will prompt you for your password again to decrypt. The private key should be cached on the backend for some time, so if you refresh the page, you won’t have to input your password again immediately. Then, click on the link in the table to view your document in its unencrypted form.

There is also a subscription functionality which increases the filesize limit to 50MB. There is a free 7 day trial for that, so if you are feeling brave, you can help me test that functionality as well. In case you go past the 7 days or are for some reason (due to a bug) charged, I can refund you via Stripe.

That’s it. Thanks for checking this out for me. Cheers!

So the files are stored in the clear for up to 10 minutes? During that time, are there disk backups, replicas, etc. that might be provisioned either explicitly or implicitly by the services provided by a cloud provider and which might persist the unencrypted files at rest intentionally/unintentionally?

I see this on the site:

You will not be able to change your password once it is set due to the encryption algorithm used.

This could mean several things and all of which would be a problem. What if I have reason to believe my password has been compromised? This says I can’t change it: meaning I have to knowingly remain compromised… ouch. If my files are directly encrypted with this password, I now can’t trust that my files aren’t compromised. Does the password get transmitted to the site? If so how?

I’m seeing red flags with the kind of service offered and the implementation description and expressed limitations.

As I use the site some more observations:

I received a confirmation email asking for verification, but it looks like I could login, upload files, log out, log back in and retrieve those files without any need to follow the confirmation link. What if I never verify the account? Is it fully active? Does the current functionality allow me to create and use a bogus account under someone else’s email address? Sure they’ll get the confirmation email saying:

If you didn’t create an account with us, please ignore this.

But the can the impersonation go on? I’m sure things like this seem like they could be harmless, but when offering a (paid) secure documents service funny things can happen which can become more serious than you might think. Also, offering paid service without terms, conditions, etc. for something that a reasonable person might construe to be a promise to secure their information is well… brave.

Thanks for the feedback. User verification should be possible, and I will look into that. I am basing my password rules on something like 1Password’s master password requirements, although it might be possible to add password change in the future. Also, T&Cs are a good idea which slipped my mind while I was engrossed in the programming of the site. Hopefully, the red flags can be eliminated with time, and I hope to earn the trust of the community and users as I improve the site.

Your site did send me a verification request email; the issue I raised was that the webapp allowed me to do everything without answering the verification request. Was that verification just something that came out of a Phoenix generator (or similar) and wasn’t intentional? (I don’t use the Phoenix generators myself, so I don’t know what they produce).

I think in general, it has to be recognized that getting this kind of service implemented correctly is a challenge even for people with solid experience in the areas of encryption and building highly secure systems. The problem in building security sensitive services is that it is utterly unforgiving of any oversight, mistake, or misunderstanding in a way that other software development isn’t. Those oversights/mistakes/misunderstandings become the vulnerabilities that get exploited by malicious parties; working as a solo dev in this space can be even harder since regular vetting of security related designs and code by someone without the built in confirmation biases we all bring to our own work is usually not available in any important way. I have had responsibilities in designing and building systems where a single user’s web form submission could redirect many millions of dollars, where we deal with user’s personal information, including sensitive banking, payment processing (credit cards), and medical information, and similarly security sensitive applications. The only way I’d try a project like this on a solo basis is in building a proof-of-concept to take to others like possible investors; I’d need a lot of other very qualified and smart people with eyes on it prior to a launch of services to the public. (note: I have decent experience in dealing with secure systems, but wouldn’t call myself a security expert.)

1password would be a good study however. The problem they solve is not completely dissimilar to what you’re trying to do (though there are clear differences, too) and they have put a lot of thought into the problem. A link to their whitepaper on their security design is: https://1passwordstatic.com/files/security/1password-white-paper.pdf

For example, they follow a common pattern where the user’s credentials are used to encrypt other randomly generated encryption keys which are the keys actually used to encrypt the data. This is part of the solution for being able to change the user’s password: the randomly generated keys are decrypted with the user’s old password and then re-encrypted with the new user password: this way you aren’t re-encrypting all of the data. This is fairly hand-wavy explanation which glosses a fair amount.

Consider this from the linked 1password document:

All cryptographic keys are generated by the client on your devices, and all encryption is done locally.

The unencrypted data on the server under your model that I raised issues go way in the 1password model. The data arrives to them already encrypted. Naturally, they can’t vouch for the security of your device, but they should have pretty good resilience to a compromise on their side.

Again, read their paper to get the gist of what a security services look like to implement in software… and to operate: a subject I haven’t even really discussed at all, but which is as demanding as the software development side.

I’ll stand down now. Best of luck.

Hmm, you’re right. Maybe the site is only viable as a learning project then. Thanks again for your detailed criticism.

Looking at the white paper linked, I could probably make the master password different from the account password so that it is not hashed. I could also probably program the “2 layer” encryption scheme, where the master password is used to decrypt individual passwords for the individual files. Alas, I cannot encrypt the documents on the user’s device, as that would require me to delve into the world of JavaScript, the avoidance of which is the reason I used LiveView in the first place. My search for a profitable site I can program continues…

Update: Files are now decrypted on-the-fly when the user clicks the link instead of remaining on the server for up to 10 minutes. This means that the decrypted files are never written to the server, meaning they won’t show up in any backups.

I may or may not implement to 2 layer encryption scheme. Honestly, I feel like anything I write will just reduce the entropy and make the code more complicated to understand, so I will stick with the single layer for now.

Update: You should now be able to change your password. Tomorrow, I will work on making sure the master password is different from the account password so that no decryption password is hashed on the server.

I don’t think “entropy” means what you think it means. Entropy is “disorder” so reducing that brings orderliness. Understanding entropy is particularly important for understanding encryption and randomness.

Maybe “randomness” is a better word? What I am saying is, I trust GPG to provide its own source of randomness. Any mathematical function I write could potentially reduce that randomness, making the encryption easier to potentially crack.