Temporary File Upload
deletion every UTC midnight
file size limit: 100MB
Enter a password to enable file selection.
Drag & drop a file here or click to select
Password guidance (offline attack; PBKDF2-SHA256 @ 600k iters)
| Example | Charset | Entropy (≈) | Verdict |
|---|---|---|---|
| 8 chars (lower+digits) | 368 | ~42 bits | Weak |
| 12 chars (lower+digits) | 3612 | ~62 bits | Borderline |
| 12 chars (mixed+digits) | 6212 | ~71 bits | OK |
| 16 chars (mixed+digits) | 6216 | ~95 bits | Strong |
Use random characters or a long random passphrase. Real-word phrases or patterns reduce strength a lot.
Verify it’s client-side encryption
| Step | What you should see |
|---|---|
| Open DevTools → Network | When you click Encrypt & Upload, the first progress is “Encrypting …” before any request. |
Inspect upload.php request |
Request payload contains only:
|
| On the preview page | Network shows only *.json + *.enc fetched. After you type the password, the preview appears without any new uploads. |
All crypto runs in your browser (PBKDF2-SHA256 → AES-256-GCM). The server stores only ciphertext and public parameters.
Important Disclaimer
| What we do | Encryption runs in your browser. Only ciphertext is uploaded to the server. |
|---|---|
| What could still happen | No system is 100% secure. If your browser or the server is compromised, or if you pick a weak password, files could be at risk. |
| What you should do | Always use a strong passphrase and verify the page code if you require high security. |
If you want to be absolutely sure your files can’t be seen by anyone else, you should transfer them locally only.