CyberDrop Bin is a modified version of
Up1 to allow text only and upgrade and fix vulnerabilties in the old code.
Text is encrypted client-side (in your browser) before uploading it to CyberDrop servers so we know nothing about its contents.Pastes are downloaded and decrypted in your web browser and displays with highlighting.
Technical Details:
Before an text is uploaded, a "seed" is generated. This seed can be of any length (because really, the server will never be able to tell), but has a length of 25 characters by default. The seed is then run through SHA512, giving the AES key in bytes 0-256, the CCM IV in bytes 256-384, and the server's file identifier in bytes 384-512. Using this output, the image data is then encrypted using said AES key and IV using SJCL's AES-CCM methods, and sent to the server with an identifier. Within the encryption, there is also a prepended JSON object that contains metadata (currently just the filename and mime-type). The (decrypted) blob format starts with 2 bytes denoting the JSON character length, the JSON data itself, and then the file data at the end.