Ghostbin is not really secure, because after creating an encrypted paste, it's possible to access it with javascript disabled, which means the content is not decrypted in the user's browser. Also, it requires cookies to even work at all, which shouldn't be needed.
huubert
All 6 comments
Open Source Ghostbin Alternatives - AlternativeTo.net
https://alternativeto.net/software/ghostbin/?license=opensource
Hillside502
on 16 Mar 2018
It can be self-hosted, though, if you're concerned about server-side security. But yeah, we're just recommending the main server.
ghost
on 16 Mar 2018
I don't consider that secure, but maybe it's just me...
Regardless, Ghostbin should be the third option in the Paste Services section and not the first, and maybe it should be mentioned in the notes that encryption/decryption is not done in the browser.
huubert
on 17 Mar 2018
Just FYI:
ghostbin.com runs outdated Apache 2.4.18 and outdated OpenSSH 7.2 P2. The security of the whole server setup isn't very exemplary. Furthermore, the TLS configuration supports insecure RC4 for encryption and weak cipher suites.
infosec-handbook
on 10 May 2018
See also my comparison in #454
infosec-handbook
on 27 May 2018
Discussion can continue in #454
Vincevrp
on 28 Feb 2019
Related issues
Strappazzon
·
3Comments
johnozbay
·
3Comments
MarkusZoppelt
·
3Comments
merlinnusr
·
3Comments
Mikaela
·
3Comments
Most helpful comment
Just FYI:
ghostbin.com runs outdated Apache 2.4.18 and outdated OpenSSH 7.2 P2. The security of the whole server setup isn't very exemplary. Furthermore, the TLS configuration supports insecure RC4 for encryption and weak cipher suites.