Show HN: Link-lock – Distributed app to password-protect URLs

Show HN: Link-lock – Distributed app to password-protect URLs

Password-supply protection to URLs the exhaust of AES within the


Hyperlink Lock is a instrument for encrypting and decrypting URLs. When a person visits an
encrypted URL, they are going to be launched on for a password. If the password is
right, Hyperlink Lock retrieves the common URL after which redirects there.
In some other case, an error is displayed. Clients can moreover add hints to show come the
password prompt.

Each encrypted URL is saved completely throughout the hyperlink generated by the
utility. As a consequence, customers retain watch over the overall data they bear with Hyperlink
Lock. Nothing is ever saved on a server, and there often are not any cookies, monitoring,
or signups.

Hyperlink Lock has many makes use of:

  • Retailer private bookmarks on a shared laptop
  • Encrypt complete on-line pages (through URL
  • Ship nonetheless hyperlinks over public or jumpy channels (e.g., posting hyperlinks
    to a public internet inform that require a password to entry)
  • Implement straightforward CAPTCHAs – particularly high-quality in the direction of trendy internet scrapers
    that assemble not admire robots.txt
  • Add a password to shared Dropbox or Google Stress hyperlinks

Hyperlink Lock makes use of AES in GCM mode to soundly encrypt passwords, and PBKDF2 and
salted SHA-256 (100,000 iterations) for secure key derivation. Encryption,
decryption, and key derivation are all carried out by the SubtleCrypto
. The
initialization vector is randomized by default, however the salt won’t be.
Randomization of every the initialization vector and salt could maybe properly additionally moreover be enabled or
disabled by the person through “advanced decisions.” The salt and initialization vector
are despatched with the encrypted data throughout the event that they’re randomly generated. The API is
versioned such that frail encrypted hyperlinks will repeatedly work, regardless of the plain reality that later
variations of Hyperlink Lock are up so a ways to be additional secure. Please be taught the code
(api.js in
specific) for added data.

Be taught the Hacker Knowledge dialogue here.



The code was as soon as written to be be taught. Please be taught it, particularly if you don’t belief
me to construct a secure encryption utility. In specific:

  • I am a school pupil, not a security sterling – there could maybe properly be
    most interesting practices I am not attentive to.
  • As quickly as anybody decrypts a hyperlink, they’re going to share the common URL as well-known as they
    need. Handiest share encrypted hyperlinks with relied on of us.
  • I am not jubilant the exhaust of JavaScript, and I should aloof not have a company snatch of the
    nuances of the language – there could maybe properly be bugs that I do not even know to confirm
  • Here is the primary problem I principally have ever achieved the exhaust of encryption – there could also be probably
    a delicate mistake someplace.
  • Most of the encryption/decryption code is principally principally primarily based on MDN

    for the SubtleCrypto API.


  • Make a locked hyperlink here.
  • Train the advanced decisions when making a hyperlink to construct the encryption additional
    secure (on the price of a protracted hyperlink).

    • By default, the initialization vector is randomized for security, however
      this will maybe be disabled, even if doing so is a vulnerability.
    • By default, the salt aged to hash the password for the interval of key derivation is
      not randomized, however this will maybe be enabled.
  • To bookmark a locked hyperlink, dawdle it from the output field to the bookmarks bar.
    Alternatively, go to the locked hyperlink and bookmark it sooner than coming into the


Thanks to of us that provided suggestions on this program sooner than its open! Thanks moreover to the Hacker Knowledge 2nd-probability pool!


Please enter your comment!
Please enter your name here