Simple Secure Secret Sharing

Frequently Asked Questions

What is poof!?

poof! is a secure, time-constrained, one-time secret sharing serivce.

What does that mean?

Basically, poof! allows you to share a secret, such as a password, with someone else without it being silently intercepted.

Rather than sending credentials directly to someone, which would risk exposure in transit or in the future if someone got access to your messages later on, poof! allows you to send a link which will allow the reciever to uncover the secret with two restrictions:

  1. The message can only be viewed once
  2. The message can only be viewed within a time limit set by the sender

If either the time limit has passed, or the message has been viewed the link will not work.

This means that if someone intercepted the message and stole the secret before you saw it, you would not be able to retrieve it and therefore you would know it had been intercepted and should be considered compromised.

How does it work?

The full technical detail is available on github but the main concept is as follows:

Why should I use it?

Because you care about leaking sensitive information in instant messages and want a safer way to share the information.

Way not LastPass or another password service?

Well yes, most password manager services allow sharing passwords — so that is a good use case. If you or your organisation has such a service, then do use it instead. However sometimes you might want to share with a 3rd party without access to the password manager and in such cases, poof! might be useful.

Why should I trust it?

You shoudn't!

Well, I reckon you can trust me, but don't take my word for it. If you want to be sure please check the source code or build and run your own version! I want this project to be useful to as many people as possible, so feel free to run your own version — it's the most secure way!