Add an option to password protect a file

[CodeCubeNeo]

I think it would be awesome if we could restrict unknown users from even downloading a file (not just encryption). I think the easiest way is that if the uploader wants, he can set a password, and if the downloader wants to have that file, he should enter that password.

[toastie89]

The 'password' is part of the URL in form of the random key, isn't it?

[CodeCubeNeo]

I guess yes, but you can guess that (although nearly impossible). You can close this and thanks for taking the time to answer my question ;).

[toastie89]

For me the 6 characters also feel a bit short. I run an own instance of transfer.sh and set random-token-length to 20.

[CodeCubeNeo]

So 20 lenght is default for transfer.sh?

[aspacca]

@CodeCubeNeo

it's one of the example on the frontend:

# Encrypt files with password using gpg
$ cat /tmp/hello.txt|gpg -ac -o-|curl -X PUT --upload-file "-" https://transfer.sh/test.txt

# Download and decrypt
$ curl https://transfer.sh/FPbp5w/test.txt|gpg -o- > /tmp/hello.txt

[toastie89]

So 20 lenght is default for transfer.sh?

No, this is what I've set for my own installation. The default is 6.

[CodeCubeNeo]

maybe change deafult to 10 or more? Just an idea.

[aspacca]

maybe change deafult to 10 or more? Just an idea.

I will do

[CodeCubeNeo]

Great. always better to change security for the better over 4 characters (possible combos rise from 36^6 to 36^10 (36 is the number of possible characters only alphanumeric) which is quite a lot). Math is probably not right, but I still threw it there.

[aspacca]

fixed in #162 162