i am thinking about building a public crypto service, yet at the same time, I am still quite new to crypto and therefore prone to snake-oil inventions I guess.
My plan is to build a website which allows encrypting a document for a certain time.
The current scheme I came up is as follows:
choose the time at which you want the document to be publicly available (e.g. 2 weeks from now).
locally on your computer create a password to be used to encrypt the document, based on the hash of the datetime-stamp for the release, plus an unique salt value (e.g. hash of document)
hash that encryption password in order to hide the original password and load the hash up to the website, along with the selected target date
the website starts a unique timer for you which generates passwords every second, based on the current datetime-stamp and the salt provided, then rehashes the resulting hash to see if it fits the specified hash for the encryption password
if so, the point in time for decryption has been attained
I am not happy about the scheme as I am looking for a perfect solution in that the server should not know anything specific about the password used to encrypt the document, as well as never produce it itself. Also, the encryption should stay secure even in the event of the server being compromised...
I am grateful for any feedback.
I would like to find something like an encrypt-and-forget scheme.
And you are right, someone who compromises the server can reverse engineer the algorithm and obtain the secret salt to "let the clock run faster" by precomputing the hashes and finding the actual password before the selected time has come.
– Glaze Feb 20 '19 at 11:35