JotOnce: Secure, Temporary Notes
JotOnce is a simple, secure way to share notes. Whether you need to send a private message, share sensitive information, or jot something down for later, JotOnce lets you create a password-protected note in seconds.
Thoughtfully Designed Passphrases
Each note is secured with a unique passphrase, carefully optimized for easy communication. We've removed words with silent letters and those commonly confused, ensuring clear verbal and written sharing—whether over the phone, in a meeting, or passing.
⏱️ Self-Expiring Notes
Choose an expiration time between one minute and ten days.
🚀 No Sign-Up Required
Create and share notes instantly—no registration needed.
💬 Easy Sharing
Simple, human-readable passphrases make note-sharing effortless.
🔒 How JotOnce Keeps Your Notes Safe (In plain English)
You have a message you want to share with a friend but don't want anyone else to read it. You write it on paper, put it inside a safe, and lock it with a key. The only way to open it is with the key you used to lock it.
1. The Passphrase is Your Key
Instead of a key, JotOnce gives you a passphrase. Using a suggested passphrase is a borrowed key. But if you create your passphrase, it's like making a custom, super-strong key that only you and your friend know.
2. The Safe is Encryption
When you type your message into JotOnce, we don't store it as regular text. Instead, we lock it inside a digital safe using encryption, meaning that even if someone finds the chest, they can't read what's inside without the correct key.
3. The Lock is Extra Strong
JotOnce uses strong locks (AES-256 and XChaCha20) that you cannot easily pick. Even if a hacker had a supercomputer, it would take them millions of years to guess the right key.
4. The Passphrase is Never Written Down
JotOnce doesn't store your key. Instead, it just remembers the shape of the key, so if you enter the wrong passphrase later, it won't work. If someone breaks open the safe, they still can't read your message.
🔬 Technical Details
Implementation & Security
JotOnce uses Redis with self-expiring to store messages. We also use rate-limiting and automatic IP banning to help deter snooping. However, even a moderately determined attacker could still find ways to bypass these protections. Users can set a custom passphrase for stronger security, significantly increasing protection against unauthorized access.
Key Derivation
Since user-created passphrases often have a low entropy, JotOnce uses Argon2id to derive a strong encryption key before encrypting any data. Argon2id is a memory-hard function designed to slow down brute-force attacks by increasing computational and memory requirements, making large-scale passphrase cracking expensive. Each encryption process includes a unique salt to prevent precomputed attacks.
Authenticated Encryption
We encrypt data using AES-256-GCM with XChaCha20-Poly1305. These encryption methods provide confidentiality, integrity, and authentication, ensuring messages cannot be tampered with or read without the correct passphrase. Each encrypted message is paired with a unique nonce and an authentication tag to verify its integrity.
Secure Indexing
Since data is encrypted, we cannot query them directly; JotOnce uses HMAC-SHA256 to create a secure, deterministic search index, allowing passphrase-based searches without exposing plaintext passphrases or encryption keys. The use of a per-record salt further increases security, preventing precomputed attacks.
Storage & Retrieval
Each stored record consists of an encrypted message, a unique nonce for encryption, an authentication tag for integrity verification, and a secure search index derived from the passphrase. This ensures that even if an attacker gains access to the database, they cannot retrieve passphrases or decrypt messages without the correct passphrase.
TL;DR
- No plaintext passphrases or encryption keys are stored—we transform passphrases into secure cryptographic derivatives.
- Argon2id significantly increases resistance to brute-force attacks, making passphrase cracking impractical at scale.
- AES-256-GCM and XChaCha20-Poly1305 encryption ensures confidentiality and integrity, preventing message tampering.
- Search indexes do not reveal passphrase information, and per-record salting prevents rainbow table attacks.