whisper 1.2.0
Whisper provides a way to securely communicate a small amount of secret information to someone. A typical example is when you need to send someone a password. One solution is to phone them and communicate the password verbally, but this can be tedious in the case of strong passwords containing mixed case and punctuation characters. People often resort to just sending an email message and asking the recipient to change the password when they receive it. But if the recipient doesn't do that, the password is left lying insecure in their mailbox.
For the purpose of this explanation, we'll consider two roles: the initiator is the person who has secret information to communicate; the recipient is the person they wish to send it to. Since this website is exposed to the internet, initiators must authenticate using their OICR account. This helps prevent abuse of the application.
Point your web browser to the whisper home page. If you don't already have an active session, you will be prompted to authenticate with your OICR user name and password. After successful authentication you will be presented with a form where you can enter your secret and select an expiry time. When you submit the form a secure URL is generated which provides access to your secret. You can copy this URL and send it to your recipient in place of your secret.
As the initiator, you also have the option of allowing the recipient to expire the secret. If the "Allow the recipient to expire the secret" checkbox is enabled, the recipient will be presented with an "Expire Now" button; otherwise this button will not be displayed and the secret will be retained until the chosen expiration time. Disabling this option is useful when sending a secret to multiple recipients, as it prevents one recipient from expiring the secret before other recipients have had the opportunity to view it.
Please do not include complete credentials when creating a new whisper! For example, when sending a login password do not also include the user name. Providing the secret without any context reduces the risk of the secret being useful if the whisper link were to be intercepted by someone other than the intended recipient.
The initiator will send you a secure URL generated by whisper. Clicking on this URL will display the secret. If the initiator selected the option "Allow the recipient to expire the secret", you will also see an "Expire Now" button which enables you to expire the secret immediately after viewing it. If you don't take any action, the secret will automatically expire according to the expiry time selected by the initiator when the secret was created. If the secret has already expired, you will be notified that the web page no longer exists. In that case you should contact the initiator and request that the secret be recreated.