Let’s be honest: yes, it’s technically possible to brute force a BareSend message. But before you panic — let’s talk about what that really means.
When you create a message, BareSend doesn’t generate a random encryption key. You do — by typing a passphrase. That passphrase is then transformed into a 256-bit AES key using a secure algorithm called a Key Derivation Function (KDF).
In simple terms: the words you choose become the lock that protects your message. If your words are weak, the lock is easy to pick.
Technically yes — but only under very specific conditions:
If those things align, they could eventually break it. But...
BareSend messages don’t sit around forever waiting to be cracked. They:
That means the attacker’s window is vanishingly small. If they’re late, they get nothing. If your passphrase is strong, they get nowhere.
Choosing a good passphrase makes brute force attacks go from “difficult” to “absurd.” A phrase like rooftop-blanket-mountain-oven-squid has more than 2.8 quintillion combinations. Even with modern hardware, brute-forcing it would take tens of thousands — or even billions — of years, depending on how many guesses per second the attacker can make. Translation: you’re safe.
So yes — someone can technically brute force a BareSend message. But if you use a strong passphrase and a short expiry time, the math isn’t in their favor. It’s in yours.