Can we trust onetimesecret?
Key exchange is routinely done without using external services, by using cryptography. The most popular key exchange algorithm is Diffie-Hellman.
Quoting Wikipedia:
The Diffie–Hellman key exchange method allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure channel.
If you use Diffie-Hellman, don't use the anonymous version, but either fixed or ephemeral DH. See this answer.
Clearly, don't roll your own cryptography for anything real (i.e. outside of self study). Use something like OpenSSL for that.
What is the better alternative to exchange a key?
Better in what way? Security? Simplicity?
In the case of security, have multple methods of key transmission.
For example, give 10 characters through phone, 10 characters through text, some more through onetimesecret, some more through another website (for example, https://read-once.info).
This way, even if one of the website/method of transmission is untrusted, they do not have the full key, but only a small part of it.
Of course, instead of plain text, you can also encrypt it first with Alice's public key. If you'd like, you can also give useless (or not enough) information for Alice to easily find the right key.
For example, give Alice "ABC", "123", "!@#" and "XYZ" through different methods of transmission when the full key is "XYZ123ABC" ("!@#" not used).
That is, have Alice permute all the given pieces.
I wouldn't trust a third party for storing secrets, however I do like the convenience of being able to share via a URL link.
To try to get the best of both worlds, I wrote self-destruct-o (https://self-destruct-o.control-alt-del.org/).
It's similar in concept to onetimesecret but with a few advantages:
- It's trivial to run your own instance, code and instructions here: https://github.com/marksteele/self-destruct-o
- No servers required! (although you will need an Amazon AWS account). The backend can run in the free tier!
- When providing a passphrase for the secret, it derives an encryption key from the passphrase and then encrypts the value using AES-256 in CBC mode in your browser prior to sending it to the backend service.
You can email the link, and share the passphase over a second channel (eg: phone, sms) and can be sure nobody can intercept the secret.
More details here: https://www.control-alt-del.org/post/one-time-password-sharing-securely/