Oh, I am dead, but it's Python... (*-*) <3 ---------- Forwarded message ---------- From: "Markus Ottela" <[1]oottela@cs.helsinki.fi> Date: Oct 25, 2016 10:33 PM Subject: [Cryptography] TFC - instant messaging with endpoint security To: <[2]cryptography@metzdowd.com> Thought I'd share my three-year project with the community. [3]https://github.com/maqp/tfc The tl;dr is TFC is an end-to-end encryption plugin for Pidgin IM client where the TCB is split and separated on two isolated computers behind unidirectional, data-diode enforced RS232 gateways. This configuration prevents infiltration of malware to transmitter computer and exfiltration of keys/pt from receiver computer. The networked computer running Pidgin never has access to private keys or plaintexts. The cipher is XSalsa20-Poly1305, where the symmetric key is either pre-shared or exchanged with Curve25519 ECDHE. MACs provide deniable authentication and PBKDF2-HMAC-SHA256 provides per-message forward secrecy with hash-ratchet. Key generation uses Linux kernel CSPRNG but also allows mixing in entropy from a HWRNG sampled by Raspberry Pi via GPIO natively or over SSH. (Both HWRNG and data diodes are free hardware design). Group messaging is done by multi-casting messages to each recipient provided all members have exchanged a key pair for private messaging. The last feature I'd like to highlight is trickle connection where user sends a constant stream of noise packets to recipient / group, inside which messages can be delivered. Files can be sent to recipient(s) in background during the conversation. Written in Python, licensed under GPL. I hope you find it interesting. Markus _______________________________________________ The cryptography mailing list [4]cryptography@metzdowd.com [5]http://www.metzdowd.com/mailman/listinfo/cryptography References 1. mailto:oottela@cs.helsinki.fi 2. mailto:cryptography@metzdowd.com 3. https://github.com/maqp/tfc 4. mailto:cryptography@metzdowd.com 5. http://www.metzdowd.com/mailman/listinfo/cryptography