Fwd: [Cryptography] TFC - instant messaging with endpoint security
Cecilia Tanaka
cecilia.tanaka at gmail.com
Wed Oct 26 10:39:57 PDT 2016
Oh, I am dead, but it's Python... (*-*) <3
---------- Forwarded message ----------
From: "Markus Ottela" <oottela at cs.helsinki.fi>
Date: Oct 25, 2016 10:33 PM
Subject: [Cryptography] TFC - instant messaging with endpoint security
To: <cryptography at metzdowd.com>
Thought I'd share my three-year project with the community.
https://github.com/maqp/tfc
The tl;dr is TFC is an end-to-end encryption plugin for Pidgin IM client
where the TCB is split and separated on two isolated computers behind
unidirectional, data-diode enforced RS232 gateways. This configuration
prevents infiltration of malware to transmitter computer and exfiltration
of keys/pt from receiver computer. The networked computer running Pidgin
never has access to private keys or plaintexts.
The cipher is XSalsa20-Poly1305, where the symmetric key is either
pre-shared or exchanged with Curve25519 ECDHE. MACs provide deniable
authentication and PBKDF2-HMAC-SHA256 provides per-message forward secrecy
with hash-ratchet.
Key generation uses Linux kernel CSPRNG but also allows mixing in entropy
from a HWRNG sampled by Raspberry Pi via GPIO natively or over SSH. (Both
HWRNG and data diodes are free hardware design).
Group messaging is done by multi-casting messages to each recipient
provided all members have exchanged a key pair for private messaging.
The last feature I'd like to highlight is trickle connection where user
sends a constant stream of noise packets to recipient / group, inside which
messages can be delivered. Files can be sent to recipient(s) in background
during the conversation.
Written in Python, licensed under GPL. I hope you find it interesting.
Markus
_______________________________________________
The cryptography mailing list
cryptography at metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2356 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20161026/476c2002/attachment.txt>
More information about the cypherpunks
mailing list