XPost: alt.privacy.anon-server, alt.privacy
Peter Fairbrother wrote:>>
https://safecomms.virebent.art/leggimi.html
From the description, it doesn't seem to have any authentication or anti-MITM protection.
Peter Fairbrother.
Authentication is based on a combination of digital signatures and secure key exchange.
Each client generates a pair of Kyber1024-90s keys for key exchange and a pair of Dilithium5-AES to sign and authenticate messages.
Keys are immediately locked in RAM using memguard to prevent memory theft.
The client signs its initial message (e.g. "Hello Server") with the private key Dilithium5-AES.The signed message is sent together with the public key Kyber1024-90s.The server verifies the signature with the received public key Dilithium5-AES. If the
signature is valid, the server accepts the connection. Otherwise, it closes immediately.After authentication, the server encapsulates a secret key using the received public key.The client decapsula the secret using its own private key.If everything went
well, Both parties now share a secure secret key.
Digital Signature Protection Post-Quantum
Each initial message is signed with Dilithium5-AES, so an attacker cannot generate valid signatures without the private key.
The server checks the signature and rejects non-authentic connections. Signatures are post-quantum secure, so not vulnerable to quantum-based attacks. Even if an attacker succeeds in intercepting the initial message, they cannot generate a valid secret key without the private key of the legitimate user.
Kyber1024-90s ensures that key exchange is not vulnerable to replay or downgrade attacks.
The keys are never transmitted in plain text, only encapsulated keys.
Memguard: RAM protection
Private keys and derived keys are stored in encrypted RAM.
Not even a root user can access memguard-protected memory.
Data is automatically destroyed when it is no longer needed.
I hope to have answered in a comprehensive way.
Gabx
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)