From Newsgroup: alt.privacy.anon-server
Kharma v0.9 -- Dev Update
=========================
Still early days -- this is a testing release, not production-ready.
Here's an honest look at where things stand.
What's working
--------------
The core architecture is solid. Identity management is done: Ed25519
keypairs, passphrase-protected on disk with scrypt + NaCl secretbox,
secure memory wipe on exit. The session layer uses the Noise Protocol framework (pattern XX, mutual authentication) with X25519 ephemeral key exchange and ChaCha20-Poly1305 -- this is worth pausing on for a second.
People often ask "why not TLS 1.3?" Both are solid, but they're built
for different things. TLS was designed for the web -- certificate
authorities, PKI hierarchies, browser compatibility. Noise is a
lower-level framework: you compose the exact handshake pattern you need, there's no CA involved, and the XX pattern gives you full mutual auth
with forward secrecy in three messages. No overhead, no legacy baggage,
no certificate chain to manage or potentially leak metadata through. For
a peer-to-peer tool where both ends know each other's public keys, Noise
is simply a better fit.
The mesh transport layer is there too -- the design is deliberate. The failover stack goes: Tor -> LAN mesh -> Direct TCP. The idea is that
even if the internet is completely gone, peers on the same network find
each other via UDP broadcast and keep talking. Messages that can't be delivered immediately get queued (24h TTL, up to 5 hops) and forwarded
when a path opens up. This is the "war zone" design philosophy: the tool should work when infrastructure fails, not just when everything is fine.
What's broken / incomplete
---------------------------
Being honest:
- The queue is not encrypted on disk yet -- there's a TODO in
storeforward.go where encryption should go. Messages persist in
plaintext JSON. This is a known gap, not an oversight.
- Embedded Tor (transport/tor/embedded.go) is a stub -- right now Tor
transport requires an external daemon on 127.0.0.1:9050.
- Bluetooth transport is referenced in the design but has zero
implementation.
- Peer discovery (mesh/discovery.go) does UDP broadcast but the routing
table exchange between peers isn't implemented yet.
- There's a compile bug in veilith-main.go -- uses fyne.TextAlignCenter
and fyne.TextWrapWord without the correct import alias.
- The panic button (emergency wipe) works programmatically but there's
no keyboard hotkey wired up yet.
What's next
-----------
The main priority is portability -- the whole point of Kharma is
zero-install, self-contained, runs straight off a USB stick. macOS is
out of scope for now. The targets are:
- Linux -- already building, mostly works
- Windows -- cross-compile with mingw is set up in the Makefile,
needs testing with real hardware
- Android -- APK build is planned (fyne-cross), not started yet
The goal: plug in a USB, double-click, done. No admin rights, no
installed runtime, no traces left on the host machine. Data lives on
the USB. Pull the drive, the session is gone. Emergency wipe handles
the rest if things go wrong.
Once portability is solid the queue encryption and the full embedded Tor integration are next in line -- those are the two things that would make
this actually trustworthy in a hostile environment rather than just architecturally interesting.
More updates as things progress.
Gabx
https://archives.virebent.art
--- Digital Signature --- PW3gpU0LuNf1YiSiDhJKDhTo3qBcVEoyTz4uEOYVhh//lJdkG26Imn4Z1k67bAGJHKwpJcuK4i8RndYuvLjUBQ==
--- Synchronet 3.21f-Linux NewsLink 1.2