virebent/Nofuture-Go-Memguard
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
53 commits 1 branch 0 tags 144 KiB
  • HTML 78%
  • Go 16.7%
  • JavaScript 5.3%
Find a file
Exact
Gab 5d66ab24bf
 Update go.sum
2025-10-14 19:58:38 +02:00
apache2-VH.conf Update apache2-VH.conf 2025-02-13 18:06:27 +01:00
challange.html Update challange.html 2025-10-14 19:57:15 +02:00
DEPLOYMENT.md Update and rename USAGE.md to DEPLOYMENT.md 2025-10-14 19:55:21 +02:00
go.mod Add files via upload 2025-02-11 16:00:59 +01:00
go.sum Update go.sum 2025-10-14 19:58:38 +02:00
index.html Update index.html 2025-06-13 13:50:29 +02:00
keyboard.js Add files via upload 2025-02-11 16:00:59 +01:00
LICENSE Initial commit 2025-02-11 15:57:20 +01:00
nofuture.go Update nofuture.go 2025-10-14 18:53:35 +02:00
nofuture.service Create nofuture.service 2025-02-13 17:59:34 +01:00
README.html Update README.html 2025-10-14 19:15:17 +02:00
README.md Update README.md 2025-10-14 18:58:42 +02:00

README.md

🔐 NoFuture-Memguard-PQ

Ephemeral Post-Quantum Text Encryption Plugin for Mainstream Chats

Version 0.5.0 | Built with love and defiance | Privacy is a human right, not a feature

🎯 What is it?

NoFuture-Memguard-PQ is a detached external encryption plugin for any instant messaging platform. Use it in one browser tab while your mainstream chat (WhatsApp Web, Telegram, Signal, etc.) runs in another.

Key features:

  • 🛡️ Memguard-protected memory - Keys and plaintext secured against root access and memory dumps
  • 🔒 Detached architecture - Completely isolated from mainstream chat platforms (no backdoors possible)
  • 🔥 Ephemeral by design - Total key destruction on session end (no future access)
  • Post-quantum ready - Roadmap includes Kyber1024-90s and Dilithium5-AES
  • 🖱️ Anti-keylogger keyboard - Virtual keyboard with randomized layout

🚀 Quick Start

# Install
git clone <repository-url>
cd nofuture-memguard-pq
go mod download
go build -o nofuture main.go

# Run
./nofuture
# Open http://localhost:8080

📖 Documentation

For complete documentation, open https://safecomms.virebent.art/README.html in your browser.

⚠️ Production Deployment

NEVER expose the Go server directly to the internet without HTTPS.

Use a reverse proxy (nginx, Caddy) with TLS certificates:

server {
    listen 443 ssl http2;
    server_name safecomms.yourdomain.com;

    ssl_certificate /path/to/cert.pem;
    ssl_certificate_key /path/to/key.pem;

    location / {
        proxy_pass http://localhost:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
}

🔐 Security Model

  1. Memguard (PRIMARY) - Protects keys + plaintext in RAM against dumps, swap, debuggers
  2. Detached Architecture - Mainstream platforms never see keys or plaintext
  3. AEAD Encryption - XChaCha20-Poly1305 prevents tampering
  4. Total Destruction - Keys irreversibly wiped on session end

📊 What's Fixed in v0.5.0

Plaintext now protected by memguard (was vulnerable) Real encryption (XChaCha20-Poly1305 AEAD) instead of XOR Real key exchange (NaCl box) instead of XOR HTTPS enforcement (reverse proxy required) CORS restrictions (no wildcard) Rate limiting (60 req/min per IP) Request size limits (1MB max) Session timeouts (24h max) Authenticated encryption (prevents bit-flipping) Session isolation (no cross-contamination) Secure cleanup on exit

🗺️ Roadmap

  • v0.5.0: Memguard + XChaCha20-Poly1305
  • 🔄 v1.0.0: Kyber1024-90s + Dilithium5-AES (true post-quantum)
  • 🔄 v1.1.0: Per-message ratcheting (forward secrecy)
  • 🔄 v2.0.0: Browser extension

📜 License

MIT License

💬 Support

Report security issues privately. For other questions, open an issue.

One conversation. One key. One chance to read. No future access.