diff options
| author | Gab <24553253+gabrix73@users.noreply.github.com> | 2025-02-13 15:08:10 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-02-13 15:08:10 +0100 |
| commit | dc1f5a14c58d2b098a35db7b073f48137dd1c13d (patch) | |
| tree | d7ec42dafd47abccd7277a0c401524c038f30987 | |
| parent | 3069c554969aa0c129b5279192163fa6121a0607 (diff) | |
| download | nofuture-go-memguard-dc1f5a14c58d2b098a35db7b073f48137dd1c13d.tar.gz nofuture-go-memguard-dc1f5a14c58d2b098a35db7b073f48137dd1c13d.tar.xz nofuture-go-memguard-dc1f5a14c58d2b098a35db7b073f48137dd1c13d.zip | |
Update README.md
| -rw-r--r-- | README.md | 171 |
1 files changed, 101 insertions, 70 deletions
@@ -1,78 +1,109 @@ -# Nofuture-Buddy-Go-Memguard -Web application for ephemeral encryption of texts. Paring the sessions with an interlocutor permets encryption/decryption of conversations via an external realtime communication applications. +<head> + <meta charset="UTF-8"> + <title>Nofuture.go - Post-Quantum Cryptographic Core Documentation</title> + <style> + /* Maintain previous styling */ + </style> +</head> +<body> + <h1>Nofuture.go - Post-Quantum Cryptographic System</h1> -Technical Analysis: + <div class="section"> + <h2>MemGuard Initialization & Configuration</h2> + <pre><code>memguard.CatchInterrupt() +memguard.Purge() +unix.Mlockall(unix.MCL_CURRENT | unix.MCL_FUTURE)</code></pre> + <ul> + <li><strong>Secure Memory Locking:</strong> Prevents swapping sensitive data to disk</li> + <li><strong>Interrupt Handling:</strong> Automatic memory purge on SIGINT/SIGTERM</li> + <li><strong>Deep Memory Purge:</strong> Secure wiping of allocated buffers</li> + </ul> + </div> -<h4>Nofuture Core Security Features:</h4><br> -<ul> -<li>Uses memguard for secure memory management</li> -<li>Implements curve25519 for public-key cryptography</li> -<li>Employs NaCl's box encryption for message security</li> -<li>Utilizes secure session management with random IDs</li> -<li>Implements CORS protection with proper headers</li> - </ul> -<h4>Key Security Components:</h4> + <div class="section"> + <h2>MemGuard in Key Lifecycle Management</h2> + <pre><code>passphrase, _ := memguard.NewImmutableRandom(32) +defer passphrase.Destroy()</code></pre> + <ul> + <li><strong>Immutable Buffers:</strong> Write-protected memory regions</li> + <li><strong>Ephemeral Storage:</strong> Keys exist only in protected memory</li> + <li><strong>Automatic Destruction:</strong> Guaranteed wipe with defer</li> + </ul> + </div> -a) <b>Memory Protection:</b> + <div class="section"> + <h2>Enclave-Based Cryptography</h2> + <pre><code>func deriveEnclaveKey(passphrase *memguard.Enclave) { + passBuf, _ := passphrase.Open() + defer passBuf.Destroy() +}</code></pre> + <ul> + <li><strong>Double-Layer Protection:</strong> Enclave wrapping + locked buffers</li> + <li><strong>Controlled Exposure:</strong> Temporary buffer access patterns</li> + <li><strong>Zero-Copy Architecture:</strong> Minimize memory exposure</li> + </ul> + </div> -<pre>memguard.CatchInterrupt() -defer memguard.Purge()</pre> -<p>This ensures sensitive data is wiped from memory when the program terminates or receives an interrupt signal.</p> + <div class="section"> + <h2>Quantum-Safe Key Exchange</h2> + <pre><code>pubKey, secKey, _ := quantumKEMKeyPair() +defer pubKey.Destroy() +defer secKey.Destroy()</code></pre> + <ul> + <li><strong>MemGuard-Protected Keys:</strong> + <ul> + <li>Public Key: Immutable locked buffer</li> + <li>Private Key: Enclave-wrapped storage</li> + </ul> + </li> + <li><strong>Zeroization on Completion:</strong> Guaranteed key destruction</li> + </ul> + </div> -b) <b>Session Management:</b> -<ul> -<li>Private keys are stored in memguard.LockedBuffer</li> -<li>Public keys are stored as regular bytes</li> -<li>Sessions are managed in a thread-safe sync.Map</li> -<li>Session IDs use cryptographically secure random generation</li></ul> + <div class="section"> + <h2>Secure Session Management</h2> + <pre><code>type QuantumSession struct { + sessionKey *memguard.Enclave + remotePubKey *memguard.Enclave +}</code></pre> + <ul> + <li><strong>Enclave-Wrapped Session Keys:</strong> Encrypted memory storage</li> + <li><strong>Forward Secrecy:</strong> Ephemeral session keys</li> + <li><strong>Compartmentalization:</strong> Isolated memory regions per session</li> + </ul> + </div> -c) <b>Encryption Process:</b> -<ul> -<li>Uses X25519 for key exchange</li> -<li>mplements box.Seal for authenticated encryption</li> -<li>Uses random nonces for each encryption</li> -<li>Zero-copy buffer handling for sensitive data</li> - </ul> - -<h4>Virtual Keyboard Security Features:</h4> -<ul> -<li>Randomized key layout on each activation</li> -<li>Right-click secondary character access</li> -<li>Drag-and-drop positioning</li> -<li>Memory-safe input handling</li> -<li>Protection against keyloggers</li> - </ul> -<b>Security Assessment:</b> + <div class="section"> + <h2>Memory-Hardened Cryptography</h2> + <pre><code>lockedKey, _ := memguard.NewImmutableFromBytes(key) +defer lockedKey.Destroy()</code></pre> + <ul> + <li><strong>Argon2 in Protected Memory:</strong> + <ul> + <li>Memory-hard derivation in locked buffers</li> + <li>Secure salt handling</li> + </ul> + </li> + <li><strong>Multi-Layer Protection:</strong> + <ul> + <li>mlock() system calls</li> + <li>MADV_DONTDUMP flags</li> + <li>Guard pages</li> + </ul> + </li> + </ul> + </div> + + <div class="section"> + <h2>MemGuard Best Practices</h2> + <ul> + <li>๐ Always use <code>defer .Destroy()</code> with LockedBuffers</li> + <li>๐ก๏ธ Prefer <code>NewImmutable</code> for long-lived secrets</li> + <li>โ ๏ธ Never expose Enclave contents to logging</li> + <li>๐ Use rolling buffers for repeated operations</li> + <li>๐งน Explicit <code>Purge()</code> after critical operations</li> + </ul> + </div> +</body> -<p>The application provides strong protection against:</p> -<h4>RAM-based attacks:</h4> -<ul> -<li>Protected by memguard's secure memory allocation</li> -<li>Keys are automatically wiped from memory</li> -<li>No sensitive data in regular heap memory</li> -<li>Protected against cold boot attacks</li> - </ul> -<h4>Network-based threats:</h4> -<ul> -<li>All API endpoints use HTTPS</li> -<li>Proper CORS implementation</li> -<li>Input validation on all endpoints</li> -<li>Session-based authentication</li> - </ul> -<h4>Keylogging protection:</h4> -<ul> -<li>Virtual keyboard bypasses system keyboard</li> -<li>Randomized layout prevents pattern analysis</li> -<li>No physical key events to intercept</li> -<li>Protection against both software and hardware keyloggers</li> - </ul> - -<h4>Malware resistance:</h4> -<p>The combination of memguard protection and the virtual keyboard makes it extremely difficult for malware to capture sensitive data because:</p> -Encryption keys are never exposed in regular memory.<br> -Virtual keyboard prevents keylogging.<br> -Memory is actively protected against dumping attempts.<br> -<h4>Overall Security Assessment:</h4> -<p>The application provides robust protection against both memory-based attacks and network-based threats.</p> -<p>The use of memguard for memory protection, combined with the virtual keyboard's anti-keylogging features, creates multiple layers of security that make it extremely difficult for malware or spyware to capture sensitive data.</p> |
