From d6796a43bc3803e3c018155f207ca7b2e2890c51 Mon Sep 17 00:00:00 2001 From: Gab <24553253+gabrix73@users.noreply.github.com> Date: Tue, 14 Oct 2025 19:15:17 +0200 Subject: Update README.html --- README.html | 784 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 784 insertions(+) (limited to 'README.html') diff --git a/README.html b/README.html index 8b13789..9e91bd4 100644 --- a/README.html +++ b/README.html @@ -1 +1,785 @@ + + + + + + NoFuture-Memguard-PQ - Ephemeral Post-Quantum Text Encryption + + + +
+
+ + +
+ + +
+

🔐 NoFuture-Memguard-PQ

+

Ephemeral Post-Quantum Text Encryption Plugin for Mainstream Chats

+

Version 0.5.0 | Built with love and defiance | Privacy is a human right, not a feature

+ +
+ 🛡️ Core Security Philosophy: NoFuture-Memguard-PQ is a detached external encryption plugin designed to work alongside mainstream chat applications (WhatsApp Web, Telegram, Signal, etc.) without ever being part of them. This architectural isolation is the foundation of its security. +
+ +

📌 What is NoFuture-Memguard-PQ?

+

NoFuture-Memguard-PQ is a browser-based encryption tool that acts as an external cryptographic plugin for any instant messaging platform. You use it in one browser tab while your mainstream chat runs in another tab. Messages are encrypted locally in your browser, and only the ciphertext is transmitted through the untrusted mainstream channel.

+ +

Key Concept: Your plaintext and cryptographic keys never enter the mainstream chat application. The chat platform only sees encrypted data it cannot decrypt.

+ +

🎯 Why "Detached" Architecture is Critical for Security

+ +

The Problem with Integrated Plugins

+

If NoFuture-Memguard-PQ were an official plugin integrated into WhatsApp, Telegram, or any mainstream platform, it would not be trustworthy because:

+ + +

The Solution: Complete Isolation

+

NoFuture-Memguard-PQ is completely separate from mainstream chat platforms:

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ComponentWhere It LivesWho Controls It
Your private keysNoFuture tab (protected RAM)You (not the chat platform)
Plaintext messagesNoFuture tab (protected RAM)You (not the chat platform)
Encryption/DecryptionNoFuture tab (client-side)You (not the chat platform)
Ciphertext onlyMainstream chat tabChat platform (but it's useless to them)
+ +
+ 🔒 Security Guarantee: Because NoFuture-Memguard-PQ is detached, mainstream chat platforms have zero access to your keys or plaintext. Even if WhatsApp, Telegram, or Signal were completely compromised, your encrypted conversations remain secure. The ciphertext stored in their servers is mathematically impossible to decrypt without your session keys—which are destroyed after the session ends. +
+ +

🧠 Multi-Layer Security Architecture

+

The security of NoFuture-Memguard-PQ is based on defense in depth, with multiple independent protection layers working simultaneously:

+ +

1. Memguard: The FoundationMOST CRITICAL

+

Memguard is a Go library for handling sensitive data in memory. It is the primary security mechanism protecting both your cryptographic keys and plaintext messages.

+ +

What Memguard Protects:

+ + +

How Memguard Works:

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Attack VectorMemguard Protection
Memory dumps (even by root)Data stored in encrypted memory pages outside the Go heap
Swap file analysismlock() system call prevents swapping to disk
Debugger attachment (gdb, lldb)Memory is encrypted in RAM; debugger sees only ciphertext
Core dumps on crashAutomatic purge on crash via memguard.CatchInterrupt()
Garbage collector inspectionSensitive buffers are off-heap, invisible to GC
Cold boot attacksMemory wiped on process exit; no residual data
+ +
+ 🔥 Critical Security Feature: Not even the server administrator with root access can dump your keys or plaintext from RAM. Memguard's kernel-level memory protection makes sensitive data forensically unrecoverable even with physical access to the server's RAM. +
+ +

2. Post-Quantum CryptographyHIGH PRIORITY

+

While memguard protects data in memory, post-quantum cryptography protects data in transit and at rest against future quantum computer attacks.

+ +

Current Implementation (v0.5.0):

+ + +
+ ⚠️ Roadmap: Future versions will integrate true post-quantum algorithms: +
    +
  • Kyber1024-90s for key encapsulation (KEM)
  • +
  • Dilithium5-AES for digital signatures (authentication)
  • +
+ These are NIST-standardized post-quantum cryptography algorithms designed to resist attacks from quantum computers. +
+ +

3. Additional Security Layers

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
LayerPurposeProtection Against
Detached ArchitectureIsolation from mainstream platformsBackdoors, ChatControl, platform compromise
Authenticated Encryption (AEAD)XChaCha20-Poly1305Tampering, bit-flipping, MITM attacks
Session IsolationUnique keys per sessionCross-session attacks, replay attacks
Rate Limiting60 requests/minute per IPBrute force, DoS attacks
Request Size LimitsMax 1MB per requestMemory exhaustion, DoS
Session Timeout24 hours max lifetimeAbandoned sessions, stale keys
Total Key DestructionSecure wipe on session endForensic recovery, future access
+ +

🔑 How It Works: 5-Phase Workflow

+ +
+

Usage Scenario: Alice wants to send a secure message to Bob using WhatsApp Web (or any chat platform).

+
+ +

Phase 1: Session Creation

+

Alice opens NoFuture-Memguard-PQ in a browser tab and clicks "Start New Session".

+
// What happens under the hood:
+1. Generate Curve25519 key pair (32-byte private + public keys)
+2. Generate random 24-byte nonce
+3. Create Session ID = SHA256(publicKey + nonce)
+4. Store all keys in memguard.LockedBuffer (encrypted RAM)
+5. Return Session ID to Alice
+ +

Phase 2: Session ID Exchange

+

Alice copies her Session ID and sends it to Bob via WhatsApp Web.

+
+ Note: The Session ID is not sensitive. It's a cryptographic descriptor containing only public information. It can be transmitted over any channel, even unencrypted. +
+ +

Phase 3: Pairing (Key Agreement)

+

Bob also starts a session and gets his own Session ID. Both Alice and Bob paste each other's Session IDs into NoFuture-Memguard-PQ and click "Pair Sessions".

+
// What happens under the hood:
+1. Alice's browser fetches Bob's public key via Session ID
+2. Compute shared secret using NaCl box precomputation:
+   sharedSecret = box.Precompute(myPrivateKey, theirPublicKey)
+3. Store sharedSecret in memguard.LockedBuffer
+4. Sessions are now synchronized
+ +

No manual key exchange needed. The shared secret is derived automatically using Diffie-Hellman key exchange (Curve25519).

+ +

Phase 4: Encrypted Communication

+ +

Alice encrypts a message:

+
    +
  1. Alice types plaintext in NoFuture-Memguard-PQ: "Meet me at 3pm"
  2. +
  3. Plaintext is stored in memguard.LockedBuffer (protected RAM)
  4. +
  5. Encrypted using XChaCha20-Poly1305 with the shared secret
  6. +
  7. Alice copies the ciphertext and pastes it into WhatsApp Web
  8. +
  9. Plaintext buffer is immediately destroyed after encryption
  10. +
+ +

Bob decrypts the message:

+
    +
  1. Bob receives the ciphertext via WhatsApp Web
  2. +
  3. Bob copies the ciphertext and pastes it into NoFuture-Memguard-PQ
  4. +
  5. Decrypted using the shared secret (authenticated encryption verifies integrity)
  6. +
  7. Plaintext is displayed in a memguard.LockedBuffer
  8. +
  9. After reading, Bob can destroy the plaintext manually
  10. +
+ +
+ 🔒 What WhatsApp sees: Only meaningless hexadecimal strings. Even if WhatsApp's servers are compromised, the ciphertext is mathematically useless without the session keys—which exist only in Alice and Bob's browsers, protected by memguard, and destroyed after the session ends. +
+ +

Phase 5: Session Termination (Total Destruction)

+

When Alice or Bob clicks "End Session":

+
// What happens under the hood:
+1. session.PrivateKey.Destroy()     // Secure wipe
+2. session.PublicKey.Destroy()      // Secure wipe
+3. session.SharedSecret.Destroy()   // Secure wipe
+4. session.Nonce.Destroy()          // Secure wipe
+5. Delete session from server memory
+6. memguard.Purge() on process exit
+ +
+ 🔥 No Future Access: Once the session ends, the cryptographic keys are irreversibly destroyed. Even if an attacker obtains the ciphertext from WhatsApp's servers years later, it is permanently unreadable. This is the meaning of "ephemeral" encryption. +
+ +

+ One conversation. One key. One chance to read. No future access. +

+ +

🛡️ Defense Against Local Attacks

+ +

🖱️ Virtual Keyboard (Anti-Keylogger)

+

NoFuture-Memguard-PQ includes an optional on-screen virtual keyboard with a randomized layout to protect against local keyloggers and spyware.

+ + + + + + + + + + + + + + + + + + + + + + +
ThreatVirtual Keyboard Protection
Hardware keyloggersNo physical keyboard events generated
Software keyloggers (reading /dev/input)Mouse clicks only; no keystroke events
Screen recording malwareRandomized layout changes each session (partial mitigation)
+ +

🚀 Installation & Usage

+ +

Prerequisites

+
- Go 1.21 or later
+- Linux/macOS/Windows (memguard works on all platforms)
+ +

Installation

+
git clone https://github.com/yourusername/nofuture-memguard-pq.git
+cd nofuture-memguard-pq
+go mod download
+go build -o nofuture main.go
+ +

Running the Server

+
./nofuture
+

Server starts on http://localhost:8080

+ +
+ ⚠️ Production Deployment: +
    +
  • Use a reverse proxy (nginx, Caddy) with HTTPS/TLS certificates
  • +
  • Configure CORS to allow only your domain
  • +
  • Run behind a firewall with rate limiting
  • +
  • Never expose the Go server directly to the internet without TLS
  • +
+
+ +

Usage Example

+
    +
  1. Open http://localhost:8080 in one browser tab
  2. +
  3. Open WhatsApp Web (or Telegram, Signal, etc.) in another tab
  4. +
  5. Click "Start New Session" in NoFuture-Memguard-PQ
  6. +
  7. Share your Session ID with your contact via the chat app
  8. +
  9. Receive their Session ID and click "Pair Sessions"
  10. +
  11. Type your message, click "Encrypt", copy the ciphertext
  12. +
  13. Paste the ciphertext into the mainstream chat and send
  14. +
  15. Receive ciphertext from your contact, paste into NoFuture-Memguard-PQ, click "Decrypt"
  16. +
  17. When done, click "End Session" to destroy all keys
  18. +
+ +

📊 Security Comparison

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FeatureWhatsApp E2EESignalNoFuture-Memguard-PQ
Keys stored by providerBackup keys (optional)No❌ Never (detached)
Memory protectionStandard heapStandard heap✅ Memguard (encrypted RAM)
Resistant to root accessNoNo✅ Yes (mlock + encrypted buffers)
ChatControl/backdoor riskPossible (integrated)Possible (integrated)❌ Impossible (detached)
Post-quantum readyNo (ECDH)No (X25519)🔄 Roadmap (Kyber/Dilithium)
Forward secrecyYes (Double Ratchet)Yes (Double Ratchet)⚠️ Per-session only (v0.5)
Metadata protectionNoPartial (sealed sender)✅ Yes (mainstream sees only ciphertext)
+ +

⚠️ Current Limitations (v0.5.0)

+ + +

🗺️ Roadmap

+ + +

📜 License

+

MIT License - Free and open source

+ +

🤝 Contributing

+

This project is built with love and defiance. Contributions are welcome. Please:

+ + +

💬 Support

+

For questions, feature requests, or security reports, open an issue on GitHub.

+ +
+

Privacy is not a feature—it's a human right.

+

Built with love and defiance against mass surveillance.

+
+
+ + + +
+ + + + -- cgit v1.2.3