From dc1f5a14c58d2b098a35db7b073f48137dd1c13d Mon Sep 17 00:00:00 2001
From: Gab <24553253+gabrix73@users.noreply.github.com>
Date: Thu, 13 Feb 2025 15:08:10 +0100
Subject: Update README.md
---
README.md | 171 +++++++++++++++++++++++++++++++++++++-------------------------
1 file changed, 101 insertions(+), 70 deletions(-)
(limited to 'README.md')
diff --git a/README.md b/README.md
index a05cb6f..9a2b9d1 100644
--- a/README.md
+++ b/README.md
@@ -1,78 +1,109 @@
-# Nofuture-Buddy-Go-Memguard
-Web application for ephemeral encryption of texts. Paring the sessions with an interlocutor permets encryption/decryption of conversations via an external realtime communication applications.
+
+
+ Nofuture.go - Post-Quantum Cryptographic Core Documentation
+
+
+
+ Nofuture.go - Post-Quantum Cryptographic System
-Technical Analysis:
+
+
MemGuard Initialization & Configuration
+
memguard.CatchInterrupt()
+memguard.Purge()
+unix.Mlockall(unix.MCL_CURRENT | unix.MCL_FUTURE)
+
+ - Secure Memory Locking: Prevents swapping sensitive data to disk
+ - Interrupt Handling: Automatic memory purge on SIGINT/SIGTERM
+ - Deep Memory Purge: Secure wiping of allocated buffers
+
+
-Nofuture Core Security Features:
-
-- Uses memguard for secure memory management
-- Implements curve25519 for public-key cryptography
-- Employs NaCl's box encryption for message security
-- Utilizes secure session management with random IDs
-- Implements CORS protection with proper headers
-
-Key Security Components:
+
+
MemGuard in Key Lifecycle Management
+
passphrase, _ := memguard.NewImmutableRandom(32)
+defer passphrase.Destroy()
+
+ - Immutable Buffers: Write-protected memory regions
+ - Ephemeral Storage: Keys exist only in protected memory
+ - Automatic Destruction: Guaranteed wipe with defer
+
+
-a) Memory Protection:
+
+
Enclave-Based Cryptography
+
func deriveEnclaveKey(passphrase *memguard.Enclave) {
+ passBuf, _ := passphrase.Open()
+ defer passBuf.Destroy()
+}
+
+ - Double-Layer Protection: Enclave wrapping + locked buffers
+ - Controlled Exposure: Temporary buffer access patterns
+ - Zero-Copy Architecture: Minimize memory exposure
+
+
-memguard.CatchInterrupt()
-defer memguard.Purge()
-This ensures sensitive data is wiped from memory when the program terminates or receives an interrupt signal.
+
+
Quantum-Safe Key Exchange
+
pubKey, secKey, _ := quantumKEMKeyPair()
+defer pubKey.Destroy()
+defer secKey.Destroy()
+
+ - MemGuard-Protected Keys:
+
+ - Public Key: Immutable locked buffer
+ - Private Key: Enclave-wrapped storage
+
+
+ - Zeroization on Completion: Guaranteed key destruction
+
+
-b) Session Management:
-
-- Private keys are stored in memguard.LockedBuffer
-- Public keys are stored as regular bytes
-- Sessions are managed in a thread-safe sync.Map
-- Session IDs use cryptographically secure random generation
+
+
Secure Session Management
+
type QuantumSession struct {
+ sessionKey *memguard.Enclave
+ remotePubKey *memguard.Enclave
+}
+
+ - Enclave-Wrapped Session Keys: Encrypted memory storage
+ - Forward Secrecy: Ephemeral session keys
+ - Compartmentalization: Isolated memory regions per session
+
+
-c) Encryption Process:
-
-- Uses X25519 for key exchange
-- mplements box.Seal for authenticated encryption
-- Uses random nonces for each encryption
-- Zero-copy buffer handling for sensitive data
-
-
-Virtual Keyboard Security Features:
-
-- Randomized key layout on each activation
-- Right-click secondary character access
-- Drag-and-drop positioning
-- Memory-safe input handling
-- Protection against keyloggers
-
-Security Assessment:
+
+
Memory-Hardened Cryptography
+
lockedKey, _ := memguard.NewImmutableFromBytes(key)
+defer lockedKey.Destroy()
+
+ - Argon2 in Protected Memory:
+
+ - Memory-hard derivation in locked buffers
+ - Secure salt handling
+
+
+ - Multi-Layer Protection:
+
+ - mlock() system calls
+ - MADV_DONTDUMP flags
+ - Guard pages
+
+
+
+
+
+
+
MemGuard Best Practices
+
+ - ๐ Always use
defer .Destroy() with LockedBuffers
+ - ๐ก๏ธ Prefer
NewImmutable for long-lived secrets
+ - โ ๏ธ Never expose Enclave contents to logging
+ - ๐ Use rolling buffers for repeated operations
+ - ๐งน Explicit
Purge() after critical operations
+
+
+
-The application provides strong protection against:
-RAM-based attacks:
-
-- Protected by memguard's secure memory allocation
-- Keys are automatically wiped from memory
-- No sensitive data in regular heap memory
-- Protected against cold boot attacks
-
-Network-based threats:
-
-- All API endpoints use HTTPS
-- Proper CORS implementation
-- Input validation on all endpoints
-- Session-based authentication
-
-Keylogging protection:
-
-- Virtual keyboard bypasses system keyboard
-- Randomized layout prevents pattern analysis
-- No physical key events to intercept
-- Protection against both software and hardware keyloggers
-
-
-Malware resistance:
-The combination of memguard protection and the virtual keyboard makes it extremely difficult for malware to capture sensitive data because:
-Encryption keys are never exposed in regular memory.
-Virtual keyboard prevents keylogging.
-Memory is actively protected against dumping attempts.
-Overall Security Assessment:
-The application provides robust protection against both memory-based attacks and network-based threats.
-The use of memguard for memory protection, combined with the virtual keyboard's anti-keylogging features, creates multiple layers of security that make it extremely difficult for malware or spyware to capture sensitive data.
--
cgit v1.2.3