1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
|
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>NoFuture-Memguard-PQ - Ephemeral Post-Quantum Text Encryption</title>
<style>
body {
font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Arial, sans-serif;
margin: 40px;
background-color: #f4f4f4;
color: #333;
line-height: 1.6;
}
.container {
max-width: 1000px;
margin: auto;
background: white;
padding: 40px;
border-radius: 8px;
box-shadow: 0 0 20px rgba(0, 0, 0, 0.1);
}
h1 {
color: #0056b3;
border-bottom: 3px solid #0056b3;
padding-bottom: 10px;
}
h2 {
color: #0056b3;
margin-top: 30px;
border-left: 4px solid #0056b3;
padding-left: 15px;
}
h3 {
color: #764ba2;
margin-top: 20px;
}
pre {
background: #272822;
color: #f8f8f2;
padding: 15px;
border-radius: 5px;
overflow-x: auto;
font-size: 14px;
}
code {
background: #f4f4f4;
padding: 2px 6px;
border-radius: 3px;
font-family: 'Courier New', monospace;
}
pre code {
background: transparent;
padding: 0;
}
.warning-box {
background: #fff3cd;
border-left: 5px solid #ffc107;
padding: 15px;
margin: 20px 0;
border-radius: 5px;
}
.security-box {
background: #d4edda;
border-left: 5px solid #28a745;
padding: 15px;
margin: 20px 0;
border-radius: 5px;
}
.danger-box {
background: #f8d7da;
border-left: 5px solid #dc3545;
padding: 15px;
margin: 20px 0;
border-radius: 5px;
}
table {
width: 100%;
border-collapse: collapse;
margin-top: 15px;
margin-bottom: 20px;
}
th, td {
border: 1px solid #ddd;
padding: 12px;
text-align: left;
}
th {
background-color: #0056b3;
color: white;
font-weight: 600;
}
tr:nth-child(even) {
background-color: #f9f9f9;
}
ul, ol {
margin-left: 20px;
margin-bottom: 15px;
}
li {
margin-bottom: 8px;
}
.badge {
display: inline-block;
padding: 3px 8px;
border-radius: 12px;
font-size: 0.85em;
font-weight: 600;
margin-left: 8px;
}
.badge-critical {
background: #28a745;
color: white;
}
.badge-high {
background: #17a2b8;
color: white;
}
.lang-switch {
text-align: right;
margin-bottom: 20px;
}
button {
padding: 8px 16px;
margin: 5px;
cursor: pointer;
border: none;
border-radius: 5px;
font-weight: 600;
}
.it {
background: #0056b3;
color: white;
}
.en {
background: #28a745;
color: white;
}
.hidden {
display: none;
}
a {
color: #0056b3;
text-decoration: none;
}
a:hover {
text-decoration: underline;
}
</style>
</head>
<body>
<div class="container">
<div class="lang-switch">
<button class="it" onclick="toggleLang('it')">🇮🇹 ITA</button>
<button class="en" onclick="toggleLang('en')">🇬🇧 ENG</button>
</div>
<!-- ENGLISH CONTENT -->
<div id="content-en">
<h1>🔐 NoFuture-Memguard-PQ</h1>
<p style="font-size: 1.2em; color: #666; font-style: italic;">Ephemeral Post-Quantum Text Encryption Plugin for Mainstream Chats</p>
<p><strong>Version 0.5.0</strong> | Built with love and defiance | Privacy is a human right, not a feature</p>
<div class="security-box">
<strong>🛡️ Core Security Philosophy:</strong> NoFuture-Memguard-PQ is a <strong>detached external encryption plugin</strong> designed to work alongside mainstream chat applications (WhatsApp Web, Telegram, Signal, etc.) without ever being part of them. This architectural isolation is the foundation of its security.
</div>
<h2>📌 What is NoFuture-Memguard-PQ?</h2>
<p>NoFuture-Memguard-PQ is a browser-based encryption tool that acts as an <strong>external cryptographic plugin</strong> for any instant messaging platform. You use it in one browser tab while your mainstream chat runs in another tab. Messages are encrypted locally in your browser, and only the ciphertext is transmitted through the untrusted mainstream channel.</p>
<p><strong>Key Concept:</strong> Your plaintext and cryptographic keys <strong>never enter the mainstream chat application</strong>. The chat platform only sees encrypted data it cannot decrypt.</p>
<h2>🎯 Why "Detached" Architecture is Critical for Security</h2>
<h3>The Problem with Integrated Plugins</h3>
<p>If NoFuture-Memguard-PQ were an official plugin integrated into WhatsApp, Telegram, or any mainstream platform, it would <strong>not be trustworthy</strong> because:</p>
<ul>
<li>The platform provider could access your encryption keys</li>
<li>Server-side backdoors could be mandated by governments (ChatControl, EARN IT Act, etc.)</li>
<li>Platform updates could silently compromise encryption</li>
<li>Your private keys would be within the platform's security perimeter</li>
</ul>
<h3>The Solution: Complete Isolation</h3>
<p>NoFuture-Memguard-PQ is <strong>completely separate</strong> from mainstream chat platforms:</p>
<table>
<thead>
<tr>
<th>Component</th>
<th>Where It Lives</th>
<th>Who Controls It</th>
</tr>
</thead>
<tbody>
<tr>
<td><strong>Your private keys</strong></td>
<td>NoFuture tab (protected RAM)</td>
<td>You (not the chat platform)</td>
</tr>
<tr>
<td><strong>Plaintext messages</strong></td>
<td>NoFuture tab (protected RAM)</td>
<td>You (not the chat platform)</td>
</tr>
<tr>
<td><strong>Encryption/Decryption</strong></td>
<td>NoFuture tab (client-side)</td>
<td>You (not the chat platform)</td>
</tr>
<tr>
<td><strong>Ciphertext only</strong></td>
<td>Mainstream chat tab</td>
<td>Chat platform (but it's useless to them)</td>
</tr>
</tbody>
</table>
<div class="security-box">
<strong>🔒 Security Guarantee:</strong> Because NoFuture-Memguard-PQ is detached, mainstream chat platforms have <strong>zero access</strong> to your keys or plaintext. Even if WhatsApp, Telegram, or Signal were completely compromised, your encrypted conversations remain secure. The ciphertext stored in their servers is mathematically impossible to decrypt without your session keys—which are destroyed after the session ends.
</div>
<h2>🧠 Multi-Layer Security Architecture</h2>
<p>The security of NoFuture-Memguard-PQ is based on <strong>defense in depth</strong>, with multiple independent protection layers working simultaneously:</p>
<h3>1. Memguard: The Foundation<span class="badge badge-critical">MOST CRITICAL</span></h3>
<p><a href="https://github.com/awnumar/memguard">Memguard</a> is a Go library for handling sensitive data in memory. It is the <strong>primary security mechanism</strong> protecting both your cryptographic keys and plaintext messages.</p>
<h4>What Memguard Protects:</h4>
<ul>
<li><strong>Private keys</strong> (Curve25519 for NaCl box)</li>
<li><strong>Public keys</strong></li>
<li><strong>Shared secrets</strong> (derived from key exchange)</li>
<li><strong>Plaintext messages</strong> (before encryption / after decryption)</li>
<li><strong>Session nonces</strong></li>
</ul>
<h4>How Memguard Works:</h4>
<table>
<thead>
<tr>
<th>Attack Vector</th>
<th>Memguard Protection</th>
</tr>
</thead>
<tbody>
<tr>
<td>Memory dumps (even by root)</td>
<td>Data stored in encrypted memory pages outside the Go heap</td>
</tr>
<tr>
<td>Swap file analysis</td>
<td><code>mlock()</code> system call prevents swapping to disk</td>
</tr>
<tr>
<td>Debugger attachment (gdb, lldb)</td>
<td>Memory is encrypted in RAM; debugger sees only ciphertext</td>
</tr>
<tr>
<td>Core dumps on crash</td>
<td>Automatic purge on crash via <code>memguard.CatchInterrupt()</code></td>
</tr>
<tr>
<td>Garbage collector inspection</td>
<td>Sensitive buffers are off-heap, invisible to GC</td>
</tr>
<tr>
<td>Cold boot attacks</td>
<td>Memory wiped on process exit; no residual data</td>
</tr>
</tbody>
</table>
<div class="danger-box">
<strong>🔥 Critical Security Feature:</strong> Not even the server administrator with root access can dump your keys or plaintext from RAM. Memguard's kernel-level memory protection makes sensitive data <strong>forensically unrecoverable</strong> even with physical access to the server's RAM.
</div>
<h3>2. Post-Quantum Cryptography<span class="badge badge-high">HIGH PRIORITY</span></h3>
<p>While memguard protects data in memory, post-quantum cryptography protects data in transit and at rest against future quantum computer attacks.</p>
<h4>Current Implementation (v0.5.0):</h4>
<ul>
<li><strong>Key Exchange:</strong> NaCl box (Curve25519 + XSalsa20-Poly1305)</li>
<li><strong>Symmetric Encryption:</strong> XChaCha20-Poly1305 (AEAD)</li>
</ul>
<div class="warning-box">
<strong>⚠️ Roadmap:</strong> Future versions will integrate true post-quantum algorithms:
<ul>
<li><strong>Kyber1024-90s</strong> for key encapsulation (KEM)</li>
<li><strong>Dilithium5-AES</strong> for digital signatures (authentication)</li>
</ul>
These are NIST-standardized post-quantum cryptography algorithms designed to resist attacks from quantum computers.
</div>
<h3>3. Additional Security Layers</h3>
<table>
<thead>
<tr>
<th>Layer</th>
<th>Purpose</th>
<th>Protection Against</th>
</tr>
</thead>
<tbody>
<tr>
<td><strong>Detached Architecture</strong></td>
<td>Isolation from mainstream platforms</td>
<td>Backdoors, ChatControl, platform compromise</td>
</tr>
<tr>
<td><strong>Authenticated Encryption (AEAD)</strong></td>
<td>XChaCha20-Poly1305</td>
<td>Tampering, bit-flipping, MITM attacks</td>
</tr>
<tr>
<td><strong>Session Isolation</strong></td>
<td>Unique keys per session</td>
<td>Cross-session attacks, replay attacks</td>
</tr>
<tr>
<td><strong>Rate Limiting</strong></td>
<td>60 requests/minute per IP</td>
<td>Brute force, DoS attacks</td>
</tr>
<tr>
<td><strong>Request Size Limits</strong></td>
<td>Max 1MB per request</td>
<td>Memory exhaustion, DoS</td>
</tr>
<tr>
<td><strong>Session Timeout</strong></td>
<td>24 hours max lifetime</td>
<td>Abandoned sessions, stale keys</td>
</tr>
<tr>
<td><strong>Total Key Destruction</strong></td>
<td>Secure wipe on session end</td>
<td>Forensic recovery, future access</td>
</tr>
</tbody>
</table>
<h2>🔑 How It Works: 5-Phase Workflow</h2>
<div style="background: #f8f9fa; padding: 20px; border-radius: 8px; margin: 20px 0;">
<p style="font-size: 1.1em;"><strong>Usage Scenario:</strong> Alice wants to send a secure message to Bob using WhatsApp Web (or any chat platform).</p>
</div>
<h3>Phase 1: Session Creation</h3>
<p><strong>Alice</strong> opens NoFuture-Memguard-PQ in a browser tab and clicks "Start New Session".</p>
<pre><code>// What happens under the hood:
1. Generate Curve25519 key pair (32-byte private + public keys)
2. Generate random 24-byte nonce
3. Create Session ID = SHA256(publicKey + nonce)
4. Store all keys in memguard.LockedBuffer (encrypted RAM)
5. Return Session ID to Alice</code></pre>
<h3>Phase 2: Session ID Exchange</h3>
<p><strong>Alice</strong> copies her Session ID and sends it to <strong>Bob</strong> via WhatsApp Web.</p>
<div class="warning-box">
<strong>Note:</strong> The Session ID is <strong>not sensitive</strong>. It's a cryptographic descriptor containing only public information. It can be transmitted over any channel, even unencrypted.
</div>
<h3>Phase 3: Pairing (Key Agreement)</h3>
<p><strong>Bob</strong> also starts a session and gets his own Session ID. Both Alice and Bob paste each other's Session IDs into NoFuture-Memguard-PQ and click "Pair Sessions".</p>
<pre><code>// What happens under the hood:
1. Alice's browser fetches Bob's public key via Session ID
2. Compute shared secret using NaCl box precomputation:
sharedSecret = box.Precompute(myPrivateKey, theirPublicKey)
3. Store sharedSecret in memguard.LockedBuffer
4. Sessions are now synchronized</code></pre>
<p><strong>No manual key exchange needed.</strong> The shared secret is derived automatically using Diffie-Hellman key exchange (Curve25519).</p>
<h3>Phase 4: Encrypted Communication</h3>
<h4>Alice encrypts a message:</h4>
<ol>
<li>Alice types plaintext in NoFuture-Memguard-PQ: <code>"Meet me at 3pm"</code></li>
<li>Plaintext is stored in <code>memguard.LockedBuffer</code> (protected RAM)</li>
<li>Encrypted using XChaCha20-Poly1305 with the shared secret</li>
<li>Alice copies the ciphertext and pastes it into WhatsApp Web</li>
<li>Plaintext buffer is immediately destroyed after encryption</li>
</ol>
<h4>Bob decrypts the message:</h4>
<ol>
<li>Bob receives the ciphertext via WhatsApp Web</li>
<li>Bob copies the ciphertext and pastes it into NoFuture-Memguard-PQ</li>
<li>Decrypted using the shared secret (authenticated encryption verifies integrity)</li>
<li>Plaintext is displayed in a <code>memguard.LockedBuffer</code></li>
<li>After reading, Bob can destroy the plaintext manually</li>
</ol>
<div class="security-box">
<strong>🔒 What WhatsApp sees:</strong> Only meaningless hexadecimal strings. Even if WhatsApp's servers are compromised, the ciphertext is mathematically useless without the session keys—which exist only in Alice and Bob's browsers, protected by memguard, and destroyed after the session ends.
</div>
<h3>Phase 5: Session Termination (Total Destruction)</h3>
<p>When Alice or Bob clicks "End Session":</p>
<pre><code>// What happens under the hood:
1. session.PrivateKey.Destroy() // Secure wipe
2. session.PublicKey.Destroy() // Secure wipe
3. session.SharedSecret.Destroy() // Secure wipe
4. session.Nonce.Destroy() // Secure wipe
5. Delete session from server memory
6. memguard.Purge() on process exit</code></pre>
<div class="danger-box">
<strong>🔥 No Future Access:</strong> Once the session ends, the cryptographic keys are <strong>irreversibly destroyed</strong>. Even if an attacker obtains the ciphertext from WhatsApp's servers years later, it is <strong>permanently unreadable</strong>. This is the meaning of "ephemeral" encryption.
</div>
<p style="text-align: center; font-size: 1.3em; font-weight: bold; margin: 30px 0; padding: 20px; background: #d4edda; border-radius: 8px;">
One conversation. One key. One chance to read. No future access.
</p>
<h2>🛡️ Defense Against Local Attacks</h2>
<h3>🖱️ Virtual Keyboard (Anti-Keylogger)</h3>
<p>NoFuture-Memguard-PQ includes an optional on-screen virtual keyboard with a randomized layout to protect against local keyloggers and spyware.</p>
<table>
<thead>
<tr>
<th>Threat</th>
<th>Virtual Keyboard Protection</th>
</tr>
</thead>
<tbody>
<tr>
<td>Hardware keyloggers</td>
<td>No physical keyboard events generated</td>
</tr>
<tr>
<td>Software keyloggers (reading <code>/dev/input</code>)</td>
<td>Mouse clicks only; no keystroke events</td>
</tr>
<tr>
<td>Screen recording malware</td>
<td>Randomized layout changes each session (partial mitigation)</td>
</tr>
</tbody>
</table>
<h2>🚀 Installation & Usage</h2>
<h3>Prerequisites</h3>
<pre><code>- Go 1.21 or later
- Linux/macOS/Windows (memguard works on all platforms)</code></pre>
<h3>Installation</h3>
<pre><code>git clone https://github.com/yourusername/nofuture-memguard-pq.git
cd nofuture-memguard-pq
go mod download
go build -o nofuture main.go</code></pre>
<h3>Running the Server</h3>
<pre><code>./nofuture</code></pre>
<p>Server starts on <code>http://localhost:8080</code></p>
<div class="warning-box">
<strong>⚠️ Production Deployment:</strong>
<ul>
<li>Use a reverse proxy (nginx, Caddy) with HTTPS/TLS certificates</li>
<li>Configure CORS to allow only your domain</li>
<li>Run behind a firewall with rate limiting</li>
<li>Never expose the Go server directly to the internet without TLS</li>
</ul>
</div>
<h3>Usage Example</h3>
<ol>
<li>Open <code>http://localhost:8080</code> in one browser tab</li>
<li>Open WhatsApp Web (or Telegram, Signal, etc.) in another tab</li>
<li>Click "Start New Session" in NoFuture-Memguard-PQ</li>
<li>Share your Session ID with your contact via the chat app</li>
<li>Receive their Session ID and click "Pair Sessions"</li>
<li>Type your message, click "Encrypt", copy the ciphertext</li>
<li>Paste the ciphertext into the mainstream chat and send</li>
<li>Receive ciphertext from your contact, paste into NoFuture-Memguard-PQ, click "Decrypt"</li>
<li>When done, click "End Session" to destroy all keys</li>
</ol>
<h2>📊 Security Comparison</h2>
<table>
<thead>
<tr>
<th>Feature</th>
<th>WhatsApp E2EE</th>
<th>Signal</th>
<th>NoFuture-Memguard-PQ</th>
</tr>
</thead>
<tbody>
<tr>
<td><strong>Keys stored by provider</strong></td>
<td>Backup keys (optional)</td>
<td>No</td>
<td>❌ Never (detached)</td>
</tr>
<tr>
<td><strong>Memory protection</strong></td>
<td>Standard heap</td>
<td>Standard heap</td>
<td>✅ Memguard (encrypted RAM)</td>
</tr>
<tr>
<td><strong>Resistant to root access</strong></td>
<td>No</td>
<td>No</td>
<td>✅ Yes (mlock + encrypted buffers)</td>
</tr>
<tr>
<td><strong>ChatControl/backdoor risk</strong></td>
<td>Possible (integrated)</td>
<td>Possible (integrated)</td>
<td>❌ Impossible (detached)</td>
</tr>
<tr>
<td><strong>Post-quantum ready</strong></td>
<td>No (ECDH)</td>
<td>No (X25519)</td>
<td>🔄 Roadmap (Kyber/Dilithium)</td>
</tr>
<tr>
<td><strong>Forward secrecy</strong></td>
<td>Yes (Double Ratchet)</td>
<td>Yes (Double Ratchet)</td>
<td>⚠️ Per-session only (v0.5)</td>
</tr>
<tr>
<td><strong>Metadata protection</strong></td>
<td>No</td>
<td>Partial (sealed sender)</td>
<td>✅ Yes (mainstream sees only ciphertext)</td>
</tr>
</tbody>
</table>
<h2>⚠️ Current Limitations (v0.5.0)</h2>
<ul>
<li><strong>No persistent message history:</strong> This is intentional (ephemeral design)</li>
<li><strong>No forward secrecy within a session:</strong> Same shared secret used for all messages in one session</li>
<li><strong>No built-in authentication:</strong> You must verify your contact's Session ID out-of-band</li>
<li><strong>Requires HTTPS in production:</strong> Use a reverse proxy; don't expose HTTP directly</li>
<li><strong>Post-quantum crypto not yet implemented:</strong> Current version uses Curve25519 (classic Diffie-Hellman)</li>
</ul>
<h2>🗺️ Roadmap</h2>
<ul>
<li>✅ <strong>v0.5.0:</strong> Memguard protection for keys + plaintext, XChaCha20-Poly1305 encryption</li>
<li>🔄 <strong>v1.0.0:</strong> Integrate Kyber1024-90s (post-quantum KEM) and Dilithium5-AES (signatures)</li>
<li>🔄 <strong>v1.1.0:</strong> Implement per-message ratcheting for forward secrecy</li>
<li>🔄 <strong>v1.2.0:</strong> Add QR code Session ID exchange</li>
<li>🔄 <strong>v2.0.0:</strong> Browser extension for seamless integration with chat platforms</li>
</ul>
<h2>📜 License</h2>
<p>MIT License - Free and open source</p>
<h2>🤝 Contributing</h2>
<p>This project is built with love and defiance. Contributions are welcome. Please:</p>
<ul>
<li>Report security vulnerabilities privately</li>
<li>Follow the existing code style</li>
<li>Write tests for new features</li>
<li>Update documentation</li>
</ul>
<h2>💬 Support</h2>
<p>For questions, feature requests, or security reports, open an issue on GitHub.</p>
<div style="text-align: center; margin-top: 40px; padding: 30px; background: linear-gradient(135deg, #667eea 0%, #764ba2 100%); color: white; border-radius: 10px;">
<h2 style="color: white; border: none;">Privacy is not a feature—it's a human right.</h2>
<p style="font-size: 1.1em;">Built with love and defiance against mass surveillance.</p>
</div>
</div>
<!-- ITALIAN CONTENT -->
<div id="content-it" class="hidden">
<h1>🔐 NoFuture-Memguard-PQ</h1>
<p style="font-size: 1.2em; color: #666; font-style: italic;">Plugin di Crittografia Effimera Post-Quantum per Chat Mainstream</p>
<p><strong>Versione 0.5.0</strong> | Costruito con amore e sfida | La privacy è un diritto umano, non una funzionalità</p>
<div class="security-box">
<strong>🛡️ Filosofia di Sicurezza:</strong> NoFuture-Memguard-PQ è un <strong>plugin di crittografia esterno e distaccato</strong> progettato per funzionare insieme alle applicazioni di chat mainstream (WhatsApp Web, Telegram, Signal, ecc.) senza mai farne parte. Questo isolamento architetturale è la base della sua sicurezza.
</div>
<h2>📌 Cos'è NoFuture-Memguard-PQ?</h2>
<p>NoFuture-Memguard-PQ è uno strumento di crittografia basato su browser che agisce come <strong>plugin crittografico esterno</strong> per qualsiasi piattaforma di messaggistica istantanea. Lo usi in una scheda del browser mentre la tua chat mainstream è aperta in un'altra scheda. I messaggi vengono cifrati localmente nel tuo browser e solo il testo cifrato viene trasmesso attraverso il canale mainstream non fidato.</p>
<p><strong>Concetto Chiave:</strong> Il tuo testo in chiaro e le chiavi crittografiche <strong>non entrano mai nell'applicazione di chat mainstream</strong>. La piattaforma di chat vede solo dati cifrati che non può decifrare.</p>
<h2>🎯 Perché l'Architettura "Distaccata" è Critica per la Sicurezza</h2>
<h3>Il Problema dei Plugin Integrati</h3>
<p>Se NoFuture-Memguard-PQ fosse un plugin ufficiale integrato in WhatsApp, Telegram o qualsiasi piattaforma mainstream, <strong>non sarebbe affidabile</strong> perché:</p>
<ul>
<li>Il fornitore della piattaforma potrebbe accedere alle tue chiavi di crittografia</li>
<li>Backdoor lato server potrebbero essere imposte dai governi (ChatControl, EARN IT Act, ecc.)</li>
<li>Gli aggiornamenti della piattaforma potrebbero compromettere silenziosamente la crittografia</li>
<li>Le tue chiavi private sarebbero all'interno del perimetro di sicurezza della piattaforma</li>
</ul>
<h3>La Soluzione: Isolamento Completo</h3>
<p>NoFuture-Memguard-PQ è <strong>completamente separato</strong> dalle piattaforme di chat mainstream:</p>
<table>
<thead>
<tr>
<th>Componente</th>
<th>Dove Si Trova</th>
<th>Chi Lo Controlla</th>
</tr>
</thead>
<tbody>
<tr>
<td><strong>Chiavi private</strong></td>
<td>Tab NoFuture (RAM protetta)</td>
<td>Tu (non la piattaforma chat)</td>
</tr>
<tr>
<td><strong>Messaggi in chiaro</strong></td>
<td>Tab NoFuture (RAM protetta)</td>
<td>Tu (non la piattaforma chat)</td>
</tr>
<tr>
<td><strong>Cifratura/Decifratura</strong></td>
<td>Tab NoFuture (client-side)</td>
<td>Tu (non la piattaforma chat)</td>
</tr>
<tr>
<td><strong>Solo testo cifrato</strong></td>
<td>Tab chat mainstream</td>
<td>Piattaforma chat (ma è inutile per loro)</td>
</tr>
</tbody>
</table>
<div class="security-box">
<strong>🔒 Garanzia di Sicurezza:</strong> Poiché NoFuture-Memguard-PQ è distaccato, le piattaforme di chat mainstream hanno <strong>zero accesso</strong> alle tue chiavi o testo in chiaro. Anche se WhatsApp, Telegram o Signal fossero completamente compromessi, le tue conversazioni cifrate rimangono sicure.
</div>
<h2>🧠 Architettura di Sicurezza Multi-Livello</h2>
<h3>1. Memguard: Il Fondamento<span class="badge badge-critical">PIÙ CRITICO</span></h3>
<p><a href="https://github.com/awnumar/memguard">Memguard</a> è una libreria Go per gestire dati sensibili in memoria. È il <strong>meccanismo di sicurezza primario</strong> che protegge sia le chiavi crittografiche che i messaggi in chiaro.</p>
<h4>Cosa Protegge Memguard:</h4>
<ul>
<li><strong>Chiavi private</strong> (Curve25519 per NaCl box)</li>
<li><strong>Chiavi pubbliche</strong></li>
<li><strong>Segreti condivisi</strong> (derivati dallo scambio di chiavi)</li>
<li><strong>Messaggi in chiaro</strong> (prima della cifratura / dopo la decifratura)</li>
<li><strong>Nonce di sessione</strong></li>
</ul>
<h4>Come Funziona Memguard:</h4>
<table>
<thead>
<tr>
<th>Vettore di Attacco</th>
<th>Protezione Memguard</th>
</tr>
</thead>
<tbody>
<tr>
<td>Dump di memoria (anche da root)</td>
<td>Dati memorizzati in pagine di memoria cifrate fuori dall'heap Go</td>
</tr>
<tr>
<td>Analisi file di swap</td>
<td>Chiamata di sistema <code>mlock()</code> previene lo swapping su disco</td>
</tr>
<tr>
<td>Collegamento debugger (gdb, lldb)</td>
<td>La memoria è cifrata in RAM; il debugger vede solo testo cifrato</td>
</tr>
<tr>
<td>Dump del core in caso di crash</td>
<td>Purge automatico al crash tramite <code>memguard.CatchInterrupt()</code></td>
</tr>
<tr>
<td>Ispezione garbage collector</td>
<td>I buffer sensibili sono fuori heap, invisibili al GC</td>
</tr>
<tr>
<td>Attacchi cold boot</td>
<td>Memoria cancellata all'uscita del processo; nessun dato residuo</td>
</tr>
</tbody>
</table>
<div class="danger-box">
<strong>🔥 Caratteristica di Sicurezza Critica:</strong> Nemmeno l'amministratore del server con accesso root può fare un dump delle tue chiavi o del testo in chiaro dalla RAM. La protezione della memoria a livello kernel di Memguard rende i dati sensibili <strong>forensicamente irrecuperabili</strong> anche con accesso fisico alla RAM del server.
</div>
<h3>2. Crittografia Post-Quantum<span class="badge badge-high">ALTA PRIORITÀ</span></h3>
<p>Mentre memguard protegge i dati in memoria, la crittografia post-quantum protegge i dati in transito e a riposo contro futuri attacchi di computer quantistici.</p>
<h4>Implementazione Attuale (v0.5.0):</h4>
<ul>
<li><strong>Scambio Chiavi:</strong> NaCl box (Curve25519 + XSalsa20-Poly1305)</li>
<li><strong>Cifratura Simmetrica:</strong> XChaCha20-Poly1305 (AEAD)</li>
</ul>
<div class="warning-box">
<strong>⚠️ Roadmap:</strong> Le versioni future integreranno veri algoritmi post-quantum:
<ul>
<li><strong>Kyber1024-90s</strong> per l'incapsulamento delle chiavi (KEM)</li>
<li><strong>Dilithium5-AES</strong> per le firme digitali (autenticazione)</li>
</ul>
</div>
<h2>🔑 Come Funziona: Flusso in 5 Fasi</h2>
<h3>Fase 1: Creazione Sessione</h3>
<p>L'utente apre NoFuture-Memguard-PQ e clicca "Avvia Nuova Sessione".</p>
<h3>Fase 2: Scambio Session ID</h3>
<p>L'utente copia il suo Session ID e lo invia al contatto tramite WhatsApp Web.</p>
<h3>Fase 3: Pairing (Accordo Chiavi)</h3>
<p>Entrambi gli utenti incollano i Session ID reciproci e cliccano "Associa Sessioni".</p>
<h3>Fase 4: Comunicazione Cifrata</h3>
<p>I messaggi vengono cifrati in NoFuture-Memguard-PQ e il testo cifrato viene copiato nella chat mainstream.</p>
<h3>Fase 5: Terminazione Sessione (Distruzione Totale)</h3>
<p>Quando si clicca "Termina Sessione", tutte le chiavi vengono distrutte in modo sicuro.</p>
<p style="text-align: center; font-size: 1.3em; font-weight: bold; margin: 30px 0; padding: 20px; background: #d4edda; border-radius: 8px;">
Una conversazione. Una chiave. Una possibilità di lettura. Nessun accesso futuro.
</p>
<h2>🛡️ Difesa Contro Attacchi Locali</h2>
<h3>🖱️ Tastiera Virtuale (Anti-Keylogger)</h3>
<p>NoFuture-Memguard-PQ include una tastiera virtuale opzionale su schermo con layout casuale per proteggere contro keylogger e spyware locali.</p>
<h2>🚀 Installazione e Uso</h2>
<h3>Prerequisiti</h3>
<pre><code>- Go 1.21 o successivo
- Linux/macOS/Windows</code></pre>
<h3>Installazione</h3>
<pre><code>git clone https://github.com/yourusername/nofuture-memguard-pq.git
cd nofuture-memguard-pq
go mod download
go build -o nofuture main.go</code></pre>
<h3>Avvio del Server</h3>
<pre><code>./nofuture</code></pre>
<div class="warning-box">
<strong>⚠️ Deployment in Produzione:</strong> Usa un reverse proxy (nginx, Caddy) con certificati HTTPS/TLS.
</div>
<h2>⚠️ Limitazioni Attuali (v0.5.0)</h2>
<ul>
<li>Nessuna cronologia messaggi persistente (design intenzionale)</li>
<li>Nessuna forward secrecy all'interno di una sessione</li>
<li>Crittografia post-quantum non ancora implementata</li>
</ul>
<div style="text-align: center; margin-top: 40px; padding: 30px; background: linear-gradient(135deg, #667eea 0%, #764ba2 100%); color: white; border-radius: 10px;">
<h2 style="color: white; border: none;">La privacy non è una funzionalità—è un diritto umano.</h2>
<p style="font-size: 1.1em;">Costruito con amore e sfida contro la sorveglianza di massa.</p>
</div>
</div>
</div>
<script>
function toggleLang(lang) {
document.getElementById("content-it").classList.toggle("hidden", lang !== "it");
document.getElementById("content-en").classList.toggle("hidden", lang !== "en");
}
</script>
</body>
</html>
|