1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
|
# VaporDrop
**Ephemeral encrypted messaging over Tor. Zero logs. RAM only. Non-NIST cryptography.**
```
_ _ ____
| | | | __ _ _ __ ___ _ _| _ \ _ __ ___ _ __
| | | |/ _` | '_ \ / _ \| '_| | | | '__/ _ \| '_ \
| |_| | (_| | |_) | (_) | | | |_| | | | (_) | |_) |
\___/ \__,_| .__/ \___/|_| |____/|_| \___/| .__/
|_| |_|
```
## Features
- **Brain Key Login** - No accounts, no registration. Your identity derives from 6+ words you remember
- **Zero-Knowledge Architecture** - Server stores only encrypted blobs, never sees plaintext
- **End-to-End Encryption** - Messages encrypted client-side before transmission
- **File Transfer** - Drag & drop files up to 1 GB, chunked and encrypted
- **Numeric ID + QR Code** - Easy sharing via `12345678-90` format
- **Contact Book** - Save contacts locally (never sent to server)
- **Auto-Expiration** - Messages and files deleted after 7 days
- **Tor Hidden Service** - Accessible only via .onion address
## Cryptography
**We reject NIST standards.** All algorithms are designed by independent cryptographers:
| Function | Algorithm | Designer |
|----------|-----------|----------|
| Key Exchange | **X25519** | Daniel J. Bernstein |
| Encryption | **XChaCha20-Poly1305** | Daniel J. Bernstein |
| Hashing | **BLAKE3** | Aumasson, O'Connor, et al. |
| Key Derivation | **Argon2id** | PHC winner (2015) |
| Signatures | **Ed25519** | Daniel J. Bernstein |
Why no NIST? [NIST collaborated with NSA to weaken Dual_EC_DRBG](https://en.wikipedia.org/wiki/Dual_EC_DRBG). Trust is broken.
## Brain Key Security
Your identity is generated from common words you can easily remember:
| Words | Entropy | Crack Time* |
|-------|---------|-------------|
| 6 words | ~80 bits | ~16 million years |
| 8 words | ~106 bits | ~10¹⁵ years |
| 12 words | ~160 bits | ~10³¹ years |
*10,000 word dictionary, 1 billion attempts/sec (unrealistic for Argon2id). Universe age: 13.8 billion years.
**Example:** `house cat moon pizza sea sun` → unique cryptographic identity
- Same words = same identity, always, on any device
- Forget words = lose access forever (no recovery)
- Never store digitally - keep in your head
## Self-Hosting
### Requirements
- Docker + Docker Compose
- Linux server (VPS or dedicated)
### Quick Start
```bash
# Clone repository
git clone [https://github.com/gabrix73/vapordrop.git](https://github.com/gabrix73/vapordrop)
cd vapordrop
# Create environment file with your passphrase
echo "VAPOR_KEY=your-secret-passphrase-min-16-chars" > .env
chmod 600 .env
# Build and start
docker compose up -d --build
# View logs (wait for .onion address)
docker compose logs -f
```
Your .onion address will appear in the logs:
```
✅ VAPORDROP ONLINE
🧅 http://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.onion
```
### Commands
```bash
# Start
docker compose up -d --build
# Stop
docker compose down
# View logs
docker compose logs -f
# Destroy everything (including volumes)
docker compose down -v
```
### VAPOR_KEY
The `VAPOR_KEY` passphrase:
- Derives the **Ed25519 key** for your Tor hidden service
- Determines your **.onion address**
- Same passphrase = same .onion address (reproducible)
- **Does NOT encrypt messages** (that's done client-side with user keys)
Store it in `.env` file with `chmod 600`. Never commit to git.
## Architecture
```
┌─────────────────────────────────────────────────────────────┐
│ CLIENT │
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────────────┐ │
│ │ Brain Key │→ │ X25519 │→ │ XChaCha20-Poly1305 │ │
│ │ (6+ words) │ │ Key Pair │ │ Encryption │ │
│ └─────────────┘ └─────────────┘ └─────────────────────┘ │
└─────────────────────────────────────────────────────────────┘
│
│ Encrypted blob only
▼
┌─────────────────────────────────────────────────────────────┐
│ SERVER (Zero-Knowledge) │
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────────────┐ │
│ │ Tor HS │ │ RAM-only │ │ Auto-expiration │ │
│ │ (Ed25519) │ │ Storage │ │ (7 days) │ │
│ └─────────────┘ └─────────────┘ └─────────────────────┘ │
└─────────────────────────────────────────────────────────────┘
```
**Server never sees:**
- Plaintext messages
- Encryption keys
- Brain keys
- Contact lists
## Security Features
### Traffic Analysis Protection
- Random padding on all messages
- Randomized response delays
- Constant-time comparisons
### Anti-Replay
- Nonce cache with 24h expiration
- BLAKE3 hashed nonces for privacy
### Rate Limiting
- Session-based (Tor-compatible, not IP-based)
- Prevents abuse without deanonymization
### Memory Protection
- Uses `memguard` for sensitive data
- Keys zeroed after use
- No swap, RAM only
## API Endpoints
| Endpoint | Method | Description |
|----------|--------|-------------|
| `/api/register` | POST | Register numeric ID → public key mapping |
| `/api/resolve/{id}` | GET | Resolve numeric ID to public key(s) |
| `/api/send` | POST | Send encrypted message |
| `/api/fetch` | POST | Fetch and delete messages |
| `/api/file/init` | POST | Initialize file transfer |
| `/api/file/chunk/{id}/{n}` | POST | Upload encrypted chunk |
| `/api/file/pending/{pubkey}` | GET | List pending files |
| `/api/file/download/{id}/{n}` | GET | Download chunk |
| `/api/file/complete/{id}` | POST | Mark transfer complete, delete |
| `/api/health` | GET | Health check |
| `/api/stats` | GET | Public statistics |
## File Structure
```
vapordrop/
├── main.go # Backend server
├── go.mod # Go dependencies
├── Dockerfile # Multi-stage build
├── docker-compose.yml # Container orchestration
├── .env # VAPOR_KEY (create this, never commit)
├── .gitignore # Excludes .env
├── .dockerignore # Excludes .env from build
└── static/
├── index.html # Application
```
## Threat Model
### Protects Against
- ✅ Mass surveillance (Tor + E2E encryption)
- ✅ Server seizure (encrypted blobs without keys are useless)
- ✅ NIST backdoors (we don't use NIST algorithms)
- ✅ Metadata collection (no logs, no accounts, RAM only)
- ✅ Traffic analysis (random padding + timing delays)
- ✅ Replay attacks (nonce cache with expiration)
### Limitations
- ❌ Compromised endpoint (malware on your device)
- ❌ Screenshot by recipient
- ❌ State-level Tor correlation attacks
- ❌ Quantum computers (future threat to X25519)
## Contributing
1. Fork the repository
2. Create feature branch (`git checkout -b feature/improvement`)
3. Commit changes (`git commit -am 'Add feature'`)
4. Push branch (`git push origin feature/improvement`)
5. Open Pull Request
## License
MIT License - See [LICENSE](LICENSE) file.
## Acknowledgments
- [Daniel J. Bernstein](https://cr.yp.to/) - X25519, ChaCha20, Poly1305, Ed25519
- [BLAKE3 Team](https://github.com/BLAKE3-team/BLAKE3) - BLAKE3 hash function
- [Tor Project](https://www.torproject.org/) - Anonymous communication
- [bine](https://github.com/cretz/bine) - Go Tor library
---
**All those who fight against oppression and the oppressors**
|