1. Forum
  2. Usenet
  3. SCI.CRYPT

  • Nofuture-Buddy Web Interface at safecomms (victor)

    From Gabx@21:1/5 to All on Thu Feb 6 09:36:39 2025
    XPost: alt.privacy.anon-server, alt.privacy

    Nofuture is a web application to use with the browser.

    When in one tab you have a chat F4c3b00k, in the other tab there is nofuture.

    In the first tab, with your interlocutor you decide to have a secret communication.

    In the second tab, the nofuture one, you and your interlocutor start a session.

    This will produce a session code, which you will share with your interlocutor and a pair of keys.
    Once you receive the session code from your interlocutor, both of you can start pairing your sessions.

    This will allow both of you to encrypt and decrypt text.
    Text that you will copy and paste to and from the chat you are using.

    It is like a crypto text plugin not integrated into your mainstream chat.

    The keys are generated on our server and kept in ram.
    At the end of the session they will be deleted forever.
    For a new conversation you will have to generate a new session and therefore new keys.
    In technical terms it is called ZeroTrust, I called it nofuture, at the end of the session nofuture decryption.
    The purpose is to leave encrypted conversations inside mainstream chats for which the keys that generated them and that decrypt them no longer exist.

    Nofuture is open for testing.

    I'd like to know user experiences to make it better.

    Share your experience here.

    Best regards

    Gabx

    Nofuture-Buddy:
    https://safecomms.virebent.art

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Stefan Claas@21:1/5 to Richard Heathfield on Thu Feb 6 15:04:19 2025
    XPost: alt.privacy.anon-server, alt.privacy

    Richard Heathfield wrote:
    On 06/02/2025 09:36, Gabx wrote:

    Share your experience here.

    Diffie-Hellman for keys and AES for encryption.

    That's what I am using too. And no web ussage needed.

    https://github.com/706f6c6c7578/minitalk

    Regards
    Stefan

    --
    Onion Courier Home Server Mon-Fri 15:00-21:00 UTC Sat-Sun 11:00-21:00 UTC ohpmsq5ypuw5nagt2jidfyq72jvgw3fdvq37txhnm5rfbhwuosftzuyd.onion:8080 inbox
    age1yubikey1qv5z678j0apqhd4ng7p22g4da8vxy3q5uvthg6su76yj0y8v7wp5kvhstum

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Richard Heathfield@21:1/5 to Gabx on Thu Feb 6 13:43:24 2025
    XPost: alt.privacy.anon-server, alt.privacy

    On 06/02/2025 09:36, Gabx wrote:
    Nofuture is a web application to use with the browser.

    When in one tab you have a chat F4c3b00k, in the other tab there is nofuture.

    In the first tab, with your interlocutor you decide to have a secret communication.

    In the second tab, the nofuture one, you and your interlocutor start a session.

    This will produce a session code, which you will share with your interlocutor and a pair of keys.
    Once you receive the session code from your interlocutor, both of you can start pairing your sessions.

    This will allow both of you to encrypt and decrypt text.

    And the key provider. Let's just hope he or she is trustworthy, eh?

    Text that you will copy and paste to and from the chat you are using.

    It is like a crypto text plugin not integrated into your mainstream chat.

    The keys are generated on our server and kept in ram.
    At the end of the session they will be deleted forever.

    Honest, guv...

    For a new conversation you will have to generate a new session and therefore new keys.
    In technical terms it is called ZeroTrust,

    For something called ZeroTrust it seems to require a level of
    trust best described as "gullible".

    I called it nofuture, at the end of the session nofuture decryption.
    The purpose is to leave encrypted conversations inside mainstream chats for which the keys that generated them and that decrypt them no longer exist.

    Except for people who keep copies.

    Nofuture is open for testing.

    I'd like to know user experiences to make it better.

    Share your experience here.

    Diffie-Hellman for keys and AES for encryption.

    --
    Richard Heathfield
    Email: rjh at cpax dot org dot uk
    "Usenet is a strange place" - dmr 29 July 1999
    Sig line 4 vacant - apply within

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Gabx@21:1/5 to Richard Heathfield on Thu Feb 6 14:56:54 2025
    XPost: alt.privacy.anon-server, alt.privacy

    Richard Heathfield wrote:> On 06/02/2025 09:36, Gabx wrote:

    And the key provider. Let's just hope he or she is trustworthy, eh?

    This is a testing experience.
    In future releases i will add cryptography.fernet and/or mmap.
    Fernet crypts all tipes of data in ram while mmap avoids disk writes.


    The keys are generated on our server and kept in ram.
    At the end of the session they will be deleted forever.

    Honest, guv...

    ?
    I'm lost on this.


    Except for people who keep copies.

    we don't force anyone to do it
    I had an idea.
    Should I invite them to write on our cryptpad.virebent.art ?

    Diffie-Hellman for keys and AES for encryption.


    When you call /start_session, it creates a new Ed25519 private key and corresponding public key, these Ed25519 keys are primarily used for signing.

    Internally, the script converts the Ed25519 private key to an X25519 private key.

    This X25519 key is used for ECDH (Elliptic-Curve Diffie–Hellman) key agreement with the peer’s X25519 public key.

    Once the ephemeral X25519 ECDH handshake is done, the script uses HKDF (a key-derivation function) to derive a 32-byte key.
    That key is then used for AES-256-GCM encryption.

    After encryption with AES-256-GCM, the ciphertext is signed with the ephemeral Ed25519 private key.
    The receiving side verifies that signature using the sender’s Ed25519 public key.

    https://github.com/gabrix73/Nofuture-Buddy.git

    Gabx

    https://safecomms.virebent.art

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Richard Heathfield@21:1/5 to Gabx on Thu Feb 6 16:42:00 2025
    XPost: alt.privacy.anon-server, alt.privacy

    On 06/02/2025 14:56, Gabx wrote:
    Richard Heathfield wrote:> On 06/02/2025 09:36, Gabx wrote:

    And the key provider. Let's just hope he or she is trustworthy, eh?

    This is a testing experience.

    Your response fails to address the trust issue.

    In future releases i will add cryptography.fernet and/or mmap.
    Fernet crypts all tipes of data in ram while mmap avoids disk writes.


    The keys are generated on our server and kept in ram.
    At the end of the session they will be deleted forever.

    Honest, guv...

    ?
    I'm lost on this.

    To clarify, then: Your response fails to address the trust issue.

    Except for people who keep copies.

    we don't force anyone to do it
    I had an idea.
    Should I invite them to write on our cryptpad.virebent.art ?

    You could invite them to send you their debit card PINs and their
    home addresses. To clarify, your response fails to address the
    trust issue.

    You are asking people to commit sensitive information to your
    software's care and expecting them to trust that you won't take a
    peek. Why should anyone trust you?

    --
    Richard Heathfield
    Email: rjh at cpax dot org dot uk
    "Usenet is a strange place" - dmr 29 July 1999
    Sig line 4 vacant - apply within

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)