` PROJECT TEMPORARIY STOPED DEVELOPMENT DUE TO TIME LOSS
Security | Server Side | Client Side | Interface
Security
Security is the number 1 priority when it comes to Harpocrate as the goal is to become a platform for encrypted disposable chats, the purpose of making a disposable encrypted chat is to create a connection of encrypted channels and anonymity possible again.
This is an open-source project meaning you can review all code and pen-test possible vulnerabilities if you have found any possible security threats make sure to create an Issue.
If you are using an older version of Harpocrate then make sure to check the security policy to make sure the version you are using is supported.
All contributions are welcome to create the largest and most secure disposable encrypted chat platform.
Encryption
Harpocrate Uses Fernet(symmetric encryption)
Fernet guarantees that a message encrypted using it cannot be manipulated or read without the key. Fernet is an implementation of symmetric (also known as “secret key”) authenticated cryptography.
A Butterfly effect system is implanted in the caesar module this module encrypts the message using Fernet(symmetric encryption) however before encryption a sha256 encoded shared-key and Chronos time key are added to the start and end of the plaintext message later filtered out during the decryption.
ObscuredPlainText = {Shared Key}{Message}{Chronos Key} // Obscured
UnobscuredPlainText = ObscuredPlainText[64:-64] // UnobscuredEncryption Keys
The keychain system in Harpocrate is called Portunus which contains the tools to make a PrivateKey, PublicKey and SharedKey Portunus is unique as Harpocrate is run on your system so we can get access to your Private Ip and Mac address meaning we can make very unique keys.Private Key
The private key is unique and only accessible to only the internal machine. The private key is a hashed tuple containing the following Private Address, Hostname, Current UnixTime, Mac Address and a 256 character long number
# x = Private Address
# y = Hostname
# z = Unix TimeStamp
# w = Mac Address
# r = Random 256 long number
hashlib.sha256(str( (x, y, z, w, r) ).encode('utf-8')).hexdigest()Public Key
The public key is a key shared between the end-client and your client, it's still unique per user however to generate a public key you need a private key.
# IPK = Internal Public Key
hashlib.sha256(str(IPK[:32]).encode('utf-8')).hexdigest()Shared Keys
The shared key is needed for a message to be decrypted.
# epk = External public key (end client)
# IPK = Internal public key (your client)
[f'{list(epk.hexdigest())[x]}{list(IPK.hexdigest())[x]}' for x in range(64)].encode('utf-8').hexdigest()Chronos Key
A time-based encryption key rotation (Chronos) is used which changes the encryption key every 100 seconds meaning it's hard to achieve the encrypted chat as the encryption key changes on a time basis.
Unix-Time rotation
Knowing unix-timestamp its the seconds since JAN 01 1970. (UTC) the way Chronos works is the first 8 digits of unix for example 1619111566 once this changes (Every 100 seconds) the encryption key completely changes due to the SHA256 butterly effect. This cant be bruteforced unless the sharedkey is stored meaning its snake oil for presend attacks yet completely stops encrypted data archieving for hackers and ISP'S (packed looters).
X = hashlib.sha256(timeNow[:-2].encode('ascii')).hexdigest()
Y = SharedKey
hashlib.sha256({X}:{Y}:{X}:{Y}:{X}:{Y}:{X}).hexdigest()
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent