The project (Tinfoil Chat) an attempt was made to create a prototype of a paranoid-protected messaging system that would maintain the secrecy of correspondence even if end devices are compromised. To simplify the audit, the project code is written in Python and licensed under GPLv3.
Currently widespread messaging systems that use end-to-end encryption allow you to protect correspondence from interception on intermediate servers and from analysis of transit traffic, but do not protect against problems on the side of the client device. To compromise systems based on end-to-end encryption, it is enough to compromise the operating system, firmware or messenger application on the end device, for example, through the exploitation of previously unknown vulnerabilities, through the initial introduction of software or hardware bookmarks into the device, or through the delivery of a fictitious update with a backdoor (for example, when providing pressure on the developer by intelligence services or criminal groups). Even if the encryption keys are on a separate token, if you have control over the user's system, it is always possible to trace processes, intercept data from the keyboard, and monitor screen output.
TFC offers a software and hardware complex that requires the use of three separate computers and a special hardware splitter on the client side. All traffic during the interaction of messaging participants is transmitted through the anonymous Tor network, and messaging programs are made in the form of hidden Tor services (users are identified by hidden service addresses and keys when exchanging messages).
The first computer acts as a gateway for connecting to the network and running the Tor hidden service. The gateway manipulates only the already encrypted data, and the other two computers are used for encryption and decryption. The second computer can only be used to decrypt and display received messages, and the third only to encrypt and send new messages. Accordingly, the second computer has only decryption keys, and the third only encryption keys.
The second and third computers do not have a direct connection to the network and are separated from the gateway computer by a special USB splitter that uses the ββ and physically transmits data in only one direction. The splitter allows only sending data towards the second computer and only receiving data from the third computer. The direction of data in the splitter is limited using (a simple break in the Tx and Rx lines in the cable is not enough, since a break does not exclude data transmission in the opposite direction and does not guarantee that the Tx line will not be used for reading, and the Rx line for transmission). The splitter can be assembled from scrap parts, () and are available under the GNU FDL 1.3 license.
With such a scheme, the gateway is compromised gain access to the encryption keys and will not allow you to continue the attack on the remaining devices. If the computer on which the decryption keys are located is compromised, information from it cannot be transmitted to the outside world, since the data flow is limited only by receiving information, and the reverse transmission is blocked by the data diode.
Encryption is based on 256-bit keys on XChaCha20-Poly1305, a slow hash function is used to protect the keys with a password . For key exchange it is used (Diffie-Hellman protocol based on Curve448) or PSK keys (). Each message is transmitted in perfect forward secrecy (PFS, ) based on Blake2b hashes, in which the compromise of one of the long-term keys does not allow decryption of a previously intercepted session. The application interface is extremely simple and includes a window divided into three areas - sending, receiving and a command line with a log of interaction with the gateway. Management is carried out through a special .
Source: opennet.ru