ProHoster > The TFC project has developed a USB splitter for a messenger of 3 computers

The TFC project has developed a USB splitter for a messenger of 3 computers


The TFC project has developed a USB splitter for a messenger of 3 computers

The TFC (Tinfoil Chat) project proposed a hardware device with 3 USB ports to connect 3 computers and create a paranoid secure messaging system.

The first computer acts as a gateway to connect to the network and run the Tor hidden service, it manipulates the already encrypted data.

The second computer has the decryption keys and is only used to decrypt and display received messages.

The third computer has the encryption keys and is only used to encrypt and send new messages.

The USB splitter works on optocouplers according to the β€œdata diode” principle and physically passes data only in the specified directions: sending data towards the second computer and receiving data from the third computer.

Compromising the first computer will not allow access to encryption keys, to the data itself, and will not make it possible to continue the attack on the remaining devices.

When the second computer is compromised, the attacker will read the messages and keys, but will not be able to transfer them to the outside world, since the data is only received from the outside, but not sent outside.

If the third computer is compromised, the attacker can impersonate the subscriber and write messages on his behalf, but he will not be able to read the data coming from outside (because they go to the second computer and are decrypted there).

Encryption is based on the 256-bit XChaCha20-Poly1305 algorithm, and the slow Argon2id hash function is used to protect the keys with a password. X448 (Diffie-Hellman protocol based on Curve448) or PSK keys (pre-shared) are used for key exchange. Each message is transmitted in perfect forward secrecy (PFS, Perfect Forward Secrecy) based on Blake2b hashes, in which the compromise of one of the long-term keys does not allow decrypting a previously intercepted session.

The application interface is extremely simple and includes a window divided into three areas - sending, receiving, and a command line with a log of interaction with the gateway. Management is carried out through a special set of commands.

Program project code written in Python and available under the GPLv3 license. Splitter schematics included (PCB) and available under the GNU FDL 1.3 license, the splitter can be assembled from scrap parts.

Source: linux.org.ru

Add a comment