tk4facb76jgl3sc3nda3sz4fqd.onion> 17d8c6e1   
   XPost: alt.privacy.anon-server, sci.crypt   
   From: nessuno@domain.invalid   
      
   Peter Fairbrother wrote:>> https://safecomms.virebent.art/leggimi.html   
   >>   
   >   
   >  From the description, it doesn't seem to have any authentication or   
   > anti-MITM protection.   
   >   
   > Peter Fairbrother.   
      
   Authentication is based on a combination of digital signatures and secure key   
   exchange.   
   Each client generates a pair of Kyber1024-90s keys for key exchange and a pair   
   of Dilithium5-AES to sign and authenticate messages.   
   Keys are immediately locked in RAM using memguard to prevent memory theft.   
   The client signs its initial message (e.g. "Hello Server") with the private   
   key Dilithium5-AES.The signed message is sent together with the public key   
   Kyber1024-90s.The server verifies the signature with the received public key   
   Dilithium5-AES. If the    
   signature is valid, the server accepts the connection. Otherwise, it closes   
   immediately.After authentication, the server encapsulates a secret key using   
   the received public key.The client decapsula the secret using its own private   
   key.If everything went    
   well, Both parties now share a secure secret key.   
   Digital Signature Protection Post-Quantum   
      
   Each initial message is signed with Dilithium5-AES, so an attacker cannot   
   generate valid signatures without the private key.   
   The server checks the signature and rejects non-authentic connections.   
   Signatures are post-quantum secure, so not vulnerable to quantum-based attacks.   
   Even if an attacker succeeds in intercepting the initial message, they cannot   
   generate a valid secret key without the private key of the legitimate user.   
   Kyber1024-90s ensures that key exchange is not vulnerable to replay or   
   downgrade attacks.   
   The keys are never transmitted in plain text, only encapsulated keys.   
   Memguard: RAM protection   
   Private keys and derived keys are stored in encrypted RAM.   
   Not even a root user can access memguard-protected memory.   
   Data is automatically destroyed when it is no longer needed.   
      
   I hope to have answered in a comprehensive way.   
      
   Gabx   
      
   --- SoupGate-DOS v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)