end-to-end
bogbook
Our great sponsors
| end-to-end | bogbook | |
|---|---|---|
| 8 | 1 | |
| 4,133 | 9 | |
| 0.1% | - | |
| 0.0 | 6.7 | |
| about 1 year ago | 7 months ago | |
| JavaScript | JavaScript | |
| Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
end-to-end
-
age and authenticated encryption
[1] No warning on decrypting Tag 9 (no integrity protection) packets
-
A few questions for the dev…
In contrast, companies like Standard Notes actually uses their own home-built encryption library, which is why it's a bit more critical that they go through these audits more often and quickly than others. And despite the audits, this home-brewed encryption library puts them at a much bigger risk, due to the fact that it's never going to be as thoroughly battle tested as an open industry-standard encryption like OpenPGP, used by much larger companies like Google, Protonmail, etc.
- End-to-End Encryption Threat Model
-
End-to-end encryption messaging implementation
https://github.com/google/end-to-end ?
-
How to do E2EE in the Browser correctly if even possible?
When Google was looking at implementing E2E mail via a browser plugin, it gave up in part because of the difficulties of doing it right. They published the library and documentation, but the more valuable part was the threat model. In it they examine the assets to protect, threat sources both inside and outside the threat model, UI threats, message threats, key-related threats, cryptographic threats, and other threats. It's an excellent walk-through of just how difficult it is to do general encryption right, and why doing it in the browser is so hard.
-
Signal protocol security of messages
With that in mind, secure messaging in a browser is a nightmare. Google tried to figure out a way to do end-to-end in a browser, mostly in the context of e-mail but it could be extended to chat applications. They wrote up a threat model that you really should read. They identified five threat sources within the architecture and six more that they acknowledge but don't delve into. They also discuss four UI-based threats, four message-based, four key-based, and two cryptographic threats, and each of those threats has subthreats. Finally, they wrap with three "Other" threats. They dropped the project soon after.
-
Browser extension that makes any web app E2E encrypted?
Google E2E Library — Unsure how up-to-date this ... limited GitHub activity.
bogbook
-
Don’t record your social life on an append-only social network
> One adjustment to the protocol that seems to me like a quick win (but presumably has some technical hitch I can't see, since I don't recall anyone suggesting this) would be to not include the post's body in the “block” (in the message itself that gets hashed and signed by the next message), but rather as a “blob” (essentially an attachment) which others don't need to download in order to verify the feed.
There's nothing to prevent you from taking this route, you just sign a blob hash instead of an entire message object.
I work on an experimental SSB-like-protocol in my spare time that does exactly what you've suggested: https://github.com/evbogue/bogbook
I don't know if this makes the network forget more, but the aim is to reduce the time it takes to sync and get started.
What are some alternatives?
openpgpjs - OpenPGP implementation for JavaScript
tweetnacl-js - Port of TweetNaCl cryptographic library to JavaScript
freedom-pgp-e2e - Wrapping up end-to-end code and provide in freedom custom API.
gun - An open source cybersecurity protocol for syncing decentralized graph data.
otrv4 - Off-the-Record Messaging Protocol version 4. -This is a draft- This repository is a mirror of http://bugs.otr.im/otrv4/otrv4
Ed25519Tool - Ed25519 signing and verification online tool.
PGP-Anywhere - Chrome browser extension to de- & encrypt PGP in your browser
JavaScript - Algorithms and Data Structures implemented in JavaScript for beginners, following best practices.
2key-ratchet - 2key-ratchet is an implementation of a Double Ratchet protocol and X3DH in TypeScript utilizing WebCrypto.
noble-ed25519 - Fastest 4KB JS implementation of ed25519 signatures
2Password - 2Password: A cryptography experiment
Fontify - A browser extension to add font support to social network posts.