Security Audit

[Urban-Hacker]

Hello,

I want to say kudos to you for attempting to create a secure messaging application. Your efforts in promoting privacy and security are highly appreciated. However, given the complexities of cybersecurity and encryption, the stakes can be incredibly high, particularly for users like journalists in totalitarian regimes, where any vulnerabilities can lead to severe consequences. Please add a disclaimer on this repository! Please add a disclaimer on this repository to highlight these risks.

With this context in mind, I have identified a few areas that need attention:

• Lack of Break-in Recovery Mechanisms: If any messages are intercepted, they can be decrypted later if the secret keys are compromised. This poses a significant risk, as a leak from any participant could compromise the entire discussion, both past and future.
• Key Exchange Protocol: Consider using a protocol like the Diffie–Hellman key exchange to securely exchange secrets over an insecure network while ensuring robust security.
• Message Signing: The messages are not signed, which means a third party could silently intercept them without anyone in the group detecting any issues, it is also vulnerable to replay attack, impersonation...

I recommend reviewing how the Signal protocol addresses these common issues. Additionally, please add a disclaimer stating that your app is a work in progress and should not be used for anything other than testing.

Please note, I am not a cryptographer, and there may be other weaknesses that I have not identified.

Let me know if you have any questions.

Urban

[xxzoltanxx]

Hi, Thank you very much for your contributions/analysis. They are wholly welcome. It's no issue adding a disclaimer right away that the app is a WIP currently. The other potential improvements will have to wait now, but I'm leaving the issue open to hold these improvements here.

Thanks and have a nice day.