Skip to content
/ wrongthink Public

A peer-to-peer, end-to-end encrypted messenger powered by Signal's double ratchet.

wrongthink.me

License

Unlicense license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

FlintSH/wrongthink

BranchesTags

Repository files navigation

wrongthink

wrongthink chat v2:

  • is peer-to-peer
  • has end-to-end encryption (Double Ratchet over DTLS (WebRTC))
  • supports Markdown
  • has notifications using MaterializeCSS
  • is verifiable

IMPORTANT: no warranty is provided with this software. you are using it at your own risk. please see SECURITY.md for more info

ALSO IMPORTANT: wrongthink.me must use certain data in order for the service to run properly. please see SECURITY.md for more info

use

the bleeding edge version is based off the latest commit made, while the stable version is the last tested version. the stable version may receive updates later than the bleeding edge version, but the stable version is guaranteed to work.

credits

wrongthink.me would not be possible without the following libraries:

how are things derived

fingerprint

the fingerprint used for connection is derived from the SHA-512 hash of the public key. the fingerprint is converted into 8 words (with a word list of 256 words), allowing for 2^64 combinations. this makes it somewhat suitable for identity verification but it is not recommended unless security is not a concern.

safety number

the safety number is derived from SHA512(xPublic + yPublic), where both keys are the identity keys of the peers. the hash is converted to 16 words (with a word list of 256 words), allowing for 128 bits of security. the order of the fingerprints is determined by the first byte of the public identity keys.

file uploading

file uploading uses an extension to the double ratchet library we use. the steps are as follows:

  • take encrypt(Base64(our random 32-byte file key))
  • set the resulting object's hasFile property to true
  • set the resulting object's file property to a new object containing:
    • the property encrypted: Base64(raw_encrypt(file, our random 32-byte file key, nonce))
    • the property nonce: Base64(our random 32-byte nonce)

custom clients

custom clients are as easy as 1, 2, 3. just use PeerJS and use https://wrongthink.me:8080 as the PeerJS server. from there, you'll need to use parabirb/double-ratchet to handshake and send messages.

running it

just open index.html in the browser of your choice.

terminology

  • arachat is the name of the wrongthink client
  • wrongthink2 is the messaging protocol
  • wrongthink is the name of the service

misc

v2.0.html is the old version of wrongthink2 which used OTRv3. it is now obsolete (NOT compatible with any new clients) and kept only for educational purposes. v1.html is the old version of wrongthink which was not E2EE. it is still usable with server wss://wrongthink.me:9764 but not recommended. it is also kept only for educational purposes.

legal

>implying i give a shit about export regulations

no warranty is provided with this software. please read SECURITY.md for more information. please read our code of conduct before contributing.

About

A peer-to-peer, end-to-end encrypted messenger powered by Signal's double ratchet.

wrongthink.me

Resources

Readme

License

Unlicense license

Code of conduct

Code of conduct

Security policy

Security policy
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages