Attention! Read before use!

This is an end-to-end encrypted chat application with an option to perform a manual DH key exchange. The DH implementation is based on RFC 7919 and it is the most basic modular arithmetic version. Therefore it is NOT quantum resistant. A future quantum computer might be able to break it in minutes if your exchange is observed by an attacker. As of 2023, we're very far away from doing that. You can still perform an in-person exchange of keys, which if not observed by a third party will be secure (you will then only input the symmetric key before starting the conversation, skipping the key exchange part). The encryption is carried out using ChaCha20 implemented in JavaScript as in RFC 7539. The authentication is performed using Poly1305, according to the very same RFC 7539. Argon2 is used for key derivation. Along with ChaCha20 and Poly1305, they are mostly unaffected by quantum computers. Therefore the part below the key exchange should remain secure for a long time, if ever broken at all.
The ChaCha20-Poly1305 implementation was verified against https://datatracker.ietf.org/doc/html/rfc7539 test vectors. These tests can be run using the Tester class' static methods in console. For your own testing and further information, visit https://chacha.kotol.cloud where you can try the encryption and authentication yourself. It also has much nicer visuals than this one. For the technical users out there, you can also inspect the WebSocket traffic and plug the messages directly into the other site. They are compatible with each other. To view the source code, use your DevTools, it is not minified nor obfuscated.

Logging

What is being logged by the server or the client:

Nothing

What is NOT being logged by the server or the client:

Any messages sent or received
Statistics on message size, type, frequency
Room names
Keys (never transmitted over the network)
Analytics data
Basically anything the server could log about this
Additional note: No information is being saved by the page itself beyond closing the browser tab

Understanding the above, go ahead and enjoy the mini project :)

Manual Diffie-Hellman key exchange

Public generator G

Public modulus p

ffffffffffffffffadf85458a2bb4a9aafdc5620273d3cf1d8b9c583ce2d3695a9e13641146433fbcc939dce249b3ef97d2fe363630c75d8f681b202aec4617ad3df1ed5d5fd65612433f51f5f066ed0856365553ded1af3b557135e7f57c935984f0c70e0e68b77e2a689daf3efe8721df158a136ade73530acca4f483a797abc0ab182b324fb61d108a94bb2c8e3fbb96adab760d7f4681d4f42a3de394df4ae56ede76372bb190b07a7c8ee0a6d709e02fce1cdf7e2ecc03404cd28342f619172fe9ce98583ff8e4f1232eef28183c3fe3b1b4c6fad733bb5fcbc2ec22005c58ef1837d1683b2c6f34a26c1b2effa886b4238611fcfdcde355b3b6519035bbc34f4def99c023861b46fc9d6e6c9077ad91d2691f7f7ee598cb0fac186d91caefe130985139270b4130c93bc437944f4fd4452e2d74dd364f2e21e71f54bff5cae82ab9c9df69ee86d2bc522363a0dabc521979b0deada1dbf9a42d5c4484e0abcd06bfa53ddef3c1b20ee3fd59d7c25e41d2b669e1ef16e6f52c3164df4fb7930e9e4e58857b6ac7d5f42d69f6d187763cf1d5503400487f55ba57e31cc7a7135c886efb4318aed6a1e012d9e6832a907600a918130c46dc778f971ad0038092999a333cb8b7a1a1db93d7140003c2a4ecea9f98d0acc0a8291cdcec97dcf8ec9b55a7f88a46b4db5a851f44182e1c68a007e5e655f6affffffffffffffff

Your secret a:

Your public G^a:

Your secret a

Their public G^a (G^b for us)

The shared secret:

The derived shared symmetric key:

Key hash, safe to publish (verify that you have the same over a different channel to ensure your public values were not changed by an attacker on the way):

Attention! Read before use!

Manual Diffie-Hellman key exchange

Join a room

Chat