Cchat

welcome to cryptochat. when you put in your password and confirm, you will be redirected to your channel.

INFO: the app can avoid that people who don't own the password, can't read your messages. it can avoid classical keyloggers inserted into the keyboard or the browser/webview. however it cant avoid. metadata - when and with who you are talking(size of requests, time of requests) [this can be avoided by using i2p, a vpn or tor](todo, always same packet size) keylogging - by, camera(reflection and degree), gyrosensor [this is achieved easy by apps wich run in the background ang have access to one of the cameras or gyrosensor] getting passwords - by, dma attack(reading from ram or cpu). [this is hard to achieve, the mobil must be rooted or the attacker knows an other exploid to gain root access] getting password - manipulating webview of the system to read variables and send them out. [this is possible if the attacker owns your mobil anyway or if he installs a custom browser and set it as systemwebview you can see a changed webview by going to settings and type web, the third one is webview-implementing(it is a developerfunction and should be deactivated)] 1.your channel is found by the ability to decrypt a random string, crypted at the creation of the channel. 2.the times you see are the times when the message was printed to your screen. the sendtime of messages is not saved. 3.the messages are saved as crypted jsonfiles on the server. they are encypted, anonymous, without date, nic or id. they can be accessed, may they can be decrypted, but you can't proof who wrote them. the server don't logs the messagebody(the crypted part). the datatransfer is also encrypted (TLS1.2) 4.the app uses a build in keyboard to avoid keylogger to catch the messages before beeing encrypted. 5.for ease of use, channels can be set and named. this happens cause the password is saved local and is named. like this you can access different channels faster, without entering a password. the local storage of your app is not a good place to stor your passwords. delete unused channel. (pw manger with masterpw planed, may save masterpw local to barrierfree use) 6.hashing keys: the passwords are (hashed 20k + passwordlength) times with sha512. this is done, to prevent brutforching the the original password. in order to produce a problem wich is harder to solve then to produce, it takes some seconds to hash the key wich is used for the encryption, but when a decrypter trys to brudforce the original password he has to do this step every time, this slows down the brutforce attempt massivly, so it gets very hard to even brutforce short passwords. the keylength variates, it is around 80. pls still avoid passwords wich could be candidats in wordlists. 7.xss attack: since there are no other downloadlocations possible by contentsecurity. injection of scripts is not possible. (Content-Security-Policy: default-src 'self';) 8.minimal systemspecs informationtransfer with json, wich is not processed on the server in most cases. no db needed actualisation only looks for date of the file but does not open it. use basic get requests for actualisation, to be used on low sec webspaces. all searching an decryption is done on the userside, so the server can be quiet weak. chats with more then 50 messages get trimmed down to the last 20 messages. chats wich are not used for 7 days are deleted. so less space is needed. and the messages are not on the server for to long and the files don't get too big. this software can also be used on freehosts wich support php.

TODO: pw manger - done more keyboardfunctions - done ability to copy in key -done barrierles use - done del more then 100 messages per chat - done last bug not actualisating lists.

{"3":"\/rV3sro7tV6Sm7lmufWluRVbed3zVdX5C5lJPu7fTNoJUM21t9iEkOSTT7a8lyxyk9\/PKkh2PeGyJiUvB0cXWa60yQ7Kh9VbMUwwex4ZbjOTfgEUabxkt6MpUyRBN7Kjig4bc8NaQ04Q==","5":"\/i5PAn5HopZ+9qB6za4d9QnKxjrYSXV8ZijXcccAdd2xM3OyZFIiA2lef2ANcAZrpdat+42BZA2uCl\/55mCZBQP5xdG4UFEx+LTpzy8dmougJp7W8ltWEk","6":"\/Uu9M18yMgl+rJVSVpn9CDQX\/S\/H5fAaQNQt932XLGYe2BetiEhgCLogQESkdTT70n\/cmrR4P8C2nzLjHBWmXHm4RDLsH3ztNhHunAb\/D5vHzjJbxfChZKYIHKb6Rh6kBUWYC+2WC3lg==","7":"+AUT6AMyEfNXNHPmScrnDZEyXxXFFs1h1VYzu+omKH1\/A1mT1jfJx\/PebwIGu\/l2X5mRJ2Q55hCGtw+KeKg8BmlHij70Zjk\/mggwVhz6SmWa3KonXEqD4Hv8ggk1wJENAgG9W1W5rHMA==","8":"\/TDJYZ2ZjROEywkf4DUFOApnfrOrI82s2asqDfn4sOsLU39+FAgWGywsaGiDludOt3pfHZzOvMQ4V8cdAxTR3YredDmtvT+RQYIcxt9C11UN6CKUGb6MQrh4NHbVhOIdxdNUT\/OW84eA==","9":"88ja3hiHaDQh7vALb58Djk2A7wzGmrCydSGCcqlDr2VwJ+QF2PZonWJ0YOhh0eDzPn8YaG80uj2q0QjjZwGjuOTYMGwBptPcjyAownD0EpWmKCqRGXZ8M4\/rhgQfByL7Uh31xyMDISHw==","10":"81Bu+EpJ0X\/uC3YHHh27VZ6lQRymW8sqQ0CDlST3hbCDywtRW3Za4QKhSwHLRY3y5HZnsbNPLOXRhm8uNscQ5GZDm\/ehF5BGkw+n7DF5Bai7xfDu8v13KM","11":"+PGfUjkOznlXShaX+at+AqZVxrxdB7wnDdbClNTiKfh6jM07hHRKksdBY4jo7Mf35Wot3\/vZgay+xk1CncTqqQqS+UiIKazd44qz6q9hC3OdUaYoXjpRz9","12":"+5mw9R07jAvJ2H06k6f0dlXYQjoGGTyb1+T\/edF3cAMnxIlLQaaKc\/JupSla3EKrYuIMI47DBmExcsndt\/I3l2+a0lE1RYtwLKUW6qVFGpuUyha9CsvqcpUXFd4B3Tk00tBk1WhZ08eQ==","13":"+ulsaK5ZKlhc2+I+I5HZXChVu3XizVjbRgYWGxJXK9SPHNLVcTbUHzrJCDXwt2HODYIo4MaHT1oSz14YQrY1LbXg8iShGOFDlFMY+snm5kxRO\/xWDGNeB5ZBhZXlPAjpWnWMEgkIOhaQ==","14":"\/8S5qVHv9XexLduqHBj+rVfgm1hLos0qAIw2idpn1pod1wC8UBwe1wdPuyZEA3OzHBYlG6WMZfHRyy2Zlgk\/3iOk8unhe2hgKJ9RVawXUWMWGeqG4aPoIV5fKJPZ9F3ktwBbT3ZPZIOw==","15":"+2Sp+vv8SJ7ZqPsVPIE4S1FazaigFWHpaz036j3ERp9JN\/yyZk3SBce1AF25izZveIVxoVRHJc6qLUfEY2rYVBKubj0gnw4aGYF4+iQ+FxTn0PHi63gVICl+qd5bInSCiQHc73CKr52w==","16":"8foDemh0dNPBdMKFGePxXl7SDnd8GbHLSRFeTG0lOeDQ1nphnsPMPokgVj6mlD3bhp8fnHC3ljualTuFf7H9qDQIwKeF1kNAvSRWNzt2Zs5Rvy+sDzD7LRiFjqfcwG1qaphON6s3QMSwOuUFm++cXh+9VV6yd4P1I=","17":"+tgkWwvg55HvtBvMr40TJmJpAPd6+2LdU0wz3aqYsuAa8BiOYgNAOyIoDcXrLdQFMNmApVhhbZUu9qdnLaaFzVYvfarNmFynCN+VnxfnW9+wp34iKOMeqpRb2JGDiOaKcmpoaWyss8dA==","18":"+wek\/BFVAV5G0bY0qcdFqu7NXUtehiHFnHFFlttbBTTIGhbTDDwp5xvg6+Bfe4fgy+y9uocayMHEZqs7DkPJkpmlfsLycSWqJGF9AzrqzzYIVIK8fTol7vv0tMIjtO4xuBhJnREzcDxA==","19":"+D9g3\/k6aaeYMgjKzQsGEpT+GEUh\/Pp5m\/Chg7+C9aQaiaZsZy3+zCHbHSkiQ7a9mxofGikC2a8KDJc8a\/3\/92GwfuwuIFII\/AJ5iPA7Wg05qVOS0ZXaZsoK14T8k8hjEpBpjdGvf4iw==","20":"8OvUKu7NQFD8TQmqFWJcl+URZoLfeySaIBSPwKgRfYeBhUmMdEDzGLaOAAcTUMVqpQxNpvhS7eessYTrc7wnNTONgUdn7kYIZeQYl3tN5i+Fr0zu8zJmFS","21":"9\/CrNS1T7dkziKQncN7jrDDtjFScH5wT+qbGlr0e\/z62SPAjDXmRDjvtLiksdwtrycEfNesp+NB1Mz4nYNlyrhLG7EPMW33siDoc2v+zOtry7xCwXRzcQpSO5Zi7HIT9WqlXHBr1sa+w==","22":"8a4ajp6VeJP5nAw0xX\/afu0bjlIMNr+ywNmCbV0gBekdZvSuBNkpmxzkaLPQRWU0L5Pi8MdnUSzB5wnUSSrCIhGIytXUMeg\/qx1Dbljc7B38vocIlKmu6FybQTQKNJkM+NfZm\/oCEs4A==","23":"88t+R64Hld4Kk0TGkqCSTkY\/GWtEl1Yf9yHYd27swm89\/Vy9JtVr295G97IEOX7ba\/vET+vtJuDLLRWBwB9TaW0UVxPcVLBugilO9GNsUrEmiDG0\/z0qGf","24":"9WHTUaNEZlvLOrZwS3860myxt+IMfYJB1Dt4JV0v\/xqfNhYVo9MA31FbKYnNkHysCqyEznYNO31hfP4YgSoJBiqcYekui5Vj4hpRu1M8deFwhRi\/SYnB+xmBEunnKb6vGv0i7f0dl0JA==","25":"96iHIyIBhP2DoE14TrbiPoCejJwH7gH70lB2zfZlAyOB\/fg5bPPUvIu3wF144GFfV+BCTNHpS9hW1iL+wSMilpRmPKOekKBbok1PLgbXBuRsbKPDzn92qRJZFUKRT08y6n1RHBEVE3b9+3AEkbh1TRoTEF0staBK0=","26":"8BwYkggVDCOnktdsRUr3pkcDVLEfqPZDGHSHBKyfgdBVm+mo1DdCEXcwDQ2dUILV+kIaZZxylM7zYpaBtVrW4mnCqK6lqNeUxQ6ZSbhra0kBO7zRla7c3jk2GXrsvk9DYObta3gn7emg==","27":"9MkF1uAhcGmR3+RCN5aTTgZA9hZ+IyFQ\/0hONMmfE6uPSiI9uEhzu2R3Uo+R7P\/cIDu1kau8jvq1\/vDIdN6bi1HfW2N5NO7dbAzXbQRC7gpRzBoCxyqVPzHR6nfhEwWFnMHObzta+HYw==","28":"90r5bGh8jT4lDvCP6db2J7SsJ8IOMkrzqoYa6Ct0jhU2bxQyrV1JGU\/tc00DejBeSMz5rxs0vMSDAs2jaUTmQrMwKp0YF1CAAv8y9A4JhTeCfxr1bTT1dYpb3RdEmMbLTEIgPnC86nwQ==","29":"\/Bj2JDNUWLJjo3KBAviK7EOQ1GlLZEpCpsa0Mfbp\/OL0c2t3ZssUlop+yucuCAAkg3mpts694i6fgka\/9DW+zugXowSAny43pRUSFjVkg9xYu8+kC4sij73+RdBE1saHSrYcZDIRiCWw==","30":"8cbmLAyQ8M1H0b0GUM6ZRYnxDLr6BnPr4vgmQqyAQeA+cg5NEw8X+D0RSoF58jRQR3892ofmtsY9QdyERj9E27gnu1zYiagKry2X1WGQySVGrc3iMdw3me36GiRNqUnZQuzY4xXt6BDw==","31":"98+YopyT\/J8HDhe334lw9Znv2W\/Uq\/ojlKj4xIdN9v9h8qxDgjNrW\/Ii0UrXn+G\/DHRjSmtusZVtJme65EjdG59Xnc4b\/yU9ZZoXukdT6dfbcO7LQNzQwN","32":"\/5tJC8GFjN4IRJykup99kuHoxGG1LGaDeioca2HLing4QaiW1UAyrz63gdbjodIxT4zonuCHgM\/yf2RfBbV21CdmvPRrsAnAUAi1SmDOlTh9x\/4Ldn2ucH","33":"8Y9g4acakTATu\/reBsdhf74nSgr6JOzStkSRuki4D0qRKTtXuKCVG6bU3LU7IBWqcA7QhPIGRy8CasG6H4I+qJqXufsWIwRfnFLewLqYmf+7qi3krSQ6e+IYjErhGztcrit7kkWUsgjg==","34":"84SIvoF0AdPE34K7hfdv755pXQ0hylR7iElfDmPXm9idhTOWWhrQTy4S5c1owdO9aPB467XeWQeCqmTVjJ+vD4IdFeEv4b1x+p9t6RE58quziB3mHOAJYJlJhLULnTjFmD5Lj2nFeMzHdoSkPKBFyZVmh+ZdNM3Rw=","35":"\/YAIFfr0nVs+i5afjgz2bOSusoP+fkTKt0HRIHC34uzsEcH3F4f\/cC+lOEHIG0\/Y1txGrAqbfPogZFAR9UacO+V10cW\/pO7i+1Z62aQOsRaiM8uP4GtnQbOdJgDVMYLQfmNAJ90FC40\/mDfmcgoHhKLGI5h30660XA0DRsrHzwf5YcGYyMJF\/o","36":"+PY7Ae2ykhFu8SCExJMZhR91qbFplAqhmk3CIn54PkNBbjyDQL8z2GAd03sUX+XnB2ttz2yn1D2xahOOYjDBt46bPZacN4P0zO0GS7Tj2FvEMgKA+tq3JZpyJWDgNagIGwpe7zCBtbzQ==","37":"9ZlllY66ziz4vWhUCOrW6ZBVSuSPm03G5G5jljuJYkCPkEt73gS1\/76KpRHM8ks7nLfXbPre894n1GCTZ0fdk39wknigcVnlESCDJqz6enkjkH1\/yO7HR7r1tMNGCTeX2B5b2Ac45B6g==","38":"+0i2nlA6fMOrK88UvB8\/e3kGoeQ0N0\/txzOSIRzjeb\/jMRhoU8EadOmya0UeYYLnBNx0WDNI83Wp+emjRgD6yKPVpBAd+m7\/Cqy+ZPn29EAW1lvehP4KbF","39":"+ByTJQD9Ntzx5R84eQrA3tFmGyxPJooIAA+v6i0RECbgMHQ34ppypUMRdJSB+r3N7NdibEeQmFFVKQuMty5DGlPEVgwbs6OnlBai18C5bGPdhqHNEwzr7h","40":"+nQpcMTmts8bCQE7UMI8W53ksNr3laTGbAzU968Oa7xBLas8eteNs3qLR+\/Xy9fvBuJ\/7\/xt2qA0oKWBOO4VLDU02aAtIkMwFy1W8zEbkQ+hCoK8MqbmZk","41":"+qEPQdsCnHmI+SvZ8uyXCkRvZq7p3\/I70xkpX3FUWL3xZlNH2igq5vI8KmxgZtiSKnIGe6LCrmij2tt720yBJvuhpxRb6eXtlCQYTRJ0e7gj3Ck3njYAv3","42":"9KdklC9dlRfwkO8zn5tUfZjWbkl0QfO7RHMs8WkUVAdgrDFV8RTsIh9bRtWIMF1EWknJIvHdy9EHEGrQLyJryh7wOyQM7vtBYKZ+QFM+hlp5VWv1ULueZFDYEa+lHZ2C9310dPp8XGAw==","43":"\/Ww9XCpv95PPN4ujgf3uJZXNbqjF86lzaW\/VBNr6leBWiRACa73Tn4X52GsZQEFkXPeDzNWXIf6yEjw3BU2uzMt7JTwHX8zdfJ9Kl+iceR5lY6O75UYxwt"}

channel number[] messages[] last message[]
\|		➽