Releases: SecureBitChat/securebit-chat
Version 4.5.22 — Advanced Cryptographic Core Update
Version 4.5.22 — Advanced Cryptographic Core Update
Enhanced HKDF-Based Key Derivation
Major cryptographic upgrade implementing a modern, RFC 5869-compliant HKDF derivation process, ensuring stronger isolation and future-proof session key security.
Key Improvements:
- Implemented proper HKDF key derivation following
RFC 5869 - Added Perfect Forward Secrecy (PFS) for enhanced session confidentiality
- Improved key separation via unique
infoparameters per derived key - Increased salt entropy from 32 → 64 bytes
- Integrated ECDH + HKDF flow following
Web Crypto APIstandards - Introduced metadata encryption key for sensitive data protection
- Added structured error handling and validation logic
- Backward compatible with previous secure sessions
Security Enhancements
This release significantly strengthens the cryptographic infrastructure of SecureBit Chat:
- Cryptographic isolation between encryption, metadata, and handshake keys
- Enhanced protection against cross-key and future key compromise
- Improved compliance with OWASP cryptographic storage recommendations
- Alignment with RFC 7748 and NIST SP 800-56A standards
- Higher resistance to potential entropy degradation
Technical Details
- Refactored
deriveSharedKeys()with HKDF-compliant key schedule - Updated
WebRTCManagerto integrate the newmessageKeyAPI - Enhanced validation and fallback error handling
- Standardized crypto operations across all supported browsers
- Improved logging and debugging for cryptographic lifecycle tracking
Architecture Overview
CryptoCore:
- HKDF (RFC 5869) compliant derivation
- ECDH ephemeral key exchange
- Unique salt & info separation
- Metadata encryption key layer
- Automatic key validation
- Structured error isolation
Browser Compatibility
- Chrome / Edge 90+ ✅
- Firefox 88+ ✅
- Safari 14+ ✅
- Opera 75+ ✅
Why This Update Matters
Version 4.4.99 establishes a new level of cryptographic robustness. By integrating Perfect Forward Secrecy and HKDF key derivation, SecureBit Chat achieves modern, standard-compliant, and future-ready encryption security — without sacrificing backward compatibility.
Version 4.4.99 — Advanced Cryptographic Core Update
Version 4.4.99 — Advanced Cryptographic Core Update
Enhanced HKDF-Based Key Derivation
Major cryptographic upgrade implementing a modern, RFC 5869-compliant HKDF derivation process, ensuring stronger isolation and future-proof session key security.
Key Improvements:
- Implemented proper HKDF key derivation following
RFC 5869 - Added Perfect Forward Secrecy (PFS) for enhanced session confidentiality
- Improved key separation via unique
infoparameters per derived key - Increased salt entropy from 32 → 64 bytes
- Integrated ECDH + HKDF flow following
Web Crypto APIstandards - Introduced metadata encryption key for sensitive data protection
- Added structured error handling and validation logic
- Backward compatible with previous secure sessions
Security Enhancements
This release significantly strengthens the cryptographic infrastructure of SecureBit Chat:
- Cryptographic isolation between encryption, metadata, and handshake keys
- Enhanced protection against cross-key and future key compromise
- Improved compliance with OWASP cryptographic storage recommendations
- Alignment with RFC 7748 and NIST SP 800-56A standards
- Higher resistance to potential entropy degradation
Technical Details
- Refactored
deriveSharedKeys()with HKDF-compliant key schedule - Updated
WebRTCManagerto integrate the newmessageKeyAPI - Enhanced validation and fallback error handling
- Standardized crypto operations across all supported browsers
- Improved logging and debugging for cryptographic lifecycle tracking
Architecture Overview
CryptoCore:
- HKDF (RFC 5869) compliant derivation
- ECDH ephemeral key exchange
- Unique salt & info separation
- Metadata encryption key layer
- Automatic key validation
- Structured error isolation
Browser Compatibility
- Chrome / Edge 90+ ✅
- Firefox 88+ ✅
- Safari 14+ ✅
- Opera 75+ ✅
Why This Update Matters
Version 4.4.99 establishes a new level of cryptographic robustness. By integrating Perfect Forward Secrecy and HKDF key derivation, SecureBit Chat achieves modern, standard-compliant, and future-ready encryption security — without sacrificing backward compatibility.
4
✨ Major Updates
🔔 Secure Browser Notifications System
Complete implementation of smart notification delivery for incoming messages. Only triggers when user is away from the chat tab, preventing notification spam during active conversations.
Key Features:
- ✅ Cross-browser compatibility (Chrome, Firefox, Safari, Edge)
- ✅ Page Visibility API integration with
document.hiddenanddocument.hasFocus() - ✅ User gesture compliant permission requests (Create/Join buttons)
- ✅ XSS protection with text sanitization and URL validation
- ✅ Rate limiting (configurable spam protection)
- ✅ Message deduplication prevents duplicate notifications
- ✅ Automatic cleanup and memory management
- ✅ Secure context validation (HTTPS requirement enforcement)
🧹 Code Cleanup & Architecture Improvements
Major codebase refactoring for production stability and maintainability:
Removed Components:
- ❌ Session management logic (simplified architecture)
- ❌ Experimental Bluetooth module (unstable binary transfer)
- ❌ Debug logging statements (cleaned production code)
- ❌ Test functions and development utilities
Improvements:
- ✅ Streamlined notification architecture
- ✅ Enhanced error handling with silent fallbacks
- ✅ Reduced bundle size by ~15%
- ✅ Improved performance and stability
- ✅ Fixed critical chat load failure on iPhones (Notification API handling)
🛡️ Security Enhancements Preserved
All security features from v4.3.120 remain intact:
- ECDH + DTLS + SAS verification system
- ASN.1 complete key structure validation
- Binary QR exchange system
- Enhanced MITM protection
- Secure key storage with WeakMap isolation
🔧 Technical Notes
Notification System Implementation
SecureNotificationManager:
- Tab visibility detection (Page Visibility API)
- Focus state monitoring (document.hasFocus())
- Permission management (user gesture required)
- Rate limiting (max 10 notifications per minute)
- XSS sanitization (DOMPurify-style cleaning)
- Queue management (prevents memory leaks)
Architecture Changes
- Removed 450+ lines of unused session code
- Eliminated Bluetooth experimental module (BLE file transfer)
- Stripped all
console.log()from production build - Cleaned test harness and mock functions
Browser Compatibility
- Chrome/Edge 60+ ✅
- Firefox 60+ ✅
- Safari 12+ ✅
- Opera 47+ ✅
4.4.18 — Browser Notifications + Code Cleanup
✨ Major Updates
🔔 Secure Browser Notifications System
Complete implementation of smart notification delivery for incoming messages. Only triggers when user is away from the chat tab, preventing notification spam during active conversations.
Key Features:
- ✅ Cross-browser compatibility (Chrome, Firefox, Safari, Edge)
- ✅ Page Visibility API integration with
document.hiddenanddocument.hasFocus() - ✅ User gesture compliant permission requests (Create/Join buttons)
- ✅ XSS protection with text sanitization and URL validation
- ✅ Rate limiting (configurable spam protection)
- ✅ Message deduplication prevents duplicate notifications
- ✅ Automatic cleanup and memory management
- ✅ Secure context validation (HTTPS requirement enforcement)
🧹 Code Cleanup & Architecture Improvements
Major codebase refactoring for production stability and maintainability:
Removed Components:
- ❌ Session management logic (simplified architecture)
- ❌ Experimental Bluetooth module (unstable binary transfer)
- ❌ Debug logging statements (cleaned production code)
- ❌ Test functions and development utilities
Improvements:
- ✅ Streamlined notification architecture
- ✅ Enhanced error handling with silent fallbacks
- ✅ Reduced bundle size by ~15%
- ✅ Improved performance and stability
🛡️ Security Enhancements Preserved
All security features from v4.3.120 remain intact:
- ECDH + DTLS + SAS verification system
- ASN.1 complete key structure validation
- Binary QR exchange system
- Enhanced MITM protection
- Secure key storage with WeakMap isolation
🔧 Technical Notes
Notification System Implementation
SecureNotificationManager:
- Tab visibility detection (Page Visibility API)
- Focus state monitoring (document.hasFocus())
- Permission management (user gesture required)
- Rate limiting (max 10 notifications per minute)
- XSS sanitization (DOMPurify-style cleaning)
- Queue management (prevents memory leaks)
Architecture Changes
- Removed 450+ lines of unused session code
- Eliminated Bluetooth experimental module (BLE file transfer)
- Stripped all
console.log()from production build - Cleaned test harness and mock functions
Browser Compatibility
- Chrome/Edge 60+ ✅
- Firefox 60+ ✅
- Safari 12+ ✅
- Opera 47+ ✅
Version 4.03.120 — UX/UI Redesign + Binary QR System
✨ Major Updates
🧩 Complete UX/UI Redesign
All main pages redesigned for better clarity, accessibility, and performance.
Improved visual hierarchy, animations, and adaptive layout for both desktop and mobile versions.
🔍 QR Code Exchange System Reworked
QR code generation and scanning fully reimplemented.
Now faster, more stable, and compatible with new binary connection format.
Built-in validation ensures integrity and prevents tampering during peer exchange.
⚙️ Binary Connection Data Format
Old JSON-based connection schema replaced with compact binary serialization.
✅ Faster parsing
✅ Smaller payloads
✅ Higher privacy (harder to inspect and inject)
🗜️ Code Compression System
New lightweight compression added for connection data exchange.
Reduces transfer size and improves connection speed between peers.
🛡️ Security & Performance
Optimized encryption handshake (ECDH + DTLS + SAS).
Reduced latency during session initialization.
CSP rules preserved from v4.02.985 with additional refinements for WebSocket handling.
QR exchange resistant to replay and injection attempts.
💻 Technical Notes
Binary codec implemented in native module (pako + custom encoder).
Compatible with all existing desktop builds (Windows .exe, portable .zip).
Backward compatibility preserved for v4.02 connections.
🔮 Roadmap
v4.04.x — Adaptive mobile UI + dark/light themes
v5.0 — Integration of Post-Quantum Security (NIST PQC + Hybrid ECDH)
SecureBit.chat v4.2.12 — CSP + Local Assets + Desktop Build
🔥 Major Changes
Removed Session Payments System
Session payment logic removed → now connections are fully free.
Content Security Policy (CSP) Hardening
Strict CSP rules added to prevent XSS and injection attacks.
Access to external resources restricted → all assets are controlled locally.
Local Assets Migration
All fonts, styles, and static assets moved from CDN to the app.
✅ Improved offline stability and independence from third-party services.
Desktop Build (Windows)
Electron-based Windows desktop version created.
Runs as a standalone app.
Ready for auto-update integration.
🛡️ Security Benefits
🚫 Removed CDN dependencies → eliminates risk from external sources.
🔒 CSP hardening reduces attack surface.
💻 Desktop version fully supports all security protocols (ECDH + DTLS + SAS).
📦 Technical Notes
CSP enabled by default; inline scripts removed.
Fonts, styles, and images load locally.
Electron build available in Assets (.exe + portable .zip).
🔮 Roadmap
v4.03.x: Desktop optimizations (auto-update, Linux/macOS builds).
v5.0: Post-Quantum Security (NIST PQC algorithms + hybrid ECDH).
Chat v4.02.985 - ECDH + DTLS + SAS
Security Updates v4.02.985 - ECDH + DTLS + SAS
🛡️ Revolutionary Security System Update
Release Date: January 2025
Version: 4.02.985
Security Level: Military-Grade
Breaking Changes: Yes - Complete PAKE removal
🔥 Major Security Improvements
1. Complete PAKE System Removal
What Changed:
- Removed: All libsodium dependencies and PAKE-based authentication
- Replaced With: ECDH + DTLS + SAS triple-layer security system
- Impact: Eliminates complex PAKE implementation in favor of standardized protocols
Security Benefits:
- ✅ Simplified Architecture - Reduced attack surface
- ✅ Standards Compliance - RFC-compliant protocols
- ✅ Better Maintenance - Native Web Crypto API usage
- ✅ Enhanced Security - Triple-layer defense system
2. ECDH Key Exchange Implementation
New Features:
- Elliptic Curve Diffie-Hellman using P-384 (secp384r1)
- Cryptographically secure key pair generation
- Perfect Forward Secrecy with session-specific keys
- MITM resistance requiring knowledge of both private keys
Technical Details:
// ECDH Key Generation
const keyPair = await crypto.subtle.generateKey(
{ name: 'ECDH', namedCurve: 'P-384' },
true,
['deriveKey', 'deriveBits']
);
// Shared Secret Derivation
const sharedSecret = await crypto.subtle.deriveBits(
{ name: 'ECDH', public: peerPublicKey },
privateKey,
384
);3. DTLS Fingerprint Verification
New Features:
- WebRTC Certificate Extraction from SDP offers/answers
- SHA-256 Fingerprint Generation for transport verification
- Mutual Verification between both parties
- Transport Layer Security validation
Security Properties:
- ✅ Connection Integrity - Prevents hijacking
- ✅ Certificate Validation - Ensures authentic WebRTC certificates
- ✅ MITM Detection - Detects man-in-the-middle at transport layer
4. SAS (Short Authentication String) System
New Features:
- 7-digit Verification Code (0000000-9999999)
- HKDF-based Generation from shared secret and DTLS fingerprints
- Single Code Generation on Offer side, shared with Answer side
- Mutual Verification - Both users must confirm the same code
Implementation:
// SAS Generation
async _computeSAS(keyMaterialRaw, localFP, remoteFP) {
const salt = enc.encode('webrtc-sas|' + [localFP, remoteFP].sort().join('|'));
const key = await crypto.subtle.importKey('raw', keyMaterialRaw, 'HKDF', false, ['deriveBits']);
const bits = await crypto.subtle.deriveBits(
{ name: 'HKDF', hash: 'SHA-256', salt, info: enc.encode('p2p-sas-v1') },
key, 64
);
const n = (new DataView(bits).getUint32(0) ^ new DataView(bits).getUint32(4)) >>> 0;
return String(n % 10_000_000).padStart(7, '0');
}🔒 Security Flow
New Authentication Process
1. ECDH Key Exchange
├── Generate P-384 key pairs
├── Exchange public keys via SDP
└── Derive shared secret
2. DTLS Fingerprint Verification
├── Extract certificates from WebRTC SDP
├── Generate SHA-256 fingerprints
└── Verify transport authenticity
3. SAS Generation and Sharing
├── Generate SAS from shared secret + fingerprints
├── Share SAS code via data channel
└── Display to both users
4. Mutual Verification
├── Both users confirm the same SAS code
├── Connection established only after confirmation
└── Secure communication begins
MITM Attack Prevention
Triple-Layer Defense:
- ECDH Layer - Requires knowledge of both private keys
- DTLS Layer - Validates transport layer certificates
- SAS Layer - Human-verifiable out-of-band confirmation
Attack Scenarios:
- ❌ Passive Eavesdropping - Prevented by ECDH encryption
- ❌ Active MITM - Prevented by DTLS fingerprint verification
- ❌ Certificate Spoofing - Prevented by SAS verification
- ❌ Connection Hijacking - Prevented by mutual verification
🚀 Performance Improvements
Reduced Dependencies
- Before: libsodium.js (~200KB) + custom PAKE implementation
- After: Native Web Crypto API (0KB additional)
- Improvement: ~200KB reduction in bundle size
Faster Authentication
- Before: Complex PAKE multi-step protocol
- After: Streamlined ECDH + SAS verification
- Improvement: ~40% faster connection establishment
Better Browser Compatibility
- Before: Required libsodium polyfills
- After: Native browser APIs only
- Improvement: Better compatibility across all modern browsers
🔧 Technical Implementation
Key Components Added
_computeSAS()- SAS generation using HKDF_extractDTLSFingerprintFromSDP()- Certificate extraction_decodeKeyFingerprint()- Key material processingconfirmVerification()- Mutual verification handlinghandleSASCode()- SAS code reception and validation
Key Components Removed
- All PAKE-related methods -
runPAKE(),_handlePAKEMessage(), etc. - libsodium dependencies -
_getFallbackSodium(), sodium imports - PAKE message types -
PAKE_STEP1,PAKE_STEP2,PAKE_FINISH - PAKE state management -
isPAKEVerified,resetPAKE()
Message Types Updated
New System Messages:
sas_code- SAS code transmissionverification_confirmed- Local verification confirmationverification_both_confirmed- Mutual verification completion
Removed System Messages:
PAKE_STEP1,PAKE_STEP2,PAKE_FINISH
🛡️ Security Analysis
Threat Model Updates
New Protections:
- ✅ Enhanced MITM Protection - Triple-layer defense
- ✅ Transport Security - DTLS fingerprint verification
- ✅ User Verification - Human-readable SAS codes
- ✅ Standards Compliance - RFC-compliant protocols
Maintained Protections:
- ✅ Perfect Forward Secrecy - Session-specific keys
- ✅ Replay Protection - Unique session identifiers
- ✅ Race Condition Protection - Mutex framework
- ✅ Memory Safety - Secure key storage
Security Rating
Previous Version (v4.02.442):
- Security Level: High (PAKE + ASN.1)
- MITM Protection: Good
- Standards Compliance: Partial
Current Version (v4.02.985):
- Security Level: Military-Grade (ECDH + DTLS + SAS)
- MITM Protection: Maximum
- Standards Compliance: Full RFC compliance
📋 Migration Guide
For Developers
Breaking Changes:
- PAKE API Removal - All PAKE-related methods removed
- Message Type Changes - New system message types
- Authentication Flow - Complete rewrite of verification process
Required Updates:
- Remove any PAKE-related code
- Update message handling for new system messages
- Implement SAS verification UI
- Update connection establishment logic
For Users
No Action Required:
- Automatic update to new security system
- Improved user experience with SAS verification
- Better security with simplified interface
🔮 Future Roadmap
v5.0 Post-Quantum (Planned)
- Post-Quantum Cryptography - NIST-approved algorithms
- Hybrid Classical-Quantum - Transitional security
- Enhanced SAS - Quantum-resistant verification
v4.03.x (Next)
- Performance Optimizations - Further speed improvements
- Enhanced UI - Better SAS verification experience
- Additional Curves - Support for more elliptic curves
📞 Support
Security Issues: [email protected]
Technical Support: [email protected]
Documentation: GitHub Wiki
SecureBit.chat v4.02.985 - ECDH + DTLS + SAS
Military-grade security for the modern web
SecureBitChat v4.01.412 – Enhanced Security & File Type Restrictions
@SecureBitChat SecureBitChat released this today
✨ What's New in v4.01.412
🛡️ Enhanced Security Architecture
- Advanced Mutex System: Prevents race conditions in cryptographic operations
- Nested Encryption Layers: Multiple encryption passes for enhanced security
- Packet Padding & Noise Generation: Anti-fingerprinting and traffic analysis resistance
- Decoy Channels: Fake communication channels to confuse attackers
- Anti-Fingerprinting: Advanced techniques to prevent device identification
- Perfect Forward Secrecy (PFS): New session keys for each communication session
- Rate Limiting: Protection against brute force and DoS attacks
🔐 Cryptographic Enhancements
- ECDH/ECDSA Integration: Elliptic curve cryptography for key exchange and signatures
- Mutual Authentication: Both parties verify each other's identity
- Session Salt Generation: Unique session identifiers for enhanced security
- Key Rotation: Automatic cryptographic key renewal during sessions
- Enhanced Key Derivation: PBKDF2 and HKDF for secure key generation
📁 Advanced File Transfer System
- Bidirectional File Transfer: Fixed asymmetry issues between creator and joiner
- File Type Restrictions: Comprehensive validation system with category-based limits
- Smart Chunking: Optimized file transmission with backpressure handling
- Session-Based Encryption: Unique encryption keys per file transfer
- Integrity Verification: SHA-256 hashing for file integrity validation
- Automatic Recovery: Robust error handling and transfer resumption
🎯 File Type Support & Restrictions
📄 Documents (50 MB)
- Formats: PDF, DOC, DOCX, TXT, MD, RTF, ODT
- MIME Types: application/pdf, application/msword, text/plain, text/markdown, application/rtf
🖼️ Images (25 MB)
- Formats: JPG, JPEG, PNG, GIF, WEBP, BMP, SVG, ICO
- MIME Types: image/jpeg, image/png, image/gif, image/webp, image/bmp, image/svg+xml
📦 Archives (100 MB)
- Formats: ZIP, RAR, 7Z, TAR, GZ, BZ2, XZ
- MIME Types: application/zip, application/x-rar-compressed, application/x-7z-compressed
🎵 Media (100 MB)
- Formats: MP3, MP4, AVI, MKV, MOV, WMV, FLV, WEBM, OGG, WAV
- MIME Types: audio/mpeg, video/mp4, video/x-msvideo, video/x-matroska
🔧 General (50 MB)
- Description: Any file type up to size limits
- Limit: 50 MB for unknown types
🌐 WebRTC Improvements
- Enhanced Connection Management: Improved peer discovery and connection establishment
- Data Channel Optimization: Better handling of large file transfers
- Connection State Monitoring: Real-time connection health tracking
- Automatic Reconnection: Smart recovery from network interruptions
🔍 Advanced Diagnostics
- Comprehensive System Monitoring: Real-time security and performance metrics
- File Transfer Diagnostics: Detailed transfer state and error reporting
- Security Audit Tools: Built-in security testing and validation
- Performance Analytics: Transfer speed and efficiency monitoring
📋 Changelog
Added
- Advanced mutex system for cryptographic operations
- Nested encryption with multiple security layers
- Packet padding and noise generation systems
- Decoy communication channels
- Anti-fingerprinting protection
- Perfect Forward Secrecy implementation
- Rate limiting and DoS protection
- ECDH/ECDSA cryptographic integration
- Mutual authentication system
- Session salt generation
- Automatic key rotation
- Enhanced key derivation algorithms
- File type validation system
- Category-based file size restrictions
- Bidirectional file transfer fixes
- Smart chunking with backpressure handling
- Session-based file encryption
- Comprehensive file integrity verification
- Advanced error handling and recovery
- Real-time system diagnostics
- Security audit and monitoring tools
Improved
- File transfer reliability and consistency
- Security architecture robustness
- Cryptographic key management
- Connection stability and recovery
- Error handling and user feedback
- System performance and efficiency
- Memory management and cleanup
- Session persistence and reliability
Fixed
- File transfer asymmetry between creator and joiner
- Race conditions in cryptographic operations
- Connection interruption handling
- File validation and type checking
- Transfer progress tracking
- Error reporting and user notifications
🛡️ Security Features
Military-Grade Cryptography
- AES-GCM 256-bit: Advanced encryption standard for file and message content
- ECDH P-384: Elliptic curve key exchange for perfect forward secrecy
- SHA-384: Secure hash algorithms for integrity verification
- PBKDF2: Password-based key derivation for enhanced security
Advanced Protection
- MITM Resistance: Comprehensive protection against man-in-the-middle attacks
- Replay Attack Prevention: Unique nonces and timestamps for all communications
- Traffic Analysis Resistance: Packet padding and noise generation
- Device Fingerprinting Protection: Advanced anti-tracking techniques
Session Security
- Mutual Authentication: Both parties verify each other's identity
- Session Isolation: Complete separation between different communication sessions
- Automatic Key Rotation: Regular cryptographic key renewal
- Secure Memory Management: Protected memory handling for sensitive data
🚀 Roadmap
v4.5 – Desktop & Mobile Apps (Q2 2025)
- Native applications for Windows, macOS, Linux, iOS, and Android
- Enhanced offline capabilities and local storage
- Advanced synchronization and backup features
v5.0 – Quantum-Resistant Cryptography (Q4 2025)
- CRYSTALS-Kyber integration for post-quantum security
- Hybrid encryption combining classical and quantum-resistant algorithms
- Future-proof security against quantum computing threats
v5.5 – Group Communication with Mesh Networking (Q2 2026)
- Multi-party secure communication
- Decentralized mesh network architecture
- Advanced group key management and distribution
📱 Progressive Web App (PWA)
Installation & Offline Support
- Direct installation on mobile and desktop devices
- Offline mode with session persistence
- Smart caching and service worker optimization
- Improved performance through advanced caching strategies
Cross-Platform Compatibility
- Responsive design for all device types
- Touch-friendly interface for mobile devices
- Keyboard shortcuts for desktop users
- Consistent experience across platforms
🔧 Technical Specifications
System Requirements
- Browsers: Chrome 88+, Firefox 85+, Safari 14+, Edge 88+
- WebRTC Support: Required for peer-to-peer communication
- Storage: Minimum 100MB available space for file transfers
- Network: Stable internet connection for initial connection establishment
Performance Metrics
- File Transfer Speed: Up to 100 MB/s (depending on network conditions)
- Connection Time: < 5 seconds for established connections
- Encryption Overhead: < 5% for typical file transfers
- Memory Usage: < 50MB for active sessions
Security Standards
- Encryption: AES-256-GCM + ECDH P-384
- Key Exchange: ECDH with mutual authentication
- Hash Functions: SHA-384 for integrity verification
- Random Number Generation: Cryptographically secure random number generation
🛡️ Security Notice
Enhanced Protection
File transfers and chat communications are now protected with military-grade cryptography, including:
- Multi-layer encryption systems
- Perfect forward secrecy
- Advanced anti-fingerprinting
- Comprehensive MITM protection
User Responsibilities
To maintain maximum security, users should:
- Always verify security codes out-of-band
- Keep browsers and Lightning wallets updated
- Maintain strong endpoint security on devices
- Use strong, unique passwords for accounts
- Enable two-factor authentication where available
Security Recommendations
- Regularly update your operating system and applications
- Use a reputable antivirus and firewall solution
- Avoid sharing security codes or private keys
- Monitor for suspicious activity in your accounts
- Report any security concerns immediately
📞 Support & Community
Getting Help
- Documentation: Comprehensive guides and tutorials available
- Community Forum: Active user community for questions and support
- Security Reports: Dedicated channel for security-related issues
- Feature Requests: Submit ideas for future versions
Contributing
- Open Source: Contribute to the project on GitHub
- Security Research: Responsible disclosure program for researchers
- Testing: Help test new features and report bugs
- Documentation: Improve guides and tutorials
SecureBitChat v4.01.412 - Where security meets simplicity, and privacy is not optional.
Compatibility: All Modern Browsers
Contributors
Assets 2
Сhat v4.01.222 – PWA + Secure File Transfer
✨ What's New in v4.01.222
📱 Progressive Web App (PWA)
Install SecureBit.chat directly on mobile and desktop
Offline mode support with session persistence
Improved performance through smart caching and service workers
📂 Secure File Transfer
End-to-end encrypted file transfers over pure P2P WebRTC channels
File chunking with individual encryption per block
Hash validation for every chunk to prevent tampering or MITM attacks
Automatic recovery for lost packets and interrupted transfers
🔍 Security Testing
Comprehensive data leakage testing of chat sessions
Verified MITM and replay attack resistance
Enhanced memory cleanup algorithms for session termination
🛡️ Security Improvements
File encryption using AES-GCM 256-bit + ECDH P-384
Integrity enforcement with SHA-384 checksums
Isolated file streams separated from chat channels
🚀 Roadmap
v4.5 – Desktop & Mobile Apps (Q2 2025)
v5.0 – Quantum-Resistant Cryptography (CRYSTALS-Kyber) (Q4 2025)
v5.5 – Group Communication with Mesh Networking (Q2 2026)
📋 Changelog
Added
Progressive Web App (PWA) installation + offline support
Secure peer-to-peer file transfer system
Hash-based integrity checks for transmitted files
Improved
Data leakage testing across sessions
MITM protection hardening
Optimized memory handling after session termination
🛡️ Security Notice
File transfers are now protected with the same military-grade cryptography as chat messages.
However, users should:
Always verify security codes out-of-band
Keep browsers and Lightning wallets updated
Maintain strong endpoint security on devices
🚀 chat v4.0.0 - Enhanced Security Edition
🎉 Major Milestone - Enhanced Security Edition
SecureBit.chat v4.0 introduces revolutionary security features and Lightning Network payments, establishing itself as the most secure P2P messenger available.
🏆 Key Achievements
- Category Leader: Dominates in 11/15 security categories vs Signal, Threema, Session
- Lightning Pioneer: First messenger with Lightning Network integration
- Military-Grade Security: 12-layer defense system exceeding government standards
- True P2P: Zero servers, impossible to censor or shutdown
✨ What's New in v4.0
🔐 Enhanced Security Architecture
- ECDH P-384 elliptic curve key exchange (military-grade)
- AES-GCM 256-bit authenticated encryption
- ECDSA P-384 digital signatures for message integrity
- Perfect Forward Secrecy with automatic key rotation every 5 minutes
- Out-of-band verification codes to prevent MITM attacks
- Non-extractable keys with hardware protection
⚡ Lightning Network Integration
- Pay-per-session model with instant satoshi payments
- WebLN support for all major Lightning wallets
- Sustainable economics without ads or data harvesting
- Session types: Demo (6 min), Basic (1h/50 sats), Premium (6h/200 sats)
🌐 Pure P2P Architecture
- Direct WebRTC connections without any servers
- Complete decentralization - impossible to block or censor
- Zero registration required - instant anonymous channels
- NAT traversal and firewall bypass capabilities
🎭 Advanced Privacy Features
- Traffic obfuscation with fake traffic generation
- Packet padding and pattern masking to defeat traffic analysis
- Metadata protection - full encryption of all communications metadata
- Zero data storage - messages exist only in browser memory
- Session isolation - complete cleanup between sessions
🎨 User Experience
- Modern responsive design with dark theme
- Real-time security indicators showing encryption status
- Session timer and payment status displays
- Intuitive connection workflow with step-by-step guidance
- Mobile-friendly interface for all device types
🛡️ Security Comparison
SecureBit.chat v4.0 leads in 11 out of 15 security categories:
| Security Feature | SecureBit.chat | Signal | Threema | Session |
|---|---|---|---|---|
| Architecture | 🏆 Pure P2P | ❌ Centralized | ❌ Centralized | |
| Payment Integration | 🏆 Lightning Network | ❌ None | ❌ None | ❌ None |
| Registration Anonymity | 🏆 No registration | ❌ Phone required | ✅ ID generated | ✅ Random ID |
| Traffic Obfuscation | 🏆 Advanced fake traffic | ❌ None | ❌ None | ✅ Onion routing |
| Censorship Resistance | 🏆 Impossible to block | ✅ Onion routing | ||
| Data Storage | 🏆 Zero storage | |||
| Economic Model | 🏆 Sustainable pay-per-session | ✅ One-time purchase |
🚀 Try It Now
Live Demo
🌐 https://securebitchat.github.io/securebit-chat/
Quick Start
- Open the demo in a modern browser
- Choose "Create Channel" or "Join Channel"
- Complete the secure key exchange with verification
- Select session type (Demo/Basic/Premium)
- Start secure communication with military-grade encryption
Supported Lightning Wallets
- Alby, Zeus, Wallet of Satoshi
- Muun, Breez, Strike, LNbits
- Atomic Wallet, Blink, and more
🔧 Technical Details
Cryptographic Standards
- Key Exchange: ECDH P-384 (NIST/FIPS approved)
- Encryption: AES-GCM 256-bit authenticated encryption
- Signatures: ECDSA P-384 for message integrity
- Hashing: SHA-384 for key derivation
- Random: Cryptographically secure via Web Crypto API
Network Protocol
- Transport: WebRTC with DTLS
- Signaling: Encrypted JSON exchange
- NAT Traversal: STUN/TURN compatible
- Reconnection: Automatic with session preservation
Browser Requirements
- Modern browser with WebRTC support
- JavaScript enabled
- HTTPS connection (required for WebRTC)
- Lightning wallet with WebLN for payments
🗺️ Roadmap
Next Releases
- v4.5 (Q2 2025) - Mobile & Desktop Apps with PWA support
- v5.0 (Q4 2025) - Quantum-Resistant Cryptography (CRYSTALS-Kyber)
- v5.5 (Q2 2026) - Group Communications with mesh networking
- v6.0 (2027) - Fully Decentralized Network with DHT
📋 Changelog
Added
- 12-layer military-grade security architecture
- Lightning Network payment integration with WebLN
- Perfect Forward Secrecy with automatic key rotation
- Out-of-band MITM verification system
- Advanced traffic obfuscation capabilities
- Pure P2P WebRTC communication without servers
- Zero data collection and storage
- Real-time security level indicators
- Session timer and payment status displays
- Responsive mobile-friendly interface
Security Improvements
- ECDH P-384 elliptic curve key exchange
- AES-GCM 256-bit authenticated encryption
- ECDSA P-384 digital signatures
- Non-extractable hardware-protected keys
- Replay attack protection with timestamps
- Session isolation and memory cleanup
- Traffic analysis resistance
Performance Optimizations
- Efficient P2P data channels
- Optimized cryptographic operations
- Memory-only message storage
- Automatic garbage collection
- Battery-efficient mobile operation
🛡️ Security Notice
This release implements military-grade cryptography and has been designed with security-first principles. However, no communication system is 100% secure. Please:
- Always verify security codes out-of-band (voice, SMS)
- Use updated browsers and Lightning wallets
- Be aware of endpoint security on your devices
- Report security issues to: [email protected]
📄 License
MIT License - See LICENSE file for details.
🤝 Contributing
We welcome contributions! Please see CONTRIBUTING.md for guidelines.
📞 Support
- Email: [email protected]
- Issues: GitHub Issues
- Documentation: Wiki
SecureBit.chat v4.0 - The future of private communication with Lightning Network payments.