I was tired of WhatsApp and Telegram knowing everything about me. So I built v2v — a zero-knowledge encrypted chat that works like this:
- You create a room → get a 6-digit code → share it with whoever you want
- Supports text, voice messages, and photos
- Everything auto-deletes after 24h (rooms, files, messages)
- Zero registration — no email, no phone number, no account
How the crypto actually works: The encryption key is generated client-side and never sent to the server — it lives only in the URL fragment (#key=...), which browsers don't send in HTTP requests. Messages are encrypted with AES-GCM before upload, so even the server sees only ciphertext. The room key never touches my logs.
What's logged server-side: To be transparent — I do keep hashed IP analytics (SHA-256 salted, not reversible) for rate limiting and abuse prevention. No message content, no plaintext nicknames.
Rate limiting: 80 req/min per IP to prevent abuse.
Open to feedback from the privacy/security community:
- Is the key-in-fragment approach good enough or am I missing something?
- Any obvious attack vectors I should address?
- Would you trust a tool like this? What would make you trust it more?
Source: [github /https://github.com/alsultaneo/v2v\]
[link] [comments]
from hacking: security in practice https://ift.tt/JHBmuzG
Comments
Post a Comment