SecureBitChat/securebit-chat
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
118 Commits 2 Branches 6 Tags
34582704775f43879bd3007ec3a4ec5fe3295e7d
Commit Graph

14 Commits

Author SHA1 Message Date
lockbitchat
e2316f6557 **What Changed:** 
- **Removed:** All libsodium dependencies and PAKE-based authentication
- **Replaced With:** ECDH + DTLS + SAS triple-layer security system
- **Impact:** Eliminates complex PAKE implementation in favor of standardized protocols

**Security Benefits:**
-  **Simplified Architecture** - Reduced attack surface
-  **Standards Compliance** - RFC-compliant protocols
-  **Better Maintenance** - Native Web Crypto API usage
-  **Enhanced Security** - Triple-layer defense system

**New Features:**
- **Elliptic Curve Diffie-Hellman** using P-384 (secp384r1)
- **Cryptographically secure** key pair generation
- **Perfect Forward Secrecy** with session-specific keys
- **MITM resistance** requiring knowledge of both private keys
 2025-09-04 17:25:01 -04:00
lockbitchat
398d8bc014 Updated application documentation and website homepage to include ASN.1 Validation 2025-08-27 13:25:26 -04:00
lockbitchat
171a7d9dfb Fixed DTLS Race Condition & Memory Safety 
 FIXED HIGH CRITICALITY vulnerabilities (October 2024):
- DTLS ClientHello Race Condition: Added source validation
- Memory Safety Issues: Enhanced secure memory cleanup
- Added DTLS protection constants and validation methods
- Improved memory cleanup with secureWipe and zero-filling
- Integrated DTLS protection in handleSecureAnswer
 2025-08-24 16:30:06 -04:00
lockbitchat
434301fe6f 🐛 Fix PWA install prompt showing after installation 
Fixed critical bug where PWA install message continued showing after app installation

-  Enhanced PWA installation status detection
-  Fixed install prompt logic to hide after installation
-  Improved Service Worker update handling
-  Added proper installation state management
-  Enhanced iOS Safari PWA detection
-  Added installation preferences storage

- Added installationChecked flag for better state management
- Enhanced checkInstallationStatus() method with multiple detection methods
- Improved shouldShowPrompt() logic to prevent showing after installation
- Added periodic installation monitoring for iOS devices
- Enhanced Service Worker activation event handling
- Added PWAUtils.checkInstallationStatus() utility method

- public/src/pwa/install-prompt.js (major refactor)
- public/index.html (PWA logic improvements)
- public/sw.js (Service Worker enhancements)

- PWA install message no longer shows after successful installation
- Only update notifications are shown for installed PWAs
- Proper distinction between install prompts and update notifications

Version: Enhanced Security Edition v4.01.413
 2025-08-23 17:21:32 -04:00
lockbitchat
235e3e06cb fix № v4.01.412 2025-08-21 18:02:25 -04:00
lockbitchat
cef5654cf8 Update to pre-release version. Removed logging that was used for debugging. Added typing of files that the user sends with size restrictions. 2025-08-21 17:40:17 -04:00
lockbitchat
3eab0588db updated documentation for v4.1.223 with new security features 
- Added comprehensive connection security overhaul with advanced mutex framework (15s timeout)
- Added race condition protection via atomic key generation and serialized operations
- Added multi-stage validation pipeline with automatic rollback and precise error phase detection
- Added enhanced MITM protections (key fingerprints, session anti-hijacking, mutual challenges, package integrity)
- Added secure key storage system with WeakMap isolation, private storage, validation, rotation, emergency wipe, and monitoring
- Added production-ready security logging with environment detection, data sanitization, log level control, rate limiting, and memory cleanup

- Updated `public/README.md`: “What’s New” for v4.01.223, expanded to 15-layer security (added layers 13–15)
- Updated `public/SECURITY.md`: added new architecture items; updated supported versions (4.1.x = MILITARY-GRADE, 15 layers); new upgrade recommendation
- Updated `public/doc/SECURITY-ARCHITECTURE.md`: 12→15 layers, added layers 13–15, revised performance (total ~78.5ms), updated dates/versions
- Updated `public/doc/CRYPTOGRAPHY.md`: added `SecureKeyManager`, `SecureLogger`, `ConnectionMutexManager`; updated TOC; updated dates/versions
- Updated `public/doc/API.md`: added Security Framework APIs and usage examples; added TOC
- Created `public/SECURITY_UPDATES_v4.1.md`: comprehensive v4.1.223 security update summary
 2025-08-21 15:45:07 -04:00
SecureBitChat
34289d7b9c Update README.md 
Update v4.01.222
 2025-08-20 19:17:27 -04:00
SecureBitChat
ac0e5155d3 Update README.md 2025-08-19 19:59:03 -04:00
SecureBitChat
c58896ef55 Update README.md 2025-08-19 02:06:27 -04:00
SecureBitChat
80621de755 Update README.md 2025-08-16 22:38:46 -04:00
lockbitchat
19e3047282 feat: rebrand to SecureBit.chat due to name conflict 
BREAKING CHANGE: Project renamed from LockBit.chat to SecureBit.chat

- Changed project name to avoid confusion with LockBit ransomware group
- Updated all documentation, branding, and references
- Maintained all existing functionality and security features
- Domain migration planned to securebit.chat

Reason: The LockBit name became associated with a notorious ransomware
group, causing conflicts on platforms and potential confusion for users.
SecureBit better reflects our mission of providing secure P2P messaging
while avoiding negative associations.

This change affects:
- README.md and all documentation
- Package.json name field
- Brand assets and logos
- Website references
- Social media handles

Core functionality remains unchanged:
 12-layer military-grade security
 Lightning Network integration
 P2P WebRTC architecture
 Open source MIT license
 2025-08-14 15:54:11 -04:00
lockbitchat
1d36fde173 Update README.md 2025-08-09 12:59:59 -04:00
lockbitchat
e97814df21 Initial commit 2025-08-09 12:53:39 -04:00