SecureBitChat/securebit-chat
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Commit Graph

  • 968fff9c61 Project Update: Transition to Desktop & Mobile Versions main lockbitchat 2025-11-04 14:14:30 -04:00
  • 79c8d08782 fix: prevent encryption key loss and IndexedDB connection errors lockbitchat 2025-11-04 13:14:24 -04:00
  • 207e51361c security: increase PBKDF2 iterations from 100,000 → 310,000 (OWASP 2025 compliance) lockbitchat 2025-10-30 15:24:09 -04:00
  • 4583db39a2 feat(security): switch master key to non-extractable CryptoKey handle and remove direct access lockbitchat 2025-10-30 15:16:36 -04:00
  • 77ed4b3e4f remove key/hash logging and debug output from EnhancedSecureWebRTCManager and EnhancedSecureCryptoUtils lockbitchat 2025-10-30 14:55:46 -04:00
  • c7b16157fc Enhanced HKDF-based key derivation with improved security features - Implemented proper RFC 5869 compliant HKDF key derivation process - Added Perfect Forward Secrecy (PFS) key for enhanced session security - Improved key separation using unique info parameters for each derived key - Enhanced salt size from 32 to 64 bytes for increased entropy - Added comprehensive key validation and error handling - Implemented proper ECDH + HKDF integration following Web Crypto API best practices - Added metadata encryption key for enhanced data protection - Improved compatibility with modern cryptographic standards (RFC 7748, NIST SP 800-56A) -Enhanced logging and debugging capabilities for cryptographic operations - Maintained backward compatibility while upgrading security infrastructure Security improvements: - Cryptographic isolation between different key purposes - Enhanced protection against cross-key attacks - Improved resistance to future key compromise scenarios - Better compliance with OWASP cryptographic storage guidelines Technical details: - Refactored deriveSharedKeys() method for proper HKDF implementation - Updated WebRTC manager to use new messageKey API - Added comprehensive error handling and validation - Improved browser compatibility with standardized cryptographic operations - This update strengthens the existing security foundation with modern cryptographic practices while maintaining full system compatibility. lockbitchat 2025-10-27 15:18:15 -04:00
  • 3c2bac588c ci: switch mirror workflow to HTTPS token authentication lockbitchat 2025-10-20 12:51:27 -04:00
  • 2ae65eb749 ci: switch mirror workflow to HTTPS token authentication lockbitchat 2025-10-20 12:44:59 -04:00
  • 4a3249b2a6 test lockbitchat 2025-10-20 12:39:55 -04:00
  • 456545f055 Add GitHub Actions workflow to mirror repository to PrivacyGuides lockbitchat 2025-10-20 12:34:10 -04:00
  • 40381cc0a1 Increase session timeout to 60min and inactivity to 30min Fix sendMessage isUnlocked check to prevent immediate lock Move session extension logic to SecureMasterKeyManager Improve error messages Keep validation of crypto keys before encryption lockbitchat 2025-10-20 02:06:42 -04:00
  • 0d7835cfa2 fix: resolve incomplete multi-character sanitization in sanitizeMessage lockbitchat 2025-10-20 01:20:02 -04:00
  • 7604381584 fix: eliminate division on crypto random in getSafeRandomFloat lockbitchat 2025-10-20 01:10:25 -04:00
  • a7a5861e0a fix: replace modulo with bitwise mask in crypto random lockbitchat 2025-10-20 01:02:07 -04:00
  • 63a19e6a4c fix: resolve CodeQL biased crypto random warning lockbitchat 2025-10-20 00:51:03 -04:00
  • b18e943abd Fix cryptographic random bias in fingerprint mask generation lockbitchat 2025-10-20 00:42:12 -04:00
  • 9c1258cd1e Fix cryptographic random bias in fingerprint mask generation lockbitchat 2025-10-20 00:42:03 -04:00
  • 60e4bb6b8a Fix cryptographic random bias in getUnbiasedRandomInRange lockbitchat 2025-10-20 00:34:17 -04:00
  • 4233ba3d7e Fix cryptographic random bias (CodeQL js/biased-cryptographic-random) lockbitchat 2025-10-20 00:25:50 -04:00
  • 333c4b87b5 fix: improve sanitization to prevent XSS lockbitchat 2025-10-19 23:55:41 -04:00
  • 5096a09811 fix: improve sanitization to prevent XSS lockbitchat 2025-10-19 23:54:26 -04:00
  • 5c658cdd6c Security updates for CodeQL lockbitchat 2025-10-19 23:39:14 -04:00
  • e209d3e6f5 fix: improve sanitization to prevent XSS lockbitchat 2025-10-19 23:23:58 -04:00
  • 49e5a054cb fix: security and build improvements lockbitchat 2025-10-19 23:05:24 -04:00
  • 9d0372484a Add CodeQL security scanning workflow lockbitchat 2025-10-19 22:08:31 -04:00
  • 69fa5ffc28 Add CodeQL security scanning workflow lockbitchat 2025-10-19 22:04:07 -04:00
  • ed169b4c8c Add CodeQL security scanning workflow lockbitchat 2025-10-19 22:02:28 -04:00
  • 906562333e fix(ios): prevent chat crash when Notifications API is unavailable on iPhones - Guarded all Notification API usage to avoid ReferenceError on iOS Safari. - Set default permission to 'denied' when Notification is undefined. - Added early return in notification flow when Notifications API is unavailable. - Wrapped Notification.permission, requestPermission(), and new Notification(...) with typeof checks. - Updated SecureNotificationManager and app.jsx to degrade gracefully. - Verified build passes and chat loads correctly on iOS without notifications. lockbitchat 2025-10-19 20:51:44 -04:00
  • 4e7f5867b5 feat: implement automatic key generation on channel creation lockbitchat 2025-10-19 15:23:02 -04:00
  • 5ddfd1f5b3 fix(ios): prevent chat crash when Notifications API is unavailable on iPhones lockbitchat 2025-10-17 03:49:33 -04:00
  • 1acbc12a92 update version to v4.4.18 lockbitchat 2025-10-15 20:23:50 -04:00
  • 3ed8766fc9 v4.3.120 update lockbitchat 2025-10-15 20:15:41 -04:00
  • b087adfecc feat: implement secure browser notifications system lockbitchat 2025-10-15 19:58:28 -04:00
  • 5b5cc67fdc Push to Codeberg lockbitchat 2025-10-15 04:55:22 -04:00
  • 93e4b7ad19 test lockbitchat 2025-10-15 04:51:48 -04:00
  • fce18d27a5 Push to PrivacyGuides lockbitchat 2025-10-15 04:41:05 -04:00
  • 03e06f59dc Push to Codeberg lockbitchat 2025-10-15 04:30:18 -04:00
  • 5df6cb0d16 test ssh lockbitchat 2025-10-15 04:25:49 -04:00
  • 3730f46a08 test remote lockbitchat 2025-10-15 04:23:51 -04:00
  • abd6f9a7f5 Test mirror lockbitchat 2025-10-15 04:21:20 -04:00
  • 99469e5bd5 Remove experimental Bluetooth key transfer module - Deleted BluetoothKeyTransfer.js and related classes - Removed BluetoothKeyTransfer.jsx UI component - Cleaned up Bluetooth imports from app-boot.js and bootstrap-modules.js - Removed Bluetooth buttons and handlers from main app - Eliminated all Bluetooth functionality due to Web Bluetooth API limitations - Browsers cannot create GATT servers or advertise devices - Reduced bundle size by ~78KB - Application now focuses on supported browser technologies (QR codes, manual key exchange, WebRTC) lockbitchat 2025-10-15 04:13:14 -04:00
  • 2306b32482 Remove experimental Bluetooth key transfer module lockbitchat 2025-10-15 01:47:28 -04:00
  • cbb6a8fa31 Remove experimental Bluetooth key transfer module lockbitchat 2025-10-15 01:46:54 -04:00
  • 4be6fc55f5 Remove experimental Bluetooth key transfer module lockbitchat 2025-10-15 01:46:36 -04:00
  • cb62d8eb3b fix: resolve ReferenceError issues and improve disconnect functionality lockbitchat 2025-10-14 22:51:48 -04:00
  • ea8cf47118 Table update lockbitchat 2025-10-13 11:54:05 -04:00
  • d292c84829 session bug fix lockbitchat 2025-10-13 11:13:11 -04:00
  • 45de8ce285 refactor: implement minimal PWA caching strategy lockbitchat 2025-10-13 01:38:41 -04:00
  • 7af8f528ff refactor: implement minimal PWA caching strategy lockbitchat 2025-10-13 01:35:32 -04:00
  • d24d578321 feat: Add comprehensive iOS PWA splash screen support lockbitchat 2025-10-09 20:49:04 -04:00
  • dd9f13ab59 Add Browser Extension block lockbitchat 2025-10-09 05:09:17 -04:00
  • 2e5b078bc2 UX/UI updates and bug fixes lockbitchat 2025-10-08 17:23:54 -04:00
  • 75fa1cd27d Qr generator create bug fix lockbitchat 2025-10-08 01:24:04 -04:00
  • 60db79d2ae v4.3.120 update lockbitchat 2025-10-08 00:17:53 -04:00
  • 204e1edd9a Update version to 4.3.120 UX/UI 4.3.120 lockbitchat 2025-10-08 00:08:13 -04:00
  • 5b557102b4 Fix QR scanner multi-chunk processing and binary data handling lockbitchat 2025-10-07 23:58:54 -04:00
  • e6d6576d70 Render loading state if not ready lockbitchat 2025-10-06 14:35:13 -04:00
  • d2830b9c46 Optimize JSON and QR codes lockbitchat 2025-10-05 06:21:14 -04:00
  • ec04bebf22 Update UX/UI slider lockbitchat 2025-10-03 00:07:11 -04:00
  • 8cd78a2aba Update slider UX/UI lockbitchat 2025-10-02 21:34:45 -04:00
  • 4359e5fab1 Add Testimonials section with user feedback lockbitchat 2025-10-02 19:39:40 -04:00
  • 78769b58ef UX/UI update lockbitchat 2025-10-02 16:58:09 -04:00
  • afc873761f update lockbitchat 2025-10-02 16:52:42 -04:00
  • 7682f57889 feat(ui): add glowing border effect and improve card hover interactions lockbitchat 2025-10-02 16:52:31 -04:00
  • 6bed472e09 feat(security): implement core crypto and logging hardening lockbitchat 2025-10-02 03:25:38 -04:00
  • 65cc136b99 chore: remove debug logging and disable debug mode for production lockbitchat 2025-10-02 01:43:32 -04:00
  • 5ce6db1640 update lockbitchat 2025-10-01 23:27:59 -04:00
  • 0dde4906d9 update UX/UI lockbitchat 2025-10-01 23:26:07 -04:00
  • 0a7a830b52 Update UX/UI landing page lockbitchat 2025-10-01 20:20:15 -04:00
  • 49347b5c78 Uopdated version to v4.2.12 - ECDH + DTLS + SAS 4.2.12 lockbitchat 2025-09-30 14:18:01 -04:00
  • 85d900727d Update v4.2.12 lockbitchat 2025-09-30 14:13:23 -04:00
  • 7902359c48 feat(qr-exchange): improved QR code exchange system lockbitchat 2025-09-27 19:07:17 -04:00
  • 0ce05b836b Update delete old laying visual files lockbitchat 2025-09-24 10:48:32 -04:00
  • 34094956b7 feat(core): update session, security system and QR exchange lockbitchat 2025-09-23 20:01:02 -04:00
  • 804b384271 feat: implement build system and development workflow lockbitchat 2025-09-08 19:22:50 -04:00
  • 5034386ee6 Update lockbitchat 2025-09-08 16:40:39 -04:00
  • 14b6ae2337 Add to CSP lockbitchat 2025-09-08 16:10:26 -04:00
  • 0f8399ec88 feat(security,ui): self-host React deps, Tailwind, fonts; strict CSP; local QR; better selection state Replace CDN React/ReactDOM/Babel with local libs; remove Babel and inline scripts Build Tailwind locally, add safelist; switch to assets/tailwind.css Self-host Font Awesome and Inter (CSS + woff2); remove external font CDNs Implement strict CSP (no unsafe-inline/eval; scripts/styles/fonts from self) Extract inline handlers; move PWA scripts to external files Add local QR code generation (qrcode lib) and remove api.qrserver.com Improve SessionTypeSelector visual selection (highlighted background and ring) Keep PWA working with service worker and offline assets Refs: CSP hardening, offline-first, no external dependencies lockbitchat 2025-09-08 16:04:58 -04:00
  • 3458270477 deleting unnecessary comments lockbitchat 2025-09-08 11:45:32 -04:00
  • e2316f6557 **What Changed:** - **Removed:** All libsodium dependencies and PAKE-based authentication - **Replaced With:** ECDH + DTLS + SAS triple-layer security system - **Impact:** Eliminates complex PAKE implementation in favor of standardized protocols 4.02.985 lockbitchat 2025-09-04 17:25:01 -04:00
  • 0d029f5d39 delet test_method lockbitchat 2025-09-01 17:14:16 -04:00
  • beb5bcfd01 fix: resolve message sending - _createMessageAAD method not found lockbitchat 2025-09-01 17:14:04 -04:00
  • 77c19c4d71 CRITICAL: Fix major security vulnerabilities lockbitchat 2025-09-01 16:04:33 -04:00
  • a04fc16d58 Security Update lockbitchat 2025-09-01 15:15:42 -04:00
  • 14b001710a feat(security): strengthen crypto, entropy checks, and memory cleanup lockbitchat 2025-08-31 19:37:26 -04:00
  • 35d83d46f2 feat(security): Implement input validation and fix logging conflicts lockbitchat 2025-08-31 18:35:31 -04:00
  • 6c4d0eeaee feat(security): harden API export, remove global flags, unify scheduler lockbitchat 2025-08-31 18:01:46 -04:00
  • 39ae9f01b7 feat: comprehensive security fixes for critical vulnerabilities lockbitchat 2025-08-31 15:52:34 -04:00
  • 551feb21a4 Security hardening: remove global leaks, enforce crypto, cleanup logs lockbitchat 2025-08-28 18:53:16 -04:00
  • a265209ff6 fix(security): fixes in keystore and cryptography lockbitchat 2025-08-28 17:01:14 -04:00
  • 97b87828e2 feat(security): encrypted key storage with WeakMap and SecureKeyStorage lockbitchat 2025-08-28 16:17:40 -04:00
  • a4161bc47e SECURITY: Fix console logging vulnerabilities in production mode lockbitchat 2025-08-28 15:15:09 -04:00
  • e468838596 SECURITY: Fix console logging vulnerabilities in production mode lockbitchat 2025-08-28 15:05:42 -04:00
  • 398d8bc014 Updated application documentation and website homepage to include ASN.1 Validation lockbitchat 2025-08-27 13:25:26 -04:00
  • 6aaabbd1df feat(security): Implement full ASN.1 validation for key structure verification lockbitchat 2025-08-27 12:39:18 -04:00
  • 0b01083fce Deleting a test method lockbitchat 2025-08-26 21:36:52 -04:00
  • 984564fae6 feat: add enhanced security validation and timing protection lockbitchat 2025-08-26 19:58:45 -04:00
  • 1e270fb4b8 security: fix critical vulnerabilities in crypto module lockbitchat 2025-08-26 19:44:34 -04:00
  • e7c6dfc3b3 feat: Implement comprehensive token-based authentication system lockbitchat 2025-08-24 23:56:12 -04:00
  • dde7196bb8 fix: prevent install prompt showing in installed PWA lockbitchat 2025-08-24 17:07:31 -04:00