Tweet
NoPrying is a secure messenger, a clean design of best practices, we do not re-invent the wheel, however we combine innovative ideas, making it one tough nut to crack.
Why? for the most part the public are being deceived, end to end encryption is promised, yet with your existing messaging app try this - take a brand new phone, load the app, enter your email and short password and the full history of messages are loaded. This means the encryption passwords are held on the server, so not true end to end encryption. Yes true end to end encrypted apps exist, however we believe we can do better, introduce a few innovations along the way.
Built upon these principles
Server Minimal Trust: server relays encrypted messages
Account Free: no accounts, end clients decide which mailboxes to use
Initial Security: out-of-band word-list bootstrap
Rotating One Time Collection of Mailboxes: minimizes the attack surface by removing messages the second they are retrieved.
Canary Protection: collection system protected by canary system to flag additional bad actor collection attempts.
Per message ratchet: self healing against snapshot attacks
Designed for simple self hosting of server: trust no one except your own organization
Open Source Minimal Code - isolated encryption routines, written in a memory secure language (c#). Every line of code can be checked. A fresh implementation using cleanest and smallest amount of code possible.
Free for non-commercial use
Escalating tiers of security
Level 2 is a purely symmetric design (HKDF chains + AES-256-GCM-SIV)
Level 4 builds on Level 2 adds a hybrid X448 + ML-KEM-1024 triple ratchet (with a collection-triggered ratchet to heal silent recipients) plus an independent pinned post-quantum client–server transport channel, extending self-healing to survive a passive network observer and a future quantum adversary
Level 5 is Diplomat / CEO level of security, wraps everything in an air-gapped, courier-delivered pre-shared keystream (a CSPRNG "one-time pad") on a radio-isolated offline device, so confidentiality survives even a fully rooted everyday phone and the total cryptanalytic collapse of every online primitive beneath it.
Check out the design: https://forum.dbpoweramp.com/forum/n...at-is-noprying
Why? for the most part the public are being deceived, end to end encryption is promised, yet with your existing messaging app try this - take a brand new phone, load the app, enter your email and short password and the full history of messages are loaded. This means the encryption passwords are held on the server, so not true end to end encryption. Yes true end to end encrypted apps exist, however we believe we can do better, introduce a few innovations along the way.
Built upon these principles
Server Minimal Trust: server relays encrypted messages
Account Free: no accounts, end clients decide which mailboxes to use
Initial Security: out-of-band word-list bootstrap
Rotating One Time Collection of Mailboxes: minimizes the attack surface by removing messages the second they are retrieved.
Canary Protection: collection system protected by canary system to flag additional bad actor collection attempts.
Per message ratchet: self healing against snapshot attacks
Designed for simple self hosting of server: trust no one except your own organization
Open Source Minimal Code - isolated encryption routines, written in a memory secure language (c#). Every line of code can be checked. A fresh implementation using cleanest and smallest amount of code possible.
Free for non-commercial use
Escalating tiers of security
Level 2 is a purely symmetric design (HKDF chains + AES-256-GCM-SIV)
Level 4 builds on Level 2 adds a hybrid X448 + ML-KEM-1024 triple ratchet (with a collection-triggered ratchet to heal silent recipients) plus an independent pinned post-quantum client–server transport channel, extending self-healing to survive a passive network observer and a future quantum adversary
Level 5 is Diplomat / CEO level of security, wraps everything in an air-gapped, courier-delivered pre-shared keystream (a CSPRNG "one-time pad") on a radio-isolated offline device, so confidentiality survives even a fully rooted everyday phone and the total cryptanalytic collapse of every online primitive beneath it.
Check out the design: https://forum.dbpoweramp.com/forum/n...at-is-noprying