Security


WARNING

As the project is in its alpha stage, using it to exchange sensitive information is not recommended yet. To report bugs or security vulnerabilities, please check out bugs.

 

Algorithmic details:

Quantum Cryptographic Algorithms used:

Asymmetric Key: MCEQCMDPC256FO-CUBE512-CHACHA20:

McEliece trapdoors running on quasi-cyclic medium-density parity-check (QCMDPC-ones) with Fujisaki-Okamoto encryption padding that provides attack complexity around 2^256 using cube512 as the hash function and chacha20 as the symmetric cipher.

Digital Signatures: FMTSEQ256C-CUBE512-CUBE256:

Merkle-tree signatures with Cube512 is used as a message digest algorithm, and Chacha20 is used for construction of Merkle tree.

For more information, check out: 

https://www.nist.gov/news-events/news/2019/01/nist-reveals-26-algorithms-advancing-post-quantum-crypto-semifinals
https://gitea.blesmrt.net/exa/codecrypt
https://e-x-a.org/codecrypt/

Authenticated Symmetric Encryption:

XSalsa20 with Poly1305

For more information, read:

https://doc.libsodium.org/advanced/stream_ciphers/salsa20
https://pynacl.readthedocs.io/en/latest/secret/

Key Derivation Function used:

Argon2id with the recommended parameters

For more information, read:

https://pynacl.readthedocs.io/en/latest/password_hashing/

Hash Function used:

Blake2b with the recommended parameters

For more information, read:

https://docs.python.org/3/library/hashlib.html#hashlib.blake2b

Status Of Project: Alpha / Pre Alpha

Currently, there are no releases. We are trying to add more features and improve the existing ones. It works from the terminal only. There is no 
GUI. POP3/SMTP/IMAP is NOT supported yet. So, only domestic emails can be sent and recieved. The terminal support shall not be discontinued :)

Roadmap:

Adding support for POP3/SMTP/IMAP.
Introducing a GUI.
Migrating from codecrypt to LibOQS or a quantum resistant version of SSL.

We understand that Codecrypt lacks the required amount of cryptanalysis. The reason for choosing Codecrypt in the first place was the lack of proper quantum cryptographic libraries with reasonable features and compatibility.

The development of Quantum Computers threatens the current state of the cryptography that secures our data. This means that all the data that travels  various networks can be intercepted and decrypted.

We use quantum-safe* algorithms to secure your communications so that, in the event of a functional quantum computer, your data will remain secret. Your mails are end-to-end encrypted, which differs from conventional email service providers because they have the capability of reading your emails. Therefore, they can also give your data up to authorities, if they are legally asked to do so. In contrast, we *can not* read your data, even if we wanted to. We tried to create a system, in which you are not forced to trust the enviornment. When you choose us, you get phyical security of your keys - your keys are randomly generated on your device and never leave it. All we get to know about an email in our system is the sender's and the reciever's email address, which, is the bare minimum. Our mailing client is open-source so that you can examine what and how data is sent over to us. Feel free to contribute to the codebase.

We do not collect/sell any data whatsoever from our customers to maintain an anonymous emailing service. In addition to that, we refrain from spamming 
you with pervasive advertisements that track you around the entirety of the internet.