logo
SECURE CHAT Back to Home Page



Secure Chat is a 2 part program consisting of a server component and a client component. These programs make use of the same encryption technique used by TLS (Transport Layer Security) 1.3. TLS 1.3 is a protocol for use in secure web server application, and is not yet in widespread use.

Secure Chat provides for a single connection between two independent parties. One party acts as the host (Server), and the other party connects to the Server (Client). There is no authentication provided, since both ends should be operated by a real person. This allows for any question/answer to be used for authentication. Web servers on the other hand are not manned, and must use certificates for authentication.

So why would we use this cryptographic protocol? TLS 1.3 has a number of advantages over previous protocols. SSL is a dead issue, and TLS 1.0/1.1 are deprecated and no longer accepted by many servers. TLS 1.3 reduces the round trips required to negotiate a connection and utilizes forward secrecy. Forward secrecy uses ECC (Elliptical Curve Cryptography) to allow each end to independently calculate the key material used to create the encryption keys. No keys are stored, and it is different for every connection. That means that even if a hacker manages to crack one connection, it is useless for past or future connections.

The first time the Client program is run, a default of "127.0.0.1|258" (::1|258 for IPv6) is loaded into the dropdown box, and this address (127.0.0.1) and port (258) will be saved when the program is exited. You can also add any host address (including domain names) and port number into the text box, and it also will be saved when the program is exited. When a link no longer proves to be useful, it can be deleted when it appears in the text box by using a Ctrl-D key combination. Selecting any address/port from the list attempts to establish a connection with the server program at that address/port. Also note that the selected address/port is automatically moved to the top of the list for the next time you attempt to connect.

Once a connection is established with the other end, the 2 ends will negotiate a secure connection resulting in a "Handshake Complete" message in the Status Bar and a "CONNECTED!" message in the Message Box. The focus should automatically shift to the Input box at the bottom, allowing you to type in any message you desire. Outgoing messages will be preceded by "<-", and incoming messages will be preceded by "-->". With these type of systems, it is often unknown what the other party is doing. Are they responding to my message, or are they thinking about it? A small blinking red dot appears on the right side of the status bar every time the other end hits a key. Also note that Spell Checking has been implemented on the Input box, and in theory it supports non-latin character sets.

The Server operates vey much the same. The big difference is that the Server must listen for a connection request on the same port as the client is using. Most IPv4 computers are sitting behind a NAT router, and an internal Firewall. Therefore, you must configure your router to either forward the connection request on the External Port number directly to your machine, or configure it to use Port Triggering on that Port number. Port Triggering does not require fixed IP addressing, but Port Forwarding does. Fixed IP addressing can be accomplished by configuring your network adapter, or in most modern routers, by using DHCP to provide the same function. You can still use the Client software without setting up your router, but you will not be able to listen for an incoming connection.

Back to Top


| Home Page


address