-
Notifications
You must be signed in to change notification settings - Fork 4
Security Model
This page explains QuietDrop's security model, the cryptographic primitives used, and the threat models it addresses across all supported platforms.
QuietDrop is built on several fundamental security principles:
-
End-to-End Encryption (E2EE): Messages are encrypted on the sender's device and can only be decrypted by the intended recipient.
-
Zero Trust Server: The server cannot read message contents even if compromised.
-
Forward Secrecy: Past communications remain secure even if keys are later compromised.
-
Strong Authentication: Secure password hashing protects user credentials.
-
Cross-Platform Security: The same security model applies consistently across desktop and mobile platforms.
-
Process Isolation: The Tauri architecture separates the frontend from the backend for additional security.
QuietDrop's security is implemented across multiple layers:
graph TD
subgraph "Security Layers"
E[End-to-End Encryption] --> M[Message Security]
A[Authentication Security] --> U[User Security]
P[Platform Security] --> D[Device Security]
N[Network Security] --> T[Transport Security]
end
subgraph "Implementation"
E --> CS[Cryptographic Services]
CS --> Sodium[Sodiumoxide/libsodium]
A --> PH[Password Hashing]
PH --> Argon2[Argon2id]
P --> PI[Process Isolation]
PI --> Tauri[Tauri Security Model]
N --> TLS[TLS Encryption]
end
QuietDrop uses asymmetric cryptography for secure message exchange:
- Key Pairs: Each entity (client and server) generates its own public/private key pair
- Key Algorithm: X25519 (Curve25519) for efficient elliptic curve cryptography
-
Key Storage:
- Desktop: Platform-specific secure storage
- Mobile: Platform keychain/secure enclave
- All Platforms: Private keys never leave the device where they were generated
Messages are encrypted using:
- Algorithm: XSalsa20-Poly1305 authenticated encryption (via NaCl crypto_box)
-
Process:
- Generate a random nonce (number used once)
- Encrypt message using recipient's public key and sender's private key
- Combine nonce and ciphertext for transmission
// Simplified encryption process
let nonce = box_::gen_nonce(); // 24-byte random nonce
let encrypted_msg = box_::seal(message.as_bytes(), &nonce, recipient_public_key, sender_private_key);
let complete_ciphertext = [nonce.as_ref(), encrypted_msg.as_slice()].concat();User authentication uses industry best practices:
- Password Hashing: Argon2id (winner of the Password Hashing Competition)
-
Parameters:
- Memory usage: 4096 KB (memory-hard to resist hardware attacks)
- Iterations: 3 passes
- Parallelism: 1 thread
- Salting: Unique random salt for each password
// Password hashing configuration
let config = Params::new(3, 4096, 1, None);
let argon2 = Argon2::new(Algorithm::Argon2id, Version::V0x13, config);The Tauri 2.0 framework provides additional security features for the desktop and mobile applications:
Tauri implements a security architecture that separates the frontend (WebView) from the backend (Rust):
graph TD
subgraph "Frontend (WebView)"
UI[UI Components]
JS[WebAssembly from Rust]
end
subgraph "Backend (Rust)"
TA[Tauri Runtime]
Core[QuietDrop Core]
FS[File System]
NS[Network Services]
end
UI --> IPC{Custom IPC Protocol} --> TA
JS --> IPC --> TA
IPC --> CSP[Content Security Policy]
- Limited Access: Frontend has no direct access to the filesystem or network
- Permission System: Access to system resources is explicitly granted
- Custom Protocol: Communication between frontend and backend uses a secure IPC protocol
- Content Security Policy: Protects against XSS and similar web-based attacks
QuietDrop leverages platform-specific security features:
Desktop Platforms:
- Windows: Windows Data Protection API for secure storage
- macOS: Keychain for secure storage
- Linux: libsecret for secure storage
Mobile Platforms:
- Android: Android Keystore for secure key storage
- iOS: Keychain Services and Secure Enclave for key protection
- Both: App sandbox isolation
QuietDrop's security model protects against several types of threats:
Threat: Adversaries monitoring network traffic to intercept communications.
Protection: All message content is encrypted end-to-end, making it unreadable to anyone monitoring the network.
Threat: The server being hacked or operated by a malicious entity.
Protection: Since messages are encrypted with the recipient's public key, the server only handles encrypted data it cannot decrypt.
Threat: Attempts to crack user passwords through brute force.
Protection: Argon2id with tuned parameters makes password cracking computationally expensive, even with specialized hardware.
Threat: An attacker positioning themselves between clients and the server.
Protection: Public key authentication ensures messages can only be decrypted by the intended recipient.
Threat: Attacks targeting the WebView component through malicious content.
Protection:
- Content Security Policy (CSP) restrictions
- Process isolation between WebView and backend
- Limited access to system resources
Threat: Device theft or unauthorized physical access.
Protection:
- Secure key storage in platform-specific secure enclaves
- Optional biometric authentication (planned)
- Local data encryption
QuietDrop's security model has some limitations in its current implementation:
-
Key Distribution: The current implementation has a simplified key exchange mechanism
-
Metadata Protection: While message content is encrypted, metadata (sender, recipient, timestamp) is currently not protected
-
Perfect Forward Secrecy: Current implementation doesn't yet implement key rotation or the Double Ratchet Algorithm
-
Authentication Mechanism: Current authentication is basic and will be enhanced with more robust methods
-
Local Database Encryption: Planned SQLite database will need proper encryption for stored messages
Future security enhancements planned for QuietDrop:
-
Double Ratchet Algorithm: Implementing the Signal Protocol's ratcheting system for improved forward secrecy
-
Metadata Encryption: Encrypting message metadata to protect communication patterns
-
Key Verification: Adding support for out-of-band key verification
-
Biometric Authentication: Adding support for biometric authentication on compatible devices
-
Secure Database: Implementing SQLCipher for encrypted message storage
-
Certificate Pinning: For protection against TLS MITM attacks
-
Formal Verification: Mathematical verification of the cryptographic implementation
-
Security Auditing: Professional third-party security audit
QuietDrop maintains consistent security across platforms with some important considerations:
-
Uniform Cryptography: All platforms use the same cryptographic libraries and primitives
-
Platform-Appropriate Storage: Keys are stored using the most secure available mechanism on each platform
-
Consistent Authentication: The same authentication mechanisms apply across platforms
-
Adaptive UI Security: Different UI patterns for security actions appropriate to each platform:
- Desktop: Traditional password entry, two-factor authentication
- Mobile: Biometric options where available, simplified secure inputs
If you discover security vulnerabilities in QuietDrop, please follow our Security Policy for responsible disclosure.
- NaCl / libsodium cryptography library: https://nacl.cr.yp.to/
- Argon2 password hashing: https://github.com/P-H-C/phc-winner-argon2
- Signal Protocol (Double Ratchet): https://signal.org/docs/
- Tauri Security Model: https://tauri.app/v2/security/
QuietDrop Wiki | Home | Getting Started | FAQ | Security Model | Architecture | Development Guide
Main Repository | Report Issues | Contributing
© 2023-2025 QuietDrop Contributors | MIT License
Last updated: April 2025