A secure chat web application

#Clone this repository(chat)
git clone https://github.com/kkanho/chat

#Change to the correct directory
cd chat

#Build the server through docker
docker-compose up --build

To view it in the browser, open http://group-39.comp3334.xavier2dc.fr:8080/ or with TLSv1.3 https://group-39.comp3334.xavier2dc.fr:8443/

• User-chosen memorized Secret (password/passphrase)
• Single-Factor OTP Device (Google Authenticator)
• Look-Up Secrets (recovery keys)
• Password salted and hashed
• Password verifiers - check against corpus form haveibeenpwned api
• Implement rate-limiting mechanisms
• Image-based CAPTCHAs
• OTP bind to new account when registration
• Implement proper session binding requirements
• Provide a way to change authenticators after account registration

• ECDH key exchange - establish a shared secret between two users
• Underlying curve - P-384
• Derive two 256-bit AES-GCM encryption keys
• Derive two 256-bit MAC keys
• Share secret using HKDF-SHA256
• Unique salt for each message
• Represent the info using JSON, console log in dev tools
• Message encrypted using AES in GCM mode
• Prevent replay attacks as a recipient
• All key material stored in local storage
• All history messages should be display
• Show warning if previous messages cannot be decrypted
• Refresh button - re-derived all the symmetric key and IV and with a new salt
• Keep all old keys in local storage for next login
• Error message notify the user if the key is not found/cleared
• Protected against CSRF or XSS or SQL injection (samesite: lax)

• Communications encrypted - protect data in transit with TLSv1.3

To use TLS in your own browser, set the root CA(COMP3334 Project Root CA 2024) to always trust

• Ability to sign up, login and logout
• zxcvbn password strength meter