Security and Privacy - Contractor-x/bitchat GitHub Wiki

Encryption

• Private Messages: X25519 key exchange + AES-256-GCM encryption
• Channel Messages: Argon2id password derivation + AES-256-GCM
• Digital Signatures: Ed25519 for message authenticity
• Forward Secrecy: New key pairs generated each session

Privacy Features

• No Registration: No accounts, emails, or phone numbers required
• Ephemeral by Default: Messages exist only in device memory
• Cover Traffic: Random delays and dummy messages prevent traffic analysis
• Emergency Wipe: Triple-tap on logo to instantly clear all data
• Local-First: Works completely offline, no servers involved