IMPORTANT: AI is used in this project, so lets get that out of the way. im not sure how to quantify it. i use different AI models on different tasks in the code as well as the documentation. i dont want to mislead or inspire undue confidence in this implementation. its open-source for transparency. not ready for general use.
its always worth mentioning this project is far from finished and i hope with feedback i can make it better. i have put efforts towards directing it towards unit-tests, audit and formal-proofs. none of that is good-enough, but i hope they can compliment each other and can act as a starting point for verifying the implementation is correct. the functionality is built around the requirements of my project. it isnt professionally audited or reviewed. use responsibly.
my motivation on this project is that im mainly working on a p2p messaging app. i hope you can understand the pushback i get when i promote my messaging app as “secure”, so this transparency with the signal protocol is nessesary. im sure people have better things to do with their time than review unstable and unfinished code. i only put it out there for you to take a look if you’re interested. as a solo dev, there isnt anyone reviewing my code. if i dont share it like this, no one will come across it.
This project is unfinished so I could be sharing it too early, I wonder if I’m sharing it too late at the point I’m using it in my messaging app.
The implementation is in rust and compiles to WASM for browser-based usage.
- Github: https://github.com/positive-intentions/signal-protocol
- Demo: https://signal.positive-intentions.com/
The aim is for it to align with the official implementation (https://github.com/signalapp/libsignal). That version was not used because my use case required client side browser-based functionality and i struggled to achieve that in the official one where javascript is used but is targeting nodejs.
There are other nuances to my approach like using module federation, which led to me moving away from the official version.
This signal-protocol implementation is purpose-built for a p2p messaging app. i posted about it a couple months ago here: https://programming.dev/post/44280693
Messaging app demo: https://p2p.positive-intentions.com/iframe.html?globals=&id=demo-p2p-messaging--p-2-p-messaging&viewMode=story
IMPORTANT: it’s worth repeating that this is not audited or reviewed. Its far from finished and I don’t recommend you use it in your code. It’s open source for transparency.
Edit:
Cryptography with AI isn’t well received. Going to unlist the post.
Disliking not because you use AI, but as a technician, seeing the statement “im not sure how to quantify it” concerns me immensely. You should know what you’re working with, else consequences may be catastrophic, with how many people may be affected.
“Check out my vibe-coded secure™ P2P web messenger.”
This isn’t taking the piss; this is a piss heist.
I’m upfront about it. I’m sure you can imagine how ai can help in software development. I can’t be more transparent than it being open source.
Being up front about having taken a shit in your bed doesn’t make it any better.
“This bed has not been inspected for cleanliness. Use at your own risk.”
I’m up front about it
Certainly not in the README you goddamn obviously didn’t write. Your LLM “helper” must’ve forgotten.
“This project has not been audited or security-reviewed” technically follows from “I vibe-coded the fucking shit out of this”, but not the other way around.
Well done for being honest and don’t be discouraged by the (predictable) hate and scorn you’re getting for your efforts. Ahh, social media! If you had said all this in person to them, these same people would be pushing back with civility and human decency, but with the barrier of a screen they feel empowered to shout and mock. We still haven’t learned.
Oh not at all I do denounce condemn people who use AI in meatspace as well. But with how the economy is going, we aren’t really taking the trips to go meet our devs and users aren’t we.
