A: Paranoid Mail - email-like client-server messaging system with 2 key features: strong end-to-end encryption and anonymity.
A: Because too many governments and companies want spying on people and i don't like it. Privacy and freedom is more important than laws and security.
A: Yes. But many of them using proprientary code and have backdoors. Paranoid Mail - open source and have no backdoors
A: Messages and local sensitive data (accounts, contacts, keys) in Paranoid Mail encrypted by combination of ThreeFish-1024 and ChaCha20 ciphers. Server-client and server-server communications encrypted by ChaCha20, ThreeFish-256 or ThreeFish-512 (randomly chosen by answering server on session start). Also using 3 crypto hash functions: Skein, Blake and Keccak. For public key authentification, signing data, creating shared keys - Curve25519/Ed25519 elliptic curve algoritms used
A: 64bit variables, unique for each user/server.
A: Anonymity. Name can be easy converted to ID by hash function (Paranoid Mail client have ID calculator), but not reverse.
A: Plain text (unicode) or RTF. No HTML format, because i don't want use web browser components for viewing/editing
A: No limitations. Big files splits to 800kb-8mb parts.
A: LZMA (7-Zip SDK) used for messages text and compressable file parts.
A: No. I wrote all Paranoid Mail network-communication protocol by myself.
A: There is 2 versions of Server - Windows/.Net and Mono. Windows version can run on any Windows PC with Net framework 4.51 or later. Mono version can run on any Windows, Linux or OSX computer with installed Mono 4.4+. Also you need public static IP address and at least one open TCP port for incoming connections.
A: You can use MySQL (or forks like MariaDB or Percona), Microsoft SQL server (including Express edition and Azure) or SQLite embedded database
A: Mean that server can be used for relaying other servers messages. Any message from user A@B to user C@D will go thru servers X,Y,X etc. with "Relaying enabled" flags and reach destination server after passing 1-5 relays on way. For each message on each server next relay selected randomly.
A: Because random relaying makes harder for NSA, FSB and other spy agencies track user messages and detect "User A communicating with user C".
A: When user A@B sends something to user C@D - server B can see "my user A sends something to someone on server D". Server D can only see "Someone from server B sends something to my user C". Relays (servers X, Y, Z) - only see "Someone from server B sends something to server D". And only users A and C can see full from/to info. Well, if you and your contact both using same server and that server spying on you - then yes, spy can known "A communicating with C", but still have no way to read messages content.
A: Easy. In Paranoid Server Configurator add additional TCP port and set password for that port.
A: Server starts communicating with you only after receiving correct handshake signature (see in source code). Incorrect handshake -> server drop connection and blacklist your IP for some time.
All data send and received on handshake/key exchanging phases - hashed by both sides (server and caller), and then server sign that hash and send it to caller for verify. MITM have no private server key and can't correctly sign altered data, so caller disconnects after verifying wrong-signed data.
A: Windows/.Net 4.5.1+. Versions for other platforms will be created later.
A: No. You can stay anonymous.
A: No. Because "Password restore" is BIGGEST security hole. So... if you forgot your master password or lost .key file - you have to create new accounts and establish contacts again.
A: Messages and configuration stored in SQLite embedded database. All sensitive information - accounts, contacts, keys - stored in strongly-encrypted file. No "clouds", "remote backups" etc, all sensitive data - only on your computer.
A: Nothing, as long as he didn't known your "Master password" or don't have file with sensitive data. Breaking 1024 bit encryption by "brute force"? Good luck :) Ofc, you should keep your PC clean from trojans and keyloggers.
A: Without decrypted .key file? Nothing. Not only can't read messages content, but can't even see to who you write messages or from who received it. All your contacts names, user/server IDs - stored in .key file, not in database.
A: No. Paranoid Mail Client is portable, you can use it from removable media if need.