General information:

Q: What is "Paranoid Mail"?

A: Paranoid Mail - email-like client-server messaging system with 2 key features: strong end-to-end encryption and anonymity.

Q: Why you created it?

A: Because too many governments and companies want spying on people and i don't like it. Privacy and freedom is more important than laws and security.

Q: There are many other encryption software...

A: Yes. But many of them using proprientary code and have backdoors. Paranoid Mail - open source and have no backdoors


Technical details:

Q: What crypto algorytms used?

A: Messages and local sensitive data (accounts, contacts, keys) in Paranoid Mail encrypted by combination of ThreeFish-1024 and ChaCha20 ciphers. Server-client and server-server communications encrypted by ChaCha20, ThreeFish-256 or ThreeFish-512 (randomly chosen by answering server on session start). Also using 3 crypto hash functions: Skein, Blake and Keccak. For public key authentification, signing data, creating shared keys - Curve25519/Ed25519 elliptic curve algoritms used

Q: How is addresses in Paranoid Mail looks?

A: UserID@ServerID

Q: What is "UserID" and "ServerID"?

A: 64bit variables, unique for each user/server.

Q: Why not use names like normal emails?

A: Anonymity. Name can be easy converted to ID by hash function (Paranoid Mail client have ID calculator), but not reverse.

Q: What formats used for messages text?

A: Plain text (unicode) or RTF. No HTML format, because i don't want use web browser components for viewing/editing

Q: What maximal attached file size?

A: No limitations. Big files splits to 800kb-8mb parts.

Q: What compression used?

A: LZMA (7-Zip SDK) used for messages text and compressable file parts.

Q: Does Paranoid Mail use OpenSSL or any other popular network library?

A: No. I wrote all Paranoid Mail network-communication protocol by myself.

Q: What 3rd party code you used?


Server:

Q: What is Paranoid Mail Server system requirements?

A: There is 2 versions of Server - Windows/.Net and Mono. Windows version can run on any Windows PC with Net framework 4.51 or later. Mono version can run on any Windows, Linux or OSX computer with installed Mono 4.4+. Also you need public static IP address and at least one open TCP port for incoming connections.

Q: Where server stores all data?

A: You can use MySQL (or forks like MariaDB or Percona), Microsoft SQL server (including Express edition and Azure) or SQLite embedded database

Q: What is "Relaying enabled" server flag mean?

A: Mean that server can be used for relaying other servers messages. Any message from user A@B to user C@D will go thru servers X,Y,X etc. with "Relaying enabled" flags and reach destination server after passing 1-5 relays on way. For each message on each server next relay selected randomly.

Q: Why not just send direct from server B to D?

A: Because random relaying makes harder for NSA, FSB and other spy agencies track user messages and detect "User A communicating with user C".

Q: What if server X controlled by spies?

A: When user A@B sends something to user C@D - server B can see "my user A sends something to someone on server D". Server D can only see "Someone from server B sends something to my user C". Relays (servers X, Y, Z) - only see "Someone from server B sends something to server D". And only users A and C can see full from/to info. Well, if you and your contact both using same server and that server spying on you - then yes, spy can known "A communicating with C", but still have no way to read messages content.

Q: How to enable new users registration only for some people, not for everyone?

A: Easy. In Paranoid Server Configurator add additional TCP port and set password for that port.

Q: What about port scanners?

A: Server starts communicating with you only after receiving correct handshake signature (see in source code). Incorrect handshake -> server drop connection and blacklist your IP for some time.

Q: And what about Man-in-the-middle attacks?

All data send and received on handshake/key exchanging phases - hashed by both sides (server and caller), and then server sign that hash and send it to caller for verify. MITM have no private server key and can't correctly sign altered data, so caller disconnects after verifying wrong-signed data.


Client:

Q: What is Paranoid Mail Client system requirements?

A: Windows/.Net 4.5.1+. Versions for other platforms will be created later.

Q: Do i need enter my email, phone or other personal data for account registration and using?

A: No. You can stay anonymous.

Q: Does Paranoid Mail Client have password restore function?

A: No. Because "Password restore" is BIGGEST security hole. So... if you forgot your master password or lost .key file - you have to create new accounts and establish contacts again.

Q: Where client stores all data?

A: Messages and configuration stored in SQLite embedded database. All sensitive information - accounts, contacts, keys - stored in strongly-encrypted file. No "clouds", "remote backups" etc, all sensitive data - only on your computer.

Q: What happens if someone had access to my Paranoid Mail Client?

A: Nothing, as long as he didn't known your "Master password" or don't have file with sensitive data. Breaking 1024 bit encryption by "brute force"? Good luck :) Ofc, you should keep your PC clean from trojans and keyloggers.

Q: ...but messages in database?

A: Without decrypted .key file? Nothing. Not only can't read messages content, but can't even see to who you write messages or from who received it. All your contacts names, user/server IDs - stored in .key file, not in database.

Q: I using multiple computers. Do i need install Paranoid Mail Client on each computer?

A: No. Paranoid Mail Client is portable, you can use it from removable media if need.




If have any other questions - ask me on forum