Application Security
Authentication. Mandatory user authentication when connecting to the server. The server uses its own user password hash and authentication protocol.
To prevent theft and spoofing of a session, each user session is one-time (sessions are protected by one-time keys). If the server detects a second connection with the same session, it disconnects both sessions and offers to log in again.
Multi-factor authentication. It is used both to confirm the identity of the user, and to authenticate the interlocutor.
Cryptography. End-to-end encryption technology based on AES, and SHA-512 algorithms. Not only the data transmission channel is encrypted, but also all transmitted information: text, voice, files.
The RSA algorithm is used to encrypt / decrypt group keys.
OTR. Off-the-Record Messaging. A cryptographic protocol that provides the ability to set additional password encryption for correspondence with a specific user
Integrity Monitoring of the transmitted information. The system controls the sending / receiving of all packets, reducing the possibility of MITM attacks on the system.