What is Dropm0rt

Dropm0rt is a quantum-resistant, self-destructing message system that provides true end-to-end encryption for sensitive communications.

Why Dropm0rt?

• Dual-Layer Encryption: Messages are encrypted twice - first with your password using Argon2id key derivation, then with a server-generated key using AES-256-GCM or XChaCha20-Poly1305 for quantum resistance.
• Perfect Forward Secrecy: Ephemeral X25519 key exchange with automatic key rotation ensures past communications remain secure even if future keys are compromised.
• CAPTCHA-Protected Access: Anti-OCR CAPTCHAs with cryptographic commitments prevent automated attacks and ensure human verification.
• Self-Destructing Storage: Messages are automatically purged from Redis after reading or TTL expiration (1 hour to 7 days). Burn-after-read option available.
• Memory Protection: Cryptographic keys are securely zeroed from memory after use to prevent recovery.
• Traffic Analysis Protection: Random timing delays and decoy traffic generation prevent correlation attacks and traffic pattern analysis.
• Zero-Logging Mode: Optional complete logging suppression for maximum operational security in high-risk environments.
• Canary Token System: Honeypot tokens detect unauthorized access attempts and trigger immediate breach alerts.
• Emergency Shutdown: Dead man's switch and secure emergency procedures for crisis situations with automatic data destruction.
• Rate Limited: Strict rate limiting prevents abuse - 10 messages per hour, 5 CAPTCHAs per minute.
• Minimal Metadata: Only essential cryptographic parameters are stored - no timestamps, IP addresses, or user tracking.
• Constant-Time Operations: CAPTCHA validation uses HMAC-based constant-time comparison to prevent timing attacks.
• Dual Network Access: Available via clearnet HTTPS and Tor onion service for maximum privacy and censorship resistance.
• Thread-Safe Sessions: Session management uses locks to prevent race conditions during concurrent access.

Technical Implementation

Encryption Flow: Your message undergoes a multi-stage encryption process:

1. Client-Side: Message is padded and compressed using zlib
2. Password Layer: Encrypted with Argon2id-derived key (100,000+ iterations, 32-byte salt)
3. Perfect Forward Secrecy: Ephemeral X25519 ECDH key exchange generates session-specific encryption keys
4. Server Layer: Re-encrypted with quantum-resistant algorithms and ephemeral keys
5. Storage: Stored in Redis with minimal metadata and automatic expiration

Retrieval Process: Messages are decrypted in reverse order with constant-time validation to prevent side-channel attacks. Canary tokens are checked before decryption to detect breach attempts.

Security Monitoring: Real-time breach detection, traffic analysis protection, and emergency communication channels ensure operational security for high-risk users.

Privacy by Design

Dropm0rt implements defense-in-depth security with multiple layers of protection. Every component is designed to minimize attack surface and prevent data leakage. Advanced features include zero-logging mode, traffic obfuscation, and emergency shutdown procedures specifically designed for high-risk threat models.

Operational Security (OPSEC)

Built for environments where security is critical. Features include:

• Tor-Only Mode: Complete isolation from clearnet for maximum anonymity
• Breach Detection: Immediate alerts when unauthorized access is detected
• Emergency Protocols: Secure shutdown and data destruction procedures
• Traffic Camouflage: Decoy traffic and timing obfuscation prevent surveillance

Open Source Security

Our source code is available for independent security audits. We follow industry best practices including OWASP guidelines and NSA-style security hardening. The system has undergone comprehensive security auditing specifically for journalist and whistleblower threat models.

← Back to Create Message