Skip to content
@cryptspeak

Cryptspeak

Hardening the Reticulum ecosystem.

Cryptspeak logo

Hardening the Reticulum ecosystem.

Cryptspeak started as a fork of ratspeak/rsCardputer.

Reticulum already provides a decentralized networking stack, and LXMF provides secure messaging on top of it. Cryptspeak does not aim to replace either project. Instead, it focuses on improving the firmware that runs on the device by protecting data at rest, hardening the implementation, addressing security issues where they are found, and shipping stable firmware for everyday use.

Why focus on one device?

At the moment, development effort is concentrated on the Cardputer Adv.

Supporting multiple hardware platforms before they are truly stable would spread development too thin. It is more effective to deliver one firmware we trust than several that are only partially finished.

Support for additional hardware is planned, but only after the Cardputer Adv reaches the level of stability we are aiming for.

Documentation

The security design is documented publicly. If you are interested in the implementation rather than just the feature list, these documents describe the design and threat model in detail:

What we have built

Our focus has been on ensuring that sensitive information remains protected even when someone has physical access to the device.

Current security features include:

  • Full encryption of stored Reticulum identities, LXMF messages, contacts, and configuration
  • Duress password support that securely erases device data instead of unlocking it
  • Automatic locking after inactivity by rebooting back to the password prompt
  • Password lockout to slow offline brute-force attacks
  • General hardening and stability improvements throughout the firmware

The encryption is built from well-established primitives—PBKDF2, HKDF, AES-256-CTR, and HMAC-SHA256—rather than custom cryptography. The implementation is documented in the Encryption Overview and is designed to fail safely when data has been modified or authentication fails.

Security

Security is not just a feature list.

During development, we identified a flaw in microReticulum where Identity::validate() ignored the return value of the Ed25519 signature verification routine and always reported success. This effectively disabled signature verification for authenticated packets. We reported the issue upstream, submitted a fix that has since been merged, and switched Cryptspeak to a patched dependency.

References

Finding and fixing issues like this is one of the reasons Cryptspeak exists.

Current status

Cryptspeak is still beta software.

The cryptographic design uses established algorithms rather than novel constructions, but implementation quality matters just as much as algorithm choice. The implementation has been reviewed using automated security analysis tooling, and the design is documented publicly in the Threat Model and Encryption Overview. It has not yet received an independent manual audit by experienced security engineers or cryptographers.

If you are interested in reviewing the implementation or performing an independent audit, contributions are welcome.

Why this project exists

We believe private communication should not depend on centralized infrastructure.

Reticulum already provides a decentralized network architecture. Our contribution is making the firmware that runs on it harder to compromise, easier to trust, and suitable for long-term everyday use.

Who maintains Cryptspeak?

At the moment, Cryptspeak is maintained by one person.

Contributions, bug reports, testing, documentation improvements, and independent security reviews are all welcome. If you find the project useful and would like to support its continued development or future hardware support, donations are greatly appreciated.

Popular repositories Loading

  1. csCardputer csCardputer Public

    Forked from ratspeak/rsCardputer

    Standalone LXMF / Reticulum Firmware for the Cardputer-Adv featuring Security Hardening

    C++ 17

  2. microReticulum microReticulum Public

    Forked from ratspeak/microReticulum

    WIP: Port of Reticulum Network Stack to C++ specifically but not exclusively targeting ESP32 and better MCUs.

    C++

  3. webFlasher webFlasher Public

    Cryptspeak Webflasher for the Cardputer Adv

    JavaScript

  4. .github .github Public

    Organization profile for Cryptspeak.

Repositories

Showing 4 of 4 repositories

People

This organization has no public members. You must be a member to see who’s a part of this organization.

Top languages

Loading…

Most used topics

Loading…