Hardening the Reticulum ecosystem.
Cryptspeak started as a fork of ratspeak/rsCardputer.
Reticulum already provides a decentralized networking stack, and LXMF provides secure messaging on top of it. Cryptspeak does not aim to replace either project. Instead, it focuses on improving the firmware that runs on the device by protecting data at rest, hardening the implementation, addressing security issues where they are found, and shipping stable firmware for everyday use.
At the moment, development effort is concentrated on the Cardputer Adv.
Supporting multiple hardware platforms before they are truly stable would spread development too thin. It is more effective to deliver one firmware we trust than several that are only partially finished.
Support for additional hardware is planned, but only after the Cardputer Adv reaches the level of stability we are aiming for.
The security design is documented publicly. If you are interested in the implementation rather than just the feature list, these documents describe the design and threat model in detail:
Our focus has been on ensuring that sensitive information remains protected even when someone has physical access to the device.
Current security features include:
- Full encryption of stored Reticulum identities, LXMF messages, contacts, and configuration
- Duress password support that securely erases device data instead of unlocking it
- Automatic locking after inactivity by rebooting back to the password prompt
- Password lockout to slow offline brute-force attacks
- General hardening and stability improvements throughout the firmware
The encryption is built from well-established primitives—PBKDF2, HKDF, AES-256-CTR, and HMAC-SHA256—rather than custom cryptography. The implementation is documented in the Encryption Overview and is designed to fail safely when data has been modified or authentication fails.
Security is not just a feature list.
During development, we identified a flaw in microReticulum where Identity::validate() ignored the return value of the Ed25519 signature verification routine and always reported success. This effectively disabled signature verification for authenticated packets. We reported the issue upstream, submitted a fix that has since been merged, and switched Cryptspeak to a patched dependency.
- Upstream issue: ratspeak/rsCardputer#17
- Merged fix: ratspeak/microReticulum#1
Finding and fixing issues like this is one of the reasons Cryptspeak exists.
Cryptspeak is still beta software.
The cryptographic design uses established algorithms rather than novel constructions, but implementation quality matters just as much as algorithm choice. The implementation has been reviewed using automated security analysis tooling, and the design is documented publicly in the Threat Model and Encryption Overview. It has not yet received an independent manual audit by experienced security engineers or cryptographers.
If you are interested in reviewing the implementation or performing an independent audit, contributions are welcome.
We believe private communication should not depend on centralized infrastructure.
Reticulum already provides a decentralized network architecture. Our contribution is making the firmware that runs on it harder to compromise, easier to trust, and suitable for long-term everyday use.
At the moment, Cryptspeak is maintained by one person.
Contributions, bug reports, testing, documentation improvements, and independent security reviews are all welcome. If you find the project useful and would like to support its continued development or future hardware support, donations are greatly appreciated.