Answer: Yes, even I can't read your conversations, no matter how hard I try...

The safest way of online chatting.

ChatCrypt performs a military-class AES-256 CTR encryption on chat messages,
thus no one can read them except the participants who knows the same secret password.

Unlike traditional so-called "secure chats" where only the connection is secured between the browser and the server, thus on server side all messages can be readed and logged in plain text format, ChatCrypt approaches the problem from a different perspective: it encrypts the messages itself before they leave the browser's frontend utilizing the AES-256 algorithm in CTR mode with a secret password specified by the user.


With this simple, but unquestionably most effective solution decryption of any message is only possible with the knowledge of the passphrase given at the inital encryption stage. So there is no need to secure the connection, messages travels in their encrypted form inside the entire pipeline. On server side there is no known solution to break that cipher in a reasonable time, so the conversations remains private between the participants who joined a room with the same password.


Common misbelief

Most people thinks that if a website uses a HTTPS connection (especially with the green address bar) then their "typed-in" informations are transmitted and stored securely. This is only partially true. The transmission is encrypted well, so no third party can sniff those informations, but there is no proof that the website owners will handle them with maximum care, not mentioning that the suitable laws can enforce anyone to serve stored data for the local authorities.


Overall, this means that if anyone uses a chat service with similar security technology, the conversiation will be visible for the participants and (at least) for the website owners. That case is probably not acceptable in every situation, especially where mission critical informations have to be exchanged.


Perfect solution

ChatCrypt's unique encryption feature ensures that only and exclusively the participants of a room with a shared password are able to read each others messages. More precisely, anyone else who may acquires the conversation without the knowledge of the password won't be able to decode it. Additionally, ChatCrypt holds the encrypted form of the messages only temporarily in the server's memory for less then 10 seconds, so there is no real chance to retrieve even the ciphered texts.


Special thanks

ChatCrypt uses Chris Veness's AES implementation in JavaScript for the military grade encryption, and WebToolKit's MD5 implementation in JavaScript to make passwords even more complex for the cipher.