Technitium Mesh

Frequently Asked Questions (FAQ)

1. How do I use Mesh to chat with my friends?

   Using Mesh is quite easy. You and your friends can start chatting using it in just a couple of minutes. Just follow the steps below to kick start!

   1. Download and install Mesh on your computer.
   2. Start Mesh and create a Profile. Anonymous profile will protect your identity using Tor Network while peer-to-peer profile is suitable for local LAN networks.
   3. After logging into the profile, click (+) menu on the main window and select Add Private Chat or Add Group Chat.
   4. Use Private Chat option for one-to-one chat. To do private chat, use your peer's user ID and an optional password/shared secret. Make sure that you have received your friend's user ID via some identifiable medium. You can call or message your friend and verify that you have correct user ID to prevent someone from impersonating your friend's identity.
   5. Use Group Chat option to allow multiple peers to participate in chat. To do group chat, enter a name for chat group and an optional password/shared secret. Inform your friends the chat group name and password combination by phone, email or another instant messenger. Anyone who knows the combination can now connect with you on the group chat.
2. What is a Mesh profile?

   Mesh profile is an encrypted file on your computer that contains your RSA key pair. This key pair is used for establishing end-to-end encryption and for generating user ID which you can share with other people to allow them to create private chat with you. Your user ID is not fixed and can be regenerated such that any old user ID that you shared does not work and wont allow anyone to contact you.

   Mesh user IDs are required to be exchanged with people who you want to have private chat. Thus, its really important that you ensure that you have the right user ID of your peer and must attempt to verify the user ID using a different communication channel like phone call or text message to ensure that no one is impersonating your peer. You can also compare the network ID of a chat session with your peer via a different communication channel such that if the network IDs match then you are talking with correct peer or group.

   Mesh profiles can be anonymous or peer-to-peer. Anonymous profiles use Tor Network using built in Tor module and thus all communication is done over Tor Network hiding your real IP address or network location. Peer-to-Peer profile uses any available network like Internet or LAN/WiFi network to communicate directly with your peers and thus your real IP address or network location is disclosed to all your peers.

   Mesh allow creating multiple profiles and also allow your to use them at the same time.

3. What user information is stored with Technitium?

   Since Mesh does not require any registeration, no information about any user is available with Technitium.

   Technitium does not store or have access to the user's profile encryption password or the RSA key pair.

   For more details read our Privacy Policy.

4. What information gets disclosed when using Mesh?

   Mesh creates an identifer called network id for each private or group chat using the group name or user ids and password. This network id is basically a 32 bit hash generated by an algorithm. This network id is used to to find peers on the Distributed Hash Table (DHT) network. Any person who knows this network id can find the IP addresses of the peers using peer-to-peer profiles in a group. However, to join the private/group chat, the password component must be known separately.

   Each peer-to-peer profile user in the group connects directly to each other over the Internet. Thus, each peer knows your IP address and the information that was provided in the user's profile. Any entity trying to sniff your network traffic will just know that IP A is connected to IP B, the entire communication is encrypted end-to-end with perfect forward secrecy (PFS). Users that use anonymous profiles will not be affected since all the traffic goes through Tor Network and thus any pasive network sniffer can only find out that the ueer is using Tor.

   Technitium does not know to whom you chat with. The chat groups are virtual groups, they are not registered on any server and thus knowing any information or reading messages of a group chat or private chat is impossible.

5. I forgot my profile password. How do I reset it?

   The profile password set by the user is an encryption password used to securely store the profile (which includes the user's private key) on the user's computer. Technitium does not have access to the profile password or the private key of the user. If user forgets the profile encryption password, there is no other way to decrypt the profile and any data or messages in that profile will be lost forever.

6. Do I need to create a new profile again to use Mesh on another computer? Can I use the same profile on multiple computers?

   You don't need to create new profile for using Mesh on another computer. You can export your existing profile file using the Profile Manager and import the file on another computer.

7. Can I use multiple computers with same Mesh profile simultaneously?

   Yes, you can import an existing profile to any number of computers and can simultaneously use all the computers for Mesh. Example, if you join same chat group from two computers, you can send and receive messages to the group from both the computers.

8. Is it necessary to provide a password or shared secret while creating a private/group chat?

   The password/shared secret for creating a private/group chat is optional but, its highly recommended to use a password, even a simple one will do. People in the group connect to each other using an identifier that is generated by the group name and password combination. Thus, if you keep the password blank and another group of people also use the same group name, everyone will end up in the same chat group.

   Setting a password also provides a level of security such that only people who know it will be able to establish a end-to-end encrypted communication channel.

9. What if the password or shared secret used for creating a chat group is exposed or leaked?

   In such scenario, there is no need to panic. Since the group exists virtually, no messages are stored anywhere to retrieve. If some unknown person gets connected to your group, that person's profile will be listed in Mesh and you will be able to see the profile details. You can also find the person's IP address in the profile viewer if that person is using peer-to-peer profile.

   If you find unknown person in the group, just change the group password from chat properties or leave the group and create another group with same name but different password, and notify the original group participants of the new password via email or private chat.

10. Which encryption algorithms are used to secure communication?

    AES with 256-bit key is primarily used to encrypt the data between peers. The key exchange is done using Diffie-Hellman (DHE-2048) algorithm in a secure handshake protocol during which peers exchange ephemeral public key info, encrypted profile details and encryption keys for AES. Authentication is provided by RSA-2048 based key pair using the user Id for public key verification.

11. Why Mesh is not using SSL/TLS protocol for peer-to-peer connections?

    SSL/TLS protocol exchanges the client and server certificates during the handshake process in clear text. To protect the identity and personal information of people using Mesh, it was necessary to design a secure handshake protocol similar to TLS.

    The protocol used in Mesh requires the connecting peer to know chat group name/user Id and password. During the protocol handshake, an ephemeral public key exchange is done to establish an end-to-end encrypted communication channel. After establishing an encrypted channel, the peers exchange profile details through it and verify the profile using user id as well as the ephemeral public key & handshake parameters that were exchanged to verify identity and make sure there is no man-in-the-middle.

    The protocol thus protects users from disclosing the profile details to passive attackers over the network.

12. How can I trust Mesh that its not having any backdoor?

    Mesh code is open source and available to anyone under GNU GPLv3 license on GitHub. You can download, inspect and compile the source code yourself and use it to be sure.

13. Does Mesh provide Perfect Forward Secrecy (PFS)?

    Yes, Mesh uses Diffie-Hellman (DHE) algorithm to provide Perfect Forward Secrecy (PFS).

14. Which Key Derivation Function (KDF) is used by Mesh?

    Mesh uses PBKDF2 function defined in RFC 2898 with HMAC-SHA256 as pseudorandom function to generate a secure password for the encrypting profile data on user's computer.

15. Does Mesh implement Authenticated Encryption (AE)?

    Yes, Mesh uses HMAC-SHA256 to authenticate the encrypted data in Encrypt-then-MAC (EtM) mode.

16. What are the system requirements to install Mesh?

    Mesh can currently be used only on Windows platform.

    On Windows, .NET Framework v4.6.1 is required to run it and the setup installer will automatically install .NET Framework if its not present on your computer. For Portable App, you will need to manually install .NET Framework for running Mesh as a portable app.