Download
The following links have been provided to download the software. All downloads contain the source code, which is all that is needed to run the program locally in the browser. In the event of this site being taken down you can still find the files by searching on Freenet. For now, software questions, feedback and suggestions can be made on GitHub.
Important:
It is absolutely critical to verify the downloaded file. This is to prevent anyone from intercepting the file download and serving you a modified version of the source code with weakened/broken encryption. To prevent against accidental file corruption you can verify the downloaded file's integrity using the file hashes. You should also verify the authenticity of the file by verifying the GnuPG signature. See our guide for how to verify the signature.
While this signature is not secure against quantum computers, it will be secure until there is one that can break 4096 bit RSA. Since the NSA are not likely to publish a press release when they have a functioning quantum computer and tip everyone off to their new capability, it is always worth it read and verify the source code yourself before using it. If you cannot do that yourself, ask someone that you trust and who is knowledgeable in web programming and cryptography. It can also help to download it from multiple sources and compare the hash digests. If you have reason to believe you may be under close surveillance, you can try avoiding targeted attacks by downloading it via Tor, I2P or Freenet.
For stronger verification of our public key you should also confirm the public key is a match on onename.com/joshua_m_david and keybase.io/joshua_m_david. Both of these identies are published on the Bitcoin blockchain. Do not rely on what you see on the websites alone which is only protected by TLS and can be easily altered in real-time by the Five Eyes agencies. Make sure you download the client apps to verify the public keys on the blockchain.
Please also see and verify our warrant canary for each release using the same GnuPG signature listed below.
Jericho Comms version 2.0.0 downloads (for Firefox or Chromium based browsers)
This is a major update to add encryption to the client-server network traffic so it looks entirely like random noise.
Changes in v2.0.0- New client-server protocol with zero meta-data, all traffic is entirely encrypted and authenticated to look like random data is being sent in varying sizes. See the network protocol for changes here.
- Initial preparation done at the network protocol level for handling multi-part/multi-pad messages (next release will work on client side logic for that).
- Changed the server installation scripts to be built for Debian (this was tested to be working fine on Debian 11). It should still also work on Ubuntu server as it's similar commands (but currently untested). The reason for this was mainly that Debian is a pure open source effort, whereas Ubuntu is more commercially based and run by a company.
- Reworked the PHP code to be more structured and organised.
- NB: For future releases, the plan is to release things in smaller chunks as they are ready, so maybe not so many big changes at once, then hopefully there is not a large amount of time between releases.
Mirror | Program download | Signature |
---|---|---|
Mega | jericho-comms-v2.0.0.tar.xz | jericho-comms-v2.0.0.tar.xz.asc |
This site | jericho-comms-v2.0.0.tar.xz | jericho-comms-v2.0.0.tar.xz.asc |
Mirror | White paper | Signature |
---|---|---|
Mega | jericho-comms-v2.0.0.pdf | jericho-comms-v2.0.0.pdf.asc |
This site | jericho-comms-v2.0.0.pdf | jericho-comms-v2.0.0.pdf.asc |
Mirror | Warrant canary | Signature |
---|---|---|
MEGA | warrant-canary.txt | warrant-canary.txt.asc |
This site | warrant-canary.txt | warrant-canary.txt.asc |
GnuPG signing key details for authenticity verification | |
---|---|
Key server 1 | https://keys.openpgp.org/search?q=CF3F79EE011459BA0A599E9CDC768471C467B6D0 |
Key server 2 | https://keyserver.ubuntu.com/pks/lookup?search=0xdc768471c467b6d0&fingerprint=on&hash=on&op=get |
Key ID | DC768471C467B6D0 |
Fingerprint | CF3F 79EE 0114 59BA 0A59 9E9C DC76 8471 C467 B6D0 |
Public key from this site | pubkey.txt |
File hash of jericho-comms-v2.0.0.tar.xz for integrity verification | |
---|---|
SHA2-384 digest | fcdffeb7bbe63db0889b14557084441cf0b1ef34df04db8ad25c529cfbb7392b221847fd2bc0f63ef96a10405f8e07ce |
Jericho Comms version 1.5.4 downloads (for Firefox or Chromium based browsers)
This is an interim update to mainly add compatibility for Ubuntu Server 18.04.x LTS and PHP 7.2.x which is the packaged version on this version of Ubuntu.
Changes in v1.5.4- Added UTF-8 international language support for sending/receiving messages including correct counting of bytes when sending messages. In the past few years a right wing / authoritarian shift has been observed in a lot of countries so now is the time to fix this limitation and allow any languages to be used with the program.
- When users in a group are running low on one-time pads, the UI will now show their number in orange to let other users know they are low and that they should switch to a second set of pads (or exchange more pads soon). The UI will also go red if they completely run out of pads indicating that the user cannot send any more messages.
- Improved the TRNG extraction process to show if there are stuck/repeating pixels in the same location in both images.
- Improved the TRNG to provide a final recommendation on whether the final output is worth using or not for one-time pads.
- Improved server installation script to use the latest Long Term Support version of Ubuntu, harden the Apache configuration, use NTPsec instead of regular NTP, reduce metadata leakage about the installation, automate the addition of other groups on the server and other general improvements.
- Changed the server code to use PostgreSQL instead of MySQL as it is a proper open source product and more reliable database.
- Converted the app to a single page application and reorganised the code, which will be useful handling different chats and decrypting data later on.
Mirror | Program download | Signature |
---|---|---|
Mega | jericho-comms-v1.5.4.tar.xz | jericho-comms-v1.5.4.tar.xz.asc |
This site | jericho-comms-v1.5.4.tar.xz | jericho-comms-v1.5.4.tar.xz.asc |
Mirror | White paper | Signature |
---|---|---|
Mega | jericho-comms-v1.5.4.pdf | jericho-comms-v1.5.4.pdf.asc |
This site | jericho-comms-v1.5.4.pdf | jericho-comms-v1.5.4.pdf.asc |
GnuPG signing key details for authenticity verification | |
---|---|
Key server | x-hkp://pool.sks-keyservers.net |
Key ID | DC768471C467B6D0 |
Fingerprint | CF3F 79EE 0114 59BA 0A59 9E9C DC76 8471 C467 B6D0 |
Public key from this site | pubkey.txt |
Public key on blockchain at onename.com | https://onename.com/joshua_m_david |
Public key on blockchain at keybase.io | https://keybase.io/joshua_m_david |
Current warrant canary | warrant-canary.txt |
Current warrant canary GPG signature | warrant-canary.txt.asc |
File hash of jericho-comms-v1.5.4.tar.xz for integrity verification | |
---|---|
SHA2-384 digest | ddb904257ca106110d8cdbc8bbcbbb2a54d14266c3c4e39dc5a4c7dd6850d58309645e17cb6b382a5f0c21b27ea72c54 |
Jericho Comms version 1.5.3 downloads (for Firefox or Chromium based browsers)
This update adds compatibility for Ubuntu Server 16.04.x and PHP 7.0.x. Also a simple automated script to install and configure the server software was added to limit the amount of manual configuration required.
The server changes are compatible with the previous version 1.5.2.
Changes in v1.5.3- Improved the server installation instructions.
- Added PHP 7 compatibility in the Skein-512 PHP extension.
- Added PHP 7 compatibility in the server API code and unit tests.
- Added a server side bash script to automate the installation of dependencies, setup the server API, perform the basic configuration, generate a server key and run the unit tests.
Jericho Comms version 1.5.2 downloads (for Firefox or Chromium based browsers)
This update mainly improves the information-theoretic security of the TRNG and the security of the one-time pad database for transport.
This release may also be the last version before version 2.0 where the program will need to be converted to a single page application so that the one-time pads can be encrypted at all times in client side storage and decrypted only as needed. This will be a considerable amount of work so there may be a longer delay leading up to the 2.0 version.
Some of the changes will make it backwards incompatible with version 1.5.1. You will need to replace the client code and generate new one-time pads.
Changes in v1.5.2- Improved TRNG algorithm to be have better information-theoretic security and remove reliance on imperfect hash based primitives, see the improved design.
- Improved the cascade construction of the PBKDF which is used when encrypting the one-time pads for transport, see the improved design.
- Ability to test and export random data from all stages of the TRNG process.
- Ability to view black and white bitmaps and also colour bitmaps of the random data in all stages.
- Ability to capture images from a connected webcam.
- Ability to combine exported random data from multiple photos together into a single large file.
- Improved the whitepaper and usage instructions.
Jericho Comms version 1.5.1 downloads (for Firefox or Chromium based browsers)
This update mainly makes the client and server more resilent to attack and recovers automatically from network dropouts or disconnections.
Some of the changes will make it backwards incompatible with version 1.5. You will need to replace the client code, the server code and generate new one-time pads. If you want to keep using your existing one-time pads that you have already shared with your chat partners and it is too much hassle to create and share new ones, then keep using version 1.5 for now. Please make a request on the GitHub issue list and we will prioritise creation of a small script to convert the one-time pads from 1.5 format to 1.5.1.
Changes in v1.5.1- Made the client more resilient to network dropouts by automatically reconnecting and on continued failure it backs off exponentially.
- Added a failsafe CSPRNG for the clients in case there is a failure in the Web Crypto API or the browser.
- Strengthened the API code against timing attacks by adding randomness from /dev/urandom into each Double HMAC validation calculation.
- Changed the timing that other clients are considered as online from 3 minutes to 5 minutes.
- Made the main website responsive so it is more easily viewable on mobile devices.
- Added a list of references to the white paper and technical documentation and improved the quality in general.
Jericho Comms version 1.5 downloads (for Firefox or Chromium based browsers)
There are quite a few large changes in this release which is why it has taken almost a year to develop. With the uncertainty surrounding the future of Truecrypt, which was most likely a triggered warrant canary or dead-mans switch, the main change in this release was the cascade encryption and authentication of the one-time pad database to protect the one-time pads with a strong passphrase when they are transported. You should of course continue to use version 7.1a of TrueCrypt if you need the plausible deniability features that a hidden volume offers. TrueCrypt version 7.1a has had a reasonably clean bill of health after an audit of the code.
Many of the changes will make it backwards incompatible with version 1.41. You will need to replace the client code, the server code and generate new one-time pads. If you want to keep using your existing one-time pads that you have already shared with your chat partners and it is too much hassle to create and share new ones, then keep using version 1.41 for now. Please make a request on the GitHub issue list and we will prioritise creation of a small script to convert the one-time pads from 1.41 format to 1.5.
Changes in v1.5- Renamed the program to Jericho Comms.
- Cascade cipher encryption and authentication of the one-time pad database for transport, see technical design information.
- Added functionality for clients to automatically send decoy messages at random intervals to hinder traffic analysis.
- The auto nuke command is now sent covertly via the secure and authenticated message channel rather than as a separate API request.
- Added desktop alert notifications for incoming chat messages so users can see they have a new message when the browser is not in focus.
- Base64 encoded the server protocol data packets in preparation of the v2.0 release which will encrypt all meta data.
Jericho Chat version 1.41 downloads (for Firefox or Chromium based browsers)
This version fixed a small bug in the user interface. This version is compatible with v1.4 and v1.3.
Changes in v1.41- Modified the Export dialog on the TRNG pages to make the Test Connection functionality work properly again.
Jericho Chat version 1.4 downloads (for Firefox or Chromium based browsers)
This version modified the main TRNG algorithm after a review of the design and also added ability for you to upload your own random data into the program, which is then split into multiple one-time pads for use with the program.
Changes in v1.4- Modified TRNG algorithm.
- Added ability to load custom random data into the program.
Jericho Chat version 1.3 downloads (for Firefox or Chromium based browsers)
This version has had a major overhaul of the code. Many of the changes will make it backwards incompatible with version 1.2. You will need to replace the client code, the server code and generate new one-time pads. If you want to keep using your existing one-time pads that you have already shared with your chat partners and it is too much hassle to create and share new ones, then keep using version 1.2 for now. Please make a request on the GitHub issue list and we will prioritise creation of a small script to convert the one-time pads from 1.2 format to 1.3.
Changes in v1.3- New TRNG using shot noise from a digital camera.
- Added group chat functionality, users can now communicate in a group of 2 - 7 people.
- Added a secure server API authentication protocol to remove reliance on TLS for connecting with the API.
- Removed HMAC in message authentication and the MAC now uses Skein or Keccak in a secure construction.
- Reduced reliance on any NSA algorithms by removing SHA2 for message authentication.
- Increased maximum message size to 115 bytes/characters.
- Shortened the message length field and timestamp field.
Jericho Chat version 1.2 downloads (for Firefox or Chromium based browsers)
Changes in v1.2- Renamed the program to Jericho Chat to simplify the name.
- Source code is now licenced under GPL version 3.
- Reworked the entropy collector and randomness extractor to be more secure after a review of the design.
- Removed SHA-2 from the randomness extractor.
- Added more display outputs and clarity to entropy collection process.
- Added more test result outputs to give confidence in the randomness tests.
- Hyperlinks in sent chat messages are now converted to clickable links just like received messages.
Jericho Encrypted Chat version 1.1 downloads (for Firefox or Chromium based browsers)
Changes in v1.1- Server and client installation guide completed.
- Words now wrap properly within message display.
- URL links sent in chat are shortened and turned into clickable hyperlinks for the other user.
- Long words that are too wide for the window can now be viewed with scroll bar.
- Added validation checking for message length, MAC and timestamp to be within acceptable ranges.