a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a aa a a a a a a a a a a a a a a a a a a a
Back to AboutAbout
About The Website
Crypto Basics
  • One-way hashing is an important concept behind some of the security and privacy features of the Aytwit website and Thoughter especially. Imagine Alice writes a secret on a piece of paper using a big marker, lays the paper on the ground, and lights it on fire. The ink causes the paper to burn in a special way compared to a plain piece of paper, but when Bob looks at the ashes he can't guess the original secret. Now imagine that Chris comes up and writes the same secret (secretly) on a second piece of paper and lights it on fire the exact same way as Alice. Physically impossible of course but you get the point. Bob can look at this second pile of ashes and confirm it looks identical to the first pile. Thus Alice and Chris can prove to Bob they know the same secret without showing the actual secret. One-way hashing is the mathematical equivalent of all that.
  • Symmetric Key Encryption is where you take plain text like the word "Hello", create an encryption key using (for example) a password, then through dark mathemagic use the key to encrypt the text so that it is indistinguishable from random noise. Maybe you end up with "pRhX". It will always be different depending on the key and you can't turn it back into the word "Hello" without the key. So unlike a one-way hash, you can take the paper ashes, cast a reversal spell with your wand (the key), and turn it back into the original piece of paper with the secret written on it.
  • Security Tokens are really big random numbers. So big that it's impossible to roll the same one twice. Well, if you made one roll every nanosecond you might get a duplicate before the Sun exploded. This makes them good secrets to give out. For example if you use Thoughter with email it attaches such a random token in a link to the first email it sends you after pushing a thought. When you click the link it gives Thoughter the token back, thus proving you own the address, because nobody else can provide that number unless they're spying on your email (or frantically rolling big dice enough times before the sun explodes). Another token (unlocked after verifying email) is used by Thoughter as the Symmetric Encryption Key for your data, and Thoughter stores the One-way Hash of the token in the database alongside your encrypted data. The hash lets us "match ashes" while not leaving a proverbial key in the door.
The Stack
Future Plans
  • Support more secure communication mediums beyond email, like encrypted messaging protocols and SMS. Thoughter for example can only use email for outgoing communication. It's very tricky to send messages through other identity providers like social media. Possible but tricky.
  • Move from a Virtual Private Server on DigitalOcean to actual physical hosting similar to Low-tech Magazine.
  • Perhaps add smoother integration of cryptocurrencies, especially for donations and the shop.
  • Add support for more than two people per thought on Thoughter.
  • Use SQLite instead of MySQL for all data storage. MySQL is overkill.
  • Implement Thoughter protocol v3 that encrypts/decrypts all sensitive at-rest data on clients.
  • Make a mobile app for Thoughter with thought match notifications and hashtag shortcuts.
  • Release Ikwyt publicly, the software verification engine running this whole site.
  • Get more physical contraptions under final development in our labs available for sale in the shop.