cd ~
$ cat ~/security.md Hardened

Security

Our mission is to protect your privacy through proven cryptographic protocols and transparent security practices.

Cryptographic Protocols

PQXDH Key Agreement

Kursal uses the Post-Quantum Extended Diffie-Hellman (PQXDH) protocol to establish shared secrets when initiating conversations.

Double Ratchet + ML-KEM Braid

All message exchanges use the Double Ratchet algorithm, providing both forward secrecy and post-compromise security.

Vulnerability Disclosure

Security is at the core of Kursal. We encourage responsible disclosure of any vulnerabilities and are committed to addressing issues promptly.

siGithub General Issues

For bugs, feature requests, and non-security issues, please open an issue on GitHub:

siGithub Open GitHub Issue

Found a Vulnerability?

If you've discovered a security issue that might impact user privacy or safety, we'd greatly appreciate your help in reporting it.

Submit Vulnerability Report
  • Please provide detailed steps so we can reproduce and verify the issue.
  • We kindly ask for 90 days to release a fix before public disclosure.
  • We're a small team, but we'll try our best to acknowledge your report within 48 hours.

Our Commitment

  • Credit in our security acknowledgments (if desired)
  • Regular updates on our progress addressing the issue
  • Transparent communication throughout the process

Security Practices

Code Security

  • All code is open source and publicly auditable
  • Continuous dependency vulnerability monitoring

Infrastructure

  • All communications are end-to-end encrypted
  • Resistant decentralized network

For more details on our cryptographic implementation, read our technical paper or review the source code.