- **Encrypted text messaging over LoRa** at 433 MHz, AES-256 in CTR mode, with HMAC-SHA256 message authentication.
- **Diffie-Hellman key exchange (Curve25519)** so the long-term shared secret is never transmitted, never stored on memory in plaintext, and never reused between sessions.
- **Pairing over ESP-NOW**, a short-range link used only at first introduction. The plaintext public keys and MAC are exposed only to anything within roughly 100 metres line-of-sight in that brief window.
- **At-rest hardening**: the remote device's MAC is persisted only as a salted SHA-256 digest. A flash dump alone does not yield the peer identity or a usable HMAC input.
- **Replay and tamper resistance** through random 16-byte IVs per packet and HMAC verification on every frame, including ACKs.
- **Brute-force lockout**: 10 consecutive HMAC failures permanently lock the device until the operator resyncs keys.
- **Reliable delivery** via a 3-attempt retry loop with 2 second ACK timeout per attempt.
- **Local UI**: 128x64 OLED with 20-line scrollback, full QWERTY input via CardKB, scroll using Up/Down keys, dedicated Fn+K key combination to re-pair.
- **Open-source hardware and software**: 3D-printed enclosures, custom PCBs, and user-friendly interface. Ideal for secure field communication, prototyping, or educational projects, 3NCRYP2P demonstrates robust wireless security and practical embedded design.