GithubHelp home page GithubHelp logo

unpluggeddroid's People

Contributors

gounplugged avatar marvinmarnold avatar timvanginderen avatar

Stargazers

avatar avatar avatar

Watchers

avatar avatar avatar

Forkers

marvinmarnold tioe timvanginderen vaginessa

unpluggeddroid's Issues

Key Sharing UX

We are using PGP to encrypt messages. Thus we must address the issue of key sharing. Public keys are long strings, which are usually hashed into a 40 characters. For acceptable security, two parties usually share the last 16hex characters. The problem isn't transferring the keys, but ensuring that the key you have for the other party truly belongs to them. This typically requires to users to physically compare letters on their screens or through verbal repetition. This sucks, so we want to find something easier.

I propose three strategies corresponding to different levels of security and require different user interaction.

  • Unsigned key downloaded from somewhere: Low security, no user input. Key is downloaded from a keyserver in the background. User is not required to do anything, but should know that the current setup is not ideal.
  • Keys are automatically exchanged with those nearby: Medium security, no user input. Using the edgenet, people who talk to each other through the app share their public keys. User is not required to do anything but because man in the middle (MITM) attack is feasible, they should be notified that current setup is still not ideal. In the long term, there could be more degrees of security as MITM is less likely if pair have met in person many many times.
  • Keys are verified manually:
    • The simplest would be to require the traditional visual verification. Display a QR code. Mutate the fingerprint into an image, etc.
    • Alternatively, or, additionally, we could again use the edgenet along with something like signal strength to instructor users to get very close to each other and press a confirmation button.

ChatActivityTest

Both current tests in ChatActivityTest work independently (the other commented out), but they fail when together. I've tried a bunch of solutions and running them together always seems to cause DB inconsistencies or prevent the Instrumentation from starting correctly.

OpenPGPBridgeServiceTest

Unable to really test this Service. Primary problem is that binding to the API is asynchronous and can't find a good way to wait for bind to run tests.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.