unpluggeddroid's People
unpluggeddroid's Issues
Key Sharing UX
We are using PGP to encrypt messages. Thus we must address the issue of key sharing. Public keys are long strings, which are usually hashed into a 40 characters. For acceptable security, two parties usually share the last 16hex characters. The problem isn't transferring the keys, but ensuring that the key you have for the other party truly belongs to them. This typically requires to users to physically compare letters on their screens or through verbal repetition. This sucks, so we want to find something easier.
I propose three strategies corresponding to different levels of security and require different user interaction.
- Unsigned key downloaded from somewhere: Low security, no user input. Key is downloaded from a keyserver in the background. User is not required to do anything, but should know that the current setup is not ideal.
- Keys are automatically exchanged with those nearby: Medium security, no user input. Using the edgenet, people who talk to each other through the app share their public keys. User is not required to do anything but because man in the middle (MITM) attack is feasible, they should be notified that current setup is still not ideal. In the long term, there could be more degrees of security as MITM is less likely if pair have met in person many many times.
- Keys are verified manually:
- The simplest would be to require the traditional visual verification. Display a QR code. Mutate the fingerprint into an image, etc.
- Alternatively, or, additionally, we could again use the edgenet along with something like signal strength to instructor users to get very close to each other and press a confirmation button.
ChatActivityTest
Both current tests in ChatActivityTest work independently (the other commented out), but they fail when together. I've tried a bunch of solutions and running them together always seems to cause DB inconsistencies or prevent the Instrumentation from starting correctly.
OpenPGPBridgeServiceTest
Unable to really test this Service. Primary problem is that binding to the API is asynchronous and can't find a good way to wait for bind to run tests.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.