Comments (6)
I think I'll need to study this here: https://signal.org/docs/
At the moment our system is totally scuffed and should not be trusted. How did I think this was a working solution.
My monkey brain probably went like "Ooh ooh ahh ahh SSH use RSA - RSA secure as fuck"
from netchat.
TLS without using a trusted third party would have the same problem.
from netchat.
The server could be evil too, as it controls the public RSA keys of other users. It would be extremely easy to craft a server that MITMs the RSA keys and thus would break "end to end encryption".
from netchat.
But that's what this project is for - me learning how stupid I am when it comes to crypto...
Hopefully, we'll get to something that can at least kind of be trusted in the future.
from netchat.
Here's more material to read: https://security.stackexchange.com/questions/237263/rsa-key-exchange
from netchat.
Also what if the RSA private key gets leaked somehow? At the moment I'm using the same key pair for ID and for encryption. This is brutally wrong. We'll need some kind of rekeying. I wonder how OpenSSH does that though... I mean they pretty much have the same problem as we have when it comes to leaked private rsa keys. Their files seem to be named id_rsa for some good reason. Time to deep dive into OpenSSH's encryption too...
from netchat.
Related Issues (1)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from netchat.