Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enforce crypto #13

Closed
ChanceNCounter opened this issue Nov 10, 2020 · 1 comment · Fixed by #64
Closed

Enforce crypto #13

ChanceNCounter opened this issue Nov 10, 2020 · 1 comment · Fixed by #64

Comments

@ChanceNCounter
Copy link
Contributor

To End User-proof Hivemind, I think we should go beyond "on-by-default" and require users to go the extra mile to connect devices without encryption. The spirit of #1 could be extended to whitelist not only actions but also unencrypted connections, or users could simply be obligated to go in and add the devices via terminal. Whatever the case, you've gotta prove you know what you're doing before you do it without the fez on, because the implications are staggering.

Toward that end, autodiscovery should:

  • Prompt to verify, probably at both ends
  • Generate random AES keys (it's just a lot of bits)
  • Exchange keys
  • Disconnect and reestablish (if something went wrong, fail right away, not the next time I try to connect when I've already done a bunch of config or whatever)
@JarbasAl
Copy link
Member

key exchange work has started here https://github.com/JarbasHiveMind/poorman_handshake

@JarbasAl JarbasAl mentioned this issue Jan 20, 2021
Closed
@JarbasAl JarbasAl mentioned this issue Jun 15, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

tornado JarbasHiveMind/HiveMind-core
handshake JarbasHiveMind/HiveMind-core
2 participants
@ChanceNCounter @JarbasAl