autobahn-js icon indicating copy to clipboard operation
autobahn-js copied to clipboard

Published 20 hours ago verified publisher icon crossbario

Document security of XBR in Autobahn

Open oberstet opened this issue 6 years ago • 1 comments

AutobahnJS supports and uses cutting edge secure technology, for authentication, and (upcoming) for XBR (end-to-end data transaction level encryption).

ABJS supports WAMP-cryptosign, an authentication method based on Curve25519 elliptic curves and authentication algorithms (Ed25519) designed by djb:

  • https://en.wikipedia.org/wiki/Curve25519
  • http://safecurves.cr.yp.to/
  • https://nacl.cr.yp.to/

Now, in ABJS we use this specific (pure JS) implementation of above stuff:

  • https://github.com/dchest/tweetnacl-js
  • https://tweetnacl.js.org/

This implementation (TweetNaCl) has recently be going through a security audit with no single security issue or problem found!

  • https://tweetnacl.js.org/audits/cure53.pdf
  • https://cure53.de/
  • http://deletype.com/

oberstet avatar Aug 23 '18 05:08 oberstet

further, as XBR relies on the same underlying cryptography, we should document above here in ABJS

oberstet avatar Aug 23 '18 05:08 oberstet