sanctuary-zero icon indicating copy to clipboard operation
sanctuary-zero copied to clipboard

Published 20 hours ago verified publisher icon gridhead

inconsistency in chatroom ID generated at client side

Open adhyay2000 opened this issue 3 years ago • 7 comments

Since the chatroom generated on new user login are generated at random. there may occur a clash, In such an event two users may land up in the same chatroom without explicitly joining. To create such a condition try replacing the function randgene in cnew.py to give a constant chatroom ID. Possible solution can be generating the chatroom ID from server side. Please correct, if I am wrong.

adhyay2000 avatar Oct 16 '20 05:10 adhyay2000

Possible solution can be generating the chatroom ID from server side. Please correct, if I am wrong.

That is a very intelligent solution to the problem. We would want to do that so that the server would create and send an ID which has not been created before. Albeit the chances of having a clash is very small (about 1 in 4,294,967,296) but it is never zero. This is a valid issue. Would you want to work on it?

gridhead avatar Oct 16 '20 05:10 gridhead

A possible solution could be changing the ID generation algorithm. Maybe using, for example, sha256 for generating new ids? Of course that would make the chatroom id a lot more tedious to share, but it would lower the clashing probabilities by a lot.

adanielpincab avatar Oct 16 '20 07:10 adanielpincab

I had that concern previously too. The uniqueness of SHA256 is impressive (about 1 in 340,282,366,920,938,463,463,374,607,431,768,211,456) but this comes at the cost of having to share a 32 characters long string as the chatroom identity. Already, the Fernet password is nearly as long so we could do with some lesser length but greater control at the server's end.

gridhead avatar Oct 16 '20 07:10 gridhead

Possible solution can be generating the chatroom ID from server side. Please correct, if I am wrong.

That is a very intelligent solution to the problem. We would want to do that so that the server would create and send an ID which has not been created before. Albeit the chances of having a clash is very small (about 1 in 4,294,967,296) but it is never zero. This is a valid issue. Would you want to work on it?

Yes, you can assign it to me

adhyay2000 avatar Oct 16 '20 09:10 adhyay2000

There you go. @adhyay2000. I have assigned this issue to you.

gridhead avatar Oct 16 '20 15:10 gridhead

I have modified the code to have a server side verification and registration. The server also maintain a list of available chatrooms that can be used to restrict the same named chatroom.

adhyay2000 avatar Oct 20 '20 17:10 adhyay2000

please review the code and provide feedback.

adhyay2000 avatar Oct 20 '20 17:10 adhyay2000