HiveMind-core icon indicating copy to clipboard operation
HiveMind-core copied to clipboard
verified publisher icon JarbasHiveMind

Enforce crypto

Open ChanceNCounter opened this issue 5 years ago • 1 comments

To End User-proof Hivemind, I think we should go beyond "on-by-default" and require users to go the extra mile to connect devices without encryption. The spirit of #1 could be extended to whitelist not only actions but also unencrypted connections, or users could simply be obligated to go in and add the devices via terminal. Whatever the case, you've gotta prove you know what you're doing before you do it without the fez on, because the implications are staggering.

Toward that end, autodiscovery should:

  • Prompt to verify, probably at both ends
  • Generate random AES keys (it's just a lot of bits)
  • Exchange keys
  • Disconnect and reestablish (if something went wrong, fail right away, not the next time I try to connect when I've already done a bunch of config or whatever)

ChanceNCounter avatar Nov 10 '20 07:11 ChanceNCounter

key exchange work has started here https://github.com/JarbasHiveMind/poorman_handshake

JarbasAl avatar Jan 20 '21 13:01 JarbasAl