ViralJS icon indicating copy to clipboard operation
ViralJS copied to clipboard

Published 20 hours ago verified publisher icon PixelsCommander

Add checksum / signature for content delivered from server to prevent fake nodes from sending fake content

Open qgustavor opened this issue 9 years ago • 3 comments

Are data being checked in order to prevent bad nodes from sending other peers invalid or corrupted data? Also, if it is implemented or if it will be implemented: how it works (or will work)?

For the demo seems HTTPS isn't being used. It can improve security and will allow some new Web Platform features to be used, like Service Workers.

qgustavor avatar Jul 30 '16 19:07 qgustavor

Valid points, there is a huge place for improvement in terms of security. There should be a signature/checksum for content delivered.

HTTPS would not help since data transfer happens over WebRTC and it is secured pretty well on protocol level.

PixelsCommander avatar Aug 01 '16 12:08 PixelsCommander

If you want to use WebCrypto (and get better crypto performance) then you will need HTTPS.

qgustavor avatar Aug 01 '16 14:08 qgustavor

Using a checksum/hash sent by the orchestrating server against the application content would go a long way... derived byte based on pbkdf2 would work. There's also HMAC...

https://github.com/diafygi/webcrypto-examples#pbkdf2---derivebits

http://caniuse.com/#feat=cryptography

tracker1 avatar Aug 02 '16 00:08 tracker1