Add checksum / signature for content delivered from server to prevent fake nodes from sending fake content #5
Comments
|
Valid points, there is a huge place for improvement in terms of security. There should be a signature/checksum for content delivered. HTTPS would not help since data transfer happens over WebRTC and it is secured pretty well on protocol level. |
PixelsCommander
changed the title
|
If you want to use WebCrypto (and get better crypto performance) then you will need HTTPS. |
|
Using a checksum/hash sent by the orchestrating server against the application content would go a long way... derived byte based on pbkdf2 would work. There's also HMAC... https://github.com/diafygi/webcrypto-examples#pbkdf2---derivebits |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Are data being checked in order to prevent bad nodes from sending other peers invalid or corrupted data? Also, if it is implemented or if it will be implemented: how it works (or will work)?
For the demo seems HTTPS isn't being used. It can improve security and will allow some new Web Platform features to be used, like Service Workers.
The text was updated successfully, but these errors were encountered: