-
Notifications
You must be signed in to change notification settings - Fork 20
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Verify files to detect (malicious) data changes #3
Comments
doesn't TCP already support CRC checksums? should we really need to verify it ourselves? |
You are right. I was initially thinking about cryptographic hash functions like sha256, to guard against malicious changes to files. Actually, the current random fingerprint in the announcement, could be the self signed certificate fingerprint. This way it's possible to verify who the file is send to and guard against MITM attacks. And if the certificate is persistent, it's possible to remember known devices. |
Looks like v2 (PR #5) will set fingerprint to the certificate hash, which will make it harder to impersonate and maliciously change files at transmission once this is implemented. |
I'll close this for now. Feel free to reopen. |
At point
3.1 Send Request (Metadata only)
a checksum for each file could be send along, to enable the recipient to verify the file. Depending on the algorithm used and file size this could take a while to compute both before send and after receiving. I think this should be an optional preference (globally or before each send) and cancelable (on the receiving side), so it doesn't impact users with for example big files or slow phones.The text was updated successfully, but these errors were encountered: