Questions about encryption #63
Comments
rustdesk
added
invalid
|
Thank you very much for referencing the pertinent source code lines, I appreciate it. If I understand correctly, there is a secure connection from the clients/agents to the server. Hence, is the server decrypting the data received from the clients/agents before dispatching it to the other side (eg, agent -> server -> client) or is the data only decryptable by the clients/agents (ie, end-to-end encryption)? Also, could you please clarify what is the hash function and bits used by default? |
The server does nothing. About more details, please check my source code or https://crates.io/crates/sodiumoxide |
|
Ahhhh what you call "server" in the source code here is the agent, not the relay server, which is a separate repository (the server demo etc). So it's end-to-end encrypted, that's awesome! NaCl is an awesome choice! Could you please clarify what hashing function is used? I'm not a Rust nor NaCl dev, just a privacy hobbyist :-) |
Yes, I meant relay server, not https://github.com/rustdesk/rustdesk/blob/master/src/server.rs |
crypto_sign_ed25519 for signature creation and verification |
|
Awesome!!! Thank you VERY much for your clarifications! I would suggest to add on your website that the communications are end-to-end encrypted between the agents and clients, that's a great asset! Have a great day and thank you very much for your work! |
|
PS: Could you please add another non-recurring donation link (beside GitHub Sponsor, there's PayPal, Open Collective, crypto, etc)? I can't afford to have recurring donations but I'd like to send you a small donation as a token of my appreciation for your work :-) |
I will |
Thanks for your reminder. |
|
|
|
Done! Thank you very much! :D |
Hello,
First off, I would like to thank you for sharing your work under open-source. I have only recently discovered your great work and got some glimpses of the controversy surrounding the choice of going closed source for the fully-featured server. Although I certainly would wish that it would be open-sourced too, I am grateful that you already put efforts into providing a minimal server demo that can be used for self-hosting, and being an open-source developer myself, I can completely understand your choice to make this project a viable source of income to fund future maintenance and development, it's ultimately your time and your choice. You've made a great software you made that I would certainly recommend as an alternative of commercial (and completely closed source) alternatives such as TeamViewer, so you have all the rights to choose how you want to license your work.
That said, one thing that could extinguish all concerns would be the implementation of a cryptographically secure encryption, so that the servers can't decrypt the content of communications between the clients and agents. There are lots of libraries available nowadays to implement that easily and effortlessly. This wouldn't impair your intended business model at all, and in fact it can improve it by providing some additional guarantees. I read in your privacy policy that you are very mindful about minimizing data collection and usage, which is very honorable, but a technical guarantee would be even better. This could also potentially allow to list your software on privacy-aware softwares.
TL;DR: do you have any plan of implementing encryption in the future?
The text was updated successfully, but these errors were encountered: