You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Implement a secure method for transferring any data over the internet using Time-Based One-Time Password (TOTP) for encryption. The goal is to make it easier to securely transfer ephemeral data to specific peers via the public ipfs peer swarm without compromising security, and without needing to manually transfer key files.
Background
Currently, the size of certain data, like private libp2p keys, makes it difficult to encode them into a manageable QR code. Transferring the data via the public internet is not secure, and we want to avoid users needing to physically move data around with a flash drive.
Proposed Solution
Use the existing TOTP infrastructure to create rolling pubsub encryption. The room name would be the seed encrypted with itself, and the password would be the current TOTP code. The user only needs to transfer the seed to migrate to a new device, assuming the two devices can communicate via Kubo/libp2p. The seed is short enough to display in a QR code or to write down by hand.
To address potential issues with this approach, we propose the following solutions:
Timing
Attempt decryption with the previous and current TOTP codes to handle the timing issue. This would comfortably cover when the code changes during transit and may still be encrypted with the previous code.
Security
Double encrypt the private seed and use it as the pubsub room name to make it difficult for an attacker to guess the correct room. Use the seed as the salt and/or append it to the TOTP code to add an additional layer of security. It's crucial to ensure that the seed is securely stored and handled.
Tasks
Design the user interface and user experience for the TOTP approach.
Implement the TOTP approach in OwlCore.Kubo.
Test the implementation to ensure it works as expected and is secure.
Document the new feature and educate users on how to use it and the security implications.
Acceptance Criteria
Users can securely transfer any data over the internet using the TOTP approach.
The new feature is easy to use and does not require users to physically move data around.
The implementation is secure and does not compromise the transferred data.
The text was updated successfully, but these errors were encountered:
Arlodotexe
changed the title
Secure and portable pubsub encryption via Time-Based One-Time Password (TOTP)
Secure and portable rolling pubsub encryption via Time-Based One-Time Password (TOTP)
Jul 10, 2023
Worth noting that this is only valuable for long-lived pubsub connections, not one-time temporary connections that establish a second communication channel (like mutually observed ipns addresses as seen in Nomad).
Objective
Implement a secure method for transferring any data over the internet using Time-Based One-Time Password (TOTP) for encryption. The goal is to make it easier to securely transfer ephemeral data to specific peers via the public ipfs peer swarm without compromising security, and without needing to manually transfer key files.
Background
Currently, the size of certain data, like private libp2p keys, makes it difficult to encode them into a manageable QR code. Transferring the data via the public internet is not secure, and we want to avoid users needing to physically move data around with a flash drive.
Proposed Solution
Use the existing TOTP infrastructure to create rolling pubsub encryption. The room name would be the seed encrypted with itself, and the password would be the current TOTP code. The user only needs to transfer the seed to migrate to a new device, assuming the two devices can communicate via Kubo/libp2p. The seed is short enough to display in a QR code or to write down by hand.
To address potential issues with this approach, we propose the following solutions:
Timing
Attempt decryption with the previous and current TOTP codes to handle the timing issue. This would comfortably cover when the code changes during transit and may still be encrypted with the previous code.
Security
Double encrypt the private seed and use it as the pubsub room name to make it difficult for an attacker to guess the correct room. Use the seed as the salt and/or append it to the TOTP code to add an additional layer of security. It's crucial to ensure that the seed is securely stored and handled.
Tasks
Acceptance Criteria
The text was updated successfully, but these errors were encountered: