SnakeJayd

Members
  • Posts

    3
  • Joined

  • Last visited

SnakeJayd's Achievements

New User

New User (1/3)

  1. Thanks. I had a search before starting this one, but I couldn't find them. Must have been doing it wrong. THis topic can be closed if an admin or mod comes across it.
  2. I had a similar worry and started another thread because I didn't find this one. My suggestion would be instead of just the secret which is the address, have another key which is the authentication token. I am not sure if it would work with the technology and how you have central authentication on a distributed service, but something like a a second key would dramatically increase the security, it is the basis for most security on the web, your email or username is the identifier like the secret is in this case, and the password is the authentication token. Again, I don't know how it would work in practice, but ideally it would be good to limit the users who can access a file. So in the extremely unlikely case that they stumble across the secret, they would still not have access and would then have to try brute force the authentication token to gain access. Would a designated list of rsa public keys work? The original host whitelists an rsa key, and it automatically propagates to the peers? Sorry if I am suggesting stupid things, I have only a vague idea of how this all works. Cheers
  3. Hi. I am really enjoying this service and am intending on using it with a small home server as a my own private unlimited dropbox service. I am a bit concerned about the secrets though. Maybe I understand them incorrectly, but it seems as though all you need to access someone's information is their secret, no secondary authentication token. For example, if the secret was the identifier or index linking you to the host then I would expect a second authentication step like a password or even something like an ssh key. Just have some way to limit the people who can access my data, other than whether or not they happen to stumble across my secret. Does that make sense or am I missing something? I realise that it could make the distributed aspect of the system tricky, with each client becoming a new host that then becomes responsible for authenticating, but a distributed whitelist or master password could solve this? Cheers SnakeJayd