search

database64128 / shadowsocks-go

A versatile and efficient proxy platform for secure communications.
GNU Affero General Public License v3.0
152 stars 20 forks source link

psk vs uPSKs #27

Closed ttc0419 closed 2 years ago

ttc0419 commented 2 years ago

What are the differences between psk and uPSKs? When to use which?

database64128 commented 2 years ago

In README, https://github.com/database64128/shadowsocks-go#1-shadowsocks-2022-server:

For servers without any user PSKs (single-user mode), the psk field specifies the PSK. When one or more user PSKs are specified, the psk field specifies the identity PSK.

See also: #20

ttc0419 commented 2 years ago

Thanks for the reply. But I'm still a bit of confused about the multiuser server part. I mean an AEAD Shadowrock server can handle multiple users just fine. Why do we use a uPSK for each user? And what is a relay server and its use case?

database64128 commented 2 years ago

Why do we use a uPSK for each user?

When a user's uPSK is compromised, we can just change that user's uPSK without affecting others.

The proxy traffic is encrypted using keys derived from the uPSK. So this also means any user cannot decrypt the proxy traffic of another user.

And what is a relay server and its use case?

In mainland China there are services that offer better international connectivity (higher throughput and lower latency at peak hours) than a typical residential ISP does. Many folks like to run a relay server on such services to improve user experience.