rclement
commented
3 years ago Thanks for the feature request! Indeed, it seems like a sensible addition to increase room security one step further.
Open franky47 opened 3 years ago
rclement
commented
3 years ago Thanks for the feature request! Indeed, it seems like a sensible addition to increase room security one step further.
While having the shared key in the hash part prevents Ephemere clients from sending it to your server, it does not prevent users from sharing the room URL on insecure channels, where the hash will be essentially in clear text.
For truly secure rooms, a separate form of authentication should be required, possibly in the form of a password from which a key that decrypts the room key can be derived.