search

holepunchto / hyperswarm

A distributed networking stack for connecting peers.
https://docs.holepunch.to
MIT License
1.06k stars 85 forks source link

Is authentication needed? #86

Closed LuKks closed 2 years ago

LuKks commented 2 years ago

Can I rely on a really long and unique topic as a way of authentication? Or maybe someone could somehow emit a 'connection' event in the hyperswarm instance without knowing the topic?

This question is because I would like to use noise-peer, it would be cool if the server doesn't need to know any public key of any client and also it would be nice if the client doesn't need to know the public key of the server.

Basically: hyperswarm + noise-peer like the secure UPPERCASE echo server with a unique topic as a way of authentication, is it absolutely secure?

https://github.com/emilbayes/noise-peer/issues/11

LuKks commented 2 years ago

Based on what I read, topics can be observed so it doesn't make sense to rely on the topic for authentication.

I will continue this comment in the noise-peer issue where is actually more related.