espadrine
commented
8 years ago I feel like a passwordless design would work nicely here.
Instead of generating a room with a random name, here is the process:
- Generate securely random 256-bit secret stored on disk upon first installation
- When sharing your screen, “Who do you want to give your computer access? [email input]”
- Input email address, click “Send”
- Generate a JWT containing the email address, secured with the installation secret, have the website send a secure email with a link to the website and the JWT as a query parameter
- The website sends the JWT to the host during signaling, and the host verifies the JWT
- The guest and the host start communicating directly (unless the JWT's signature was invalid)
If the host gets a JWT that it verified, it knows that it generated it, so that it could only come from the email account whose address is in the JWT.
This design would be safer than user-generated passwords, the two most sensitive points being:
- the initial generated secret stored on-disk. However, if that is accessible to a malevolent party, that party can already control your computer, so it is useless to them.
- the website. Obviously, if the server gets hacked, it can skip sending the email, and tell the host that the email account holder correctly proved that it controls the email account, even though that is not true.
I wanna add a password feature to invites. Currently anyone with your invite code can control your computer.
when you create an invite it should ask if you wanna password protect it
if you choose yes, you have to enter a password.
we then use the password to AES encrypt the SDP before it gets uploaded to the lobby
If you don't specify a password you should a clear warning like 'Anyone with this room name will be able to join and see your screen'