Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: use privacy-preserving webxdc addresses #6237

Merged
merged 11 commits into from
Nov 21, 2024
Merged

feat: use privacy-preserving webxdc addresses #6237

merged 11 commits into from
Nov 21, 2024

Conversation

r10s
Copy link
Member

@r10s r10s commented Nov 20, 2024
edited
Loading

this PR adds the address to be used by the UI for window.webxdc.selfAddr to webxdc-info. UIs need to be changed accordingly and must not use configured_addr any longer.

the address is created by sha256(private-key + rfc724_mid) , which results in different addresses for each webxdc, without the option to find out the real address of the user.

this also returns the same address for a multi-device-setup - sending totally random self address around might be an alternative, however would require connectivity (both devices may be offline on first start).

for existing app, after the change, there will be a new user, resulting eg. in a new highscore, otherwise, things should be mostly fine. this assumption is also important as we might change the thing another time when it comes to multi-transport.

ftr, addresses look like 0f187e3f420748b03e3da76543e9a84ecff822687ce7e94f250c04c7c50398bc now

when this is merged, we need to adapt #6230 and file issues for all UI to use info.selfAddr

closes #6216

@r10s r10s requested review from link2xt, Hocuri and adbenitez November 20, 2024 18:50
@r10s r10s marked this pull request as ready for review November 20, 2024 18:50
@r10s r10s force-pushed the webxdc-addr-privacy branch from fcc1d4b to 6d327ac Compare November 20, 2024 19:30
@r10s r10s changed the title add self_addr to webxdc-info use privacy-preserving addresses Nov 20, 2024
r10s
r10s commented Nov 20, 2024
View reviewed changes
src/webxdc.rs Outdated Show resolved Hide resolved
@r10s r10s changed the title use privacy-preserving addresses feat: use privacy-preserving webxdc addresses Nov 20, 2024
@r10s r10s added the webxdc label Nov 20, 2024
@link2xt
Copy link
Collaborator

link2xt commented Nov 21, 2024
edited
Loading

Here is an answer to a similar question regarding security of hashing a secret key:
https://crypto.stackexchange.com/questions/61915/can-i-hash-a-secret-key-and-used-the-hash-as-key-id

@r10s
Copy link
Member Author

r10s commented Nov 21, 2024

@link2xt i changed generation to use fingerprint as discussed

@r10s r10s enabled auto-merge (squash) November 21, 2024 18:00
@r10s r10s merged commit 8a0c913 into main Nov 21, 2024
38 checks passed
@r10s r10s deleted the webxdc-addr-privacy branch November 21, 2024 18:00
@r10s r10s mentioned this pull request Nov 22, 2024
Closed
@r10s r10s mentioned this pull request Dec 10, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@link2xt link2xt link2xt approved these changes

@Hocuri Hocuri Awaiting requested review from Hocuri

@adbenitez adbenitez Awaiting requested review from adbenitez

Assignees
No one assigned
Labels
webxdc
Projects
Webxdc PUSH M2/M3
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

privacy preserving selfAddr (M2)
2 participants
@r10s @link2xt