gosmartkeyboard/docs/ThreatModel.html

23 lines
1.4 KiB
HTML
Raw Normal View History

2023-03-07 22:29:26 +00:00
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width">
<title>GoSmartKeyboard</title>
<link rel="stylesheet" href="google-code-prettify/prettify.css">
<link rel="stylesheet" href="styles/prettify-theme.css">
<script defer src="google-code-prettify/prettify.js"></script>
<script defer src="google-code-prettify/run_prettify.js"></script>
<link rel="stylesheet" href="styles/main.css">
</head>
<!-- Generated by srcweave https://github.com/justinmeiners/srcweave -->
<h1>GoSmartKeyboard Threat Model<a id="c11"></a></h1>
<p>GoSmartKeyboard assumes that it is running behind a reverse proxy that provides TLS termination. This is a common setup for web applications, and is the default configuration for the <a href="https://caddyserver.com/">Caddy</a> web server. Alternatively you could use SSH port forwarding to tunnel the traffic to the server.</p>
<p>The server daemon is intended to be used on a single-user system. The goal is to prevent against well funded attackers without physical access to the machine from authenticating to the service. To prevent this, a 256 bit random token is generated and stored in a file. The token is then displayed to the user, and they are expected to copy it to store it safely. The token cannot be recovered because only a sha256 hash of the token is stored on disk.</p>
</body>
</html>