From b1634b4afe9ecc158ec473c4543e52ec0ce072cb Mon Sep 17 00:00:00 2001 From: Kevin F Date: Sun, 5 Mar 2023 22:29:28 -0600 Subject: [PATCH] improve threat model description --- ThreatModel.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/ThreatModel.md b/ThreatModel.md index c6420d9..61abd57 100644 --- a/ThreatModel.md +++ b/ThreatModel.md @@ -1,7 +1,6 @@ # GoSmartKeyboard Threat Model -GoSmartKeyboard assumes that it is running behind a reverse proxy that provides TLS termination. This is a common setup for web applications, and is the default configuration for the [Caddy](https://caddyserver.com/) web server. +GoSmartKeyboard assumes that it is running behind a reverse proxy that provides TLS termination. This is a common setup for web applications, and is the default configuration for the [Caddy](https://caddyserver.com/) web server. Alternatively you could use SSH port forwarding to tunnel the traffic to the server. -The daemon is intended to be used by a single user, with the client used by the same person. -It is not recommended to use this over the internet, as it is intended for the user to be able to physically see the screen. \ No newline at end of file +The server daemon is intended to be used on a single-user system. The goal is to prevent against well funded attackers without physical access to the machine from authenticating to the service. To prevent this, a 256 bit random token is generated and stored in a file. The token is then displayed to the user, and they are expected to copy it to store it safely. The token cannot be recovered because only a sha256 hash of the token is stored on disk. \ No newline at end of file