improve threat model description

This commit is contained in:
Kevin F 2023-03-05 22:29:28 -06:00
parent 1147984f40
commit b1634b4afe

View File

@ -1,7 +1,6 @@
# GoSmartKeyboard Threat Model # GoSmartKeyboard Threat Model
GoSmartKeyboard assumes that it is running behind a reverse proxy that provides TLS termination. This is a common setup for web applications, and is the default configuration for the [Caddy](https://caddyserver.com/) web server. GoSmartKeyboard assumes that it is running behind a reverse proxy that provides TLS termination. This is a common setup for web applications, and is the default configuration for the [Caddy](https://caddyserver.com/) web server. Alternatively you could use SSH port forwarding to tunnel the traffic to the server.
The daemon is intended to be used by a single user, with the client used by the same person. The server daemon is intended to be used on a single-user system. The goal is to prevent against well funded attackers without physical access to the machine from authenticating to the service. To prevent this, a 256 bit random token is generated and stored in a file. The token is then displayed to the user, and they are expected to copy it to store it safely. The token cannot be recovered because only a sha256 hash of the token is stored on disk.
It is not recommended to use this over the internet, as it is intended for the user to be able to physically see the screen.