Fork me on GitHub
#clojure-boston
<
2016-04-19
>
xcthulhu12:04:49

WRT to security, would people be interested in developing a cryptographically secure chat program?

xcthulhu12:04:47

I imagine we could all have separate devcard different teams are editing and I could set up the server to do a pub/sub type thing

xcthulhu12:04:16

I'd have to do some legwork to get the environment set up nicely

mchampine13:04:12

@xcthulhu: I'd be interested in that. Lots of decisions to make up-front, e.g. would we be assembling this from existing parts (e.g. there are existing libs for both chat and crypto in Clojure) or trying to roll our own? Use TLS for comms or more basic primitives? How to managed and distributed keys, etc. These decisions hinge on what we're trying to get out of it: a secure system, or to learn our way around using cryptographic tools, and/or to learn about building networked apps. Maybe schedule a planning meeting at a future meetup, or continue discussing the ideas here.

xcthulhu13:04:26

Well, here's what I'd go with:

xcthulhu13:04:01

In my efforts to unit test it I already figured out how to get it to act as a relay server for a chat https://github.com/ptaoussanis/sente/pull/215

xcthulhu13:04:27

(2) I'd have clients generate their own public/private keys in ClojureScript running in the browser rather than go through TLS. This is the security model Proton Mail has ; in this architecture the server has no visibility at all into the content of the encrypted messages

xcthulhu13:04:17

This could be done via the SJCL, which I've wrapped here for clojurescript: https://github.com/xcthulhu/sjcl-cljs

xcthulhu14:04:10

Alternatively we could go with elliptic, which has better performance but I'm still trying to wrestle with to figure out its externs and whether I need to do anything to get it to play nice with the Closure compiler: https://github.com/indutny/elliptic

codonnell15:04:48

that sounds really cool

codonnell15:04:05

I don't know much about cryptography, so I think it would be a neat opportunity to learn.

mchampine15:04:38

A ClojureScript client! Interesting idea. I haven't done much ClojureScript or JS crypto. I had been thinking Aleph for the chat comms: http://alexkehayias.tumblr.com/post/28783286946/a-simple-real-time-chat-server-using-clojure-and . A web client would surely be appealing - though we'd be closer to the bleeding edge. Very cool that you've wrappered the Stanford JS crypto. That lib would have been really handy years ago when I wanted to build an all-JS SRP client. (I've always found SRP to be an impressive bit of crypto). What's wrong with the ECC in the Standford JS Lib? Too low level, or incomplete?

mchampine15:04:45

I did several projects with ECC back in the late 90's with HP. We had some PhDs from Waterloo writing the core algos, and I packaged it up for general use, e.g. my ECDSA crypto provider for early prototypes of W3C Digital Signature initiative.

codonnell15:04:26

I've used sente before, and it's pretty easy to use. If all we're doing on the server is relaying messages to clients, that would be very straightforward to implement using sente.

henrytill15:04:14

+1 for the idea. +1 for Aleph as well.

mchampine15:04:20

Does it make sense to have both web and desktop clients? Maybe for a 2nd phase? Not sure that Sente makes sense for non-JS clients though. For non-JS crypto we could use buddy (layered on BouncyCastle) or caesium (layered on libsodium). The alternative to a true desktop app might be to stay in JS and write an Electron client for those that want a desktop-ish experience.

henrytill15:04:40

or try WebRTC!

mchampine15:04:54

There ya go!

henrytill15:04:34

most people use http-kit with sente?

xcthulhu15:04:33

> What's wrong with the ECC in the Standford JS Lib? The SJCL is super messy, writing the externs for it was horrible

xcthulhu15:04:25

Also, it doesn't support Ed25519, unlike elliptic: https://ed25519.cr.yp.to/

mchampine15:04:26

Probably mostly http-kit w/ sente. I guess the immutant lib is super fast tho.

henrytill15:04:51

I've heard...mixed things about http-kit

mchampine15:04:19

there's always nginix

xcthulhu15:04:36

I really wish sente supported Clojure clients, btw, since there's no omnibus network message layer for Clojure(Script)

xcthulhu15:04:47

I started something that exposes the same crypto API for Clojure(Script) btw: https://github.com/xcthulhu/bitauth

xcthulhu15:04:05

No ECDH which is annoying

henrytill15:04:42

well i really like the idea of doing the client w/keygen in cljs with "dumb" server in clj

xcthulhu15:04:53

I'd love to do WebRTC too, but I've honestly never rolled my own DHT

xcthulhu15:04:14

Nor architected a gossip network

henrytill15:04:38

yes, it could widen the scope of the workshop quite a bit

xcthulhu15:04:57

Gossip networks have security concerns too; naïve ones are very weak against DDOS

xcthulhu15:04:08

Yeah, there's a lot of fun

xcthulhu16:04:51

Anyway, I can try and hurry to get my little bitauth repo in better order so we can do ECDH

xcthulhu16:04:09

Since that's a massive PITA

henrytill16:04:37

I think we can shelve the WebRTC idea just to keep things manageable...

xcthulhu16:04:25

I'd love to do it eventually