From c9ffab4d7ad0047f7603c3f7ce33a7e632be0578 Mon Sep 17 00:00:00 2001 From: metamuffin Date: Thu, 15 Sep 2022 19:24:24 +0200 Subject: move "security" paragraph further down --- readme.md | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/readme.md b/readme.md index 162d273..0aca9b2 100644 --- a/readme.md +++ b/readme.md @@ -18,17 +18,6 @@ a web conferencing application Licensed under the terms of the GNU Affero General Public License version 3 only. See [COPYING](./COPYING). -## Security - -keks-meet _tries_ to be secure. However I am not a security expert. The current system works as follows: - -- The room name is set in the section of the URL which is not sent to the server. -- The server receives a salted SHA-256 hash of the room name to group clients of a room. -- The client uses PBKDF2 (constant salt; 250000 iterations) to derive a 256-bit AES-GCM key from the room name. -- All relayed message contents are encrypted with this key. - - Message recipient is visible to the server - - The server assigns user ids - ## Usage For trying it out, a hosted version is available on [my server](https://meet.metamuffin.org/). @@ -98,6 +87,17 @@ Booleans can be either `1`, `true`, `yes` or their opposites. I convenience func | `notify_join` | boolean | `true` | Send notifications when users join | | `notify_leave` | boolean | `true` | Send notifications when users leave | +## Security + +keks-meet _tries_ to be secure. However I am not a security expert. The current system works as follows: + +- The room name is set in the section of the URL which is not sent to the server. +- The server receives a salted SHA-256 hash of the room name to group clients of a room. +- The client uses PBKDF2 (constant salt; 250000 iterations) to derive a 256-bit AES-GCM key from the room name. +- All relayed message contents are encrypted with this key. + - Message recipient is visible to the server + - The server assigns user ids + ## Todo-List - Optionally enable video streams -- cgit v1.2.3-70-g09d2