christophebiocca / network_clipboard Goto Github PK
View Code? Open in Web Editor NEWNetwork Clipboard Sharing (Encrypted)
License: Apache License 2.0
Network Clipboard Sharing (Encrypted)
License: Apache License 2.0
The Usage section talks about joining a "newtwork" (unless this is a Monty Python reference)
Put it in $XDG_CONFIG_HOME
or $HOME/.config/
instead of polluting my home dir. See http://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html
Even with authentication (see #3), a MitM can observe valid message across the wire and then proceed to spam it repeatedly. Since there is only one shared clipboard on the receiver, the attacker can continuously overwrite the clipboard with old values preventing legitimate clients from functioning.
One possible solution: employ a monotonic ratchet on a per client basis. Since sessions are synchronous, both the sender and receiver should know the sequence number of the next message. The MitM shouldn't know the PSK, and so cannot advance the ratchet themselves. Messages not matching the expected sequence number can be discarded.
Specifically, once a connection is established, any new message is simply decrypted and shoved into the clipboard.
A MitM can observe the client handshake and then proceed to inject garbage into the receiver's clipboard. MAC'ing the individual messages (after encryption!) and verifying the MAC before decryption should do the right thing here.
A more sophisticated attacker can exploit mallaebility to alter known plaintexts. I'm struggling to come up with a good threat model for this specific scenario though :P
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.