Encrypted sockets. #9
Comments
|
Ofcourse, it would be great to add this to the project, encrypting is something that can be added to force, send me the code and I will add it or you can fork the project and make a pull request. |
|
Is this your dart package? https://github.com/delaneyj/dart-rc4 |
|
That's the base rc4 yes. I have more code around the ack cycle. Basically it makes it so the initial server connection grabs a new session key. that is then used to encrypt the rest of the session. It also means my server doesn't send open/close when it happens on the websocket but rather after the encryption stage. Also since a client can send events prior to the encrypt stage those get queued up as well for the right 'welcome' message. |
|
Encryption should be always on, for privacy and legal reasons. We live in a post-Snowden world. You cannot settle for insecure and deprecated protocols like RC4. You need the real deal. Something like this: https://pub.dartlang.org/packages/cipher . |
I had actually started my own Dart websocket based client/server thing (codenamed javelin). Its does some acks and registration steps to allow things like automatic configurable RC4 encryption.
It that something you might want to include in force if I gave you the code?
The text was updated successfully, but these errors were encountered: