cryslith / kataomoi Goto Github PK
View Code? Open in Web Editor NEWCryptographic matchmaking webapp
License: MIT License
Cryptographic matchmaking webapp
License: MIT License
Instead of just spewing everything into the console (which we should still do), we should figure out what to display to the user when various error/warning conditions happen.
When another user takes too long to reply or gets disconnected during a time-sensitive stage of the SENPAI protocol, we currently flag them as cheating, but this could just be a problem with the server or with their internet connection. We should give users a "recovery phrase" that they can pass on to their partner if they get disconnected, containing either s
or x
depending on which role the user is playing in the protocol. The client will allow users to complete the answer-sharing and honesty-proving stages out-of-band if necessary, by exchanging these phrases over any medium they choose.
Requiring people to organize and choose a time to use kataomoi together is a serious hindrance to using kataomoi successfully. We should allow users to select Yes/No answers for other users who aren't currently online; the protocol exchange still can't take place until both users are online at the same time, but online status can be detected automatically and acted upon by the client without further user intervention.
In more detail, this would require persistent user accounts instead of ephemeral rooms and usernames. Users would create accounts, and join (or be invited into) "circles" containing other users, who they could then select answers for. Clients would detect when users in the same circle come online, and perform exchanges then if they hadn't recently performed an exchange with the same user. Long-term client state (such as keypair, circle memberships, choices for other users, and past results) would be encrypted client-side with the user's password, and then both stored in browser localStorage (when possible) and sent to the server to be saved.
When dealing with users not in the same physical location, we'll need fancier mechanisms for authenticating mappings between real identity and username/public key. We should give users a way to display their own public key fingerprint for verification, and locally sign other users' public keys (these signatures would become part of the saved client state). Adding ways for users to verify public keys without face-to-face interaction (for example, users can upload a PGP-signed statement for other users to view) could also be useful.
Instead of just having page load stall while keys are generated, we should have a widget that says "Generating cryptographic keys, please wait..." and do the keygen in a way that doesn't hang up the browser. Not sure whether Forge's web worker keygen is useful, but we can always go with createKeyPairGenerationState
and stepKeyPairGenerationState
as used in their example code in the readme.
I don't think we're doing anything sensible in case of issues with AES decryption or OEAP unpacking. We should make sure that an adversary who sometimes spews random garbage at the client doesn't break anything.
Links on the main page should open in a new tab so client state isn't lost.
What's this all about, how does it work, what's a "room", what does "DTF" mean, how do I use any of this, etc.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.