[PLUG] Add gmail like security enhancements to rainloop?

Louis Kowolowski louisk at cryptomonkeys.org
Tue Feb 12 17:19:52 UTC 2019


Have you considered doing client cert instead? It sounds like it may be less work.



> On Feb 12, 2019, at 2:25 AM, Michael Christopher Robinson <michael at robinson-west.com> wrote:
> 
> So SMS isn't that secure...  I figured as much.  I'm thinking I can
> inexpensively add GPS equipment to Linux laptops and desktops so that
> in theory I should be able to send my GPS coordinates to the server.
> If the server receives acceptable GPS coordinates and a valid client
> identifier from the client securely...  that can be the trigger to
> allow access to rainloop and effectively thwart dictionary attackers. 
> There are android and IOS apps that allow ssh, but I'm wanting scp and
> scp only I think.  Can javascript trigger a secure data exchange
> between the client and the server?  How do I dynamically program Apache
> to only allow pre authorized source IP addresses to access rainloop?
> The IP list should self prune within reason because the trusted client
> devices are not always using the same IP address.  When you try to go
> to https://goose.robinson-west.com, you should either get an identify
> yourself page or rainloop depending on whether or not I trust you yet. 
> I'm thinking the identify yourself page needs to get you the client to
> send the GPS coordinates and the the secret key if you have it in a
> secure manner.  If the secret key matches for an accepted device and
> the GPS coordinates land in an acceptable geographic region for that
> device, you are golden.  Whether I need a special security service that
> I write or I need ecmascript is not clear.
> 
> I envision a server having a range of GPS coordinates it can accept,
> and a list of 256 digit numbers it trusts.  For example, I know I'm
> going to be inside the US, so I allow GPS coordinates that land within
> US territory.  Not sure how to accomplish this though...  If I choose
> to travel to Canada, how do I allow for that???
> 
> Of primary importance is getting a pre determined client identifier
> from client to server securely, I can always add on GPS coordinates
> later.
> 
> With Apache the common thing is to allow all clients or require all
> granted I believe.  I want something like require all listed or
> redirect all not listed instead.
> 
>   -- Michael C. Robinson
> 
> _______________________________________________
> PLUG mailing list
> PLUG at pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug

--
Louis Kowolowski                                louisk at cryptomonkeys.org <mailto:louisk at cryptomonkeys.org>
Cryptomonkeys:                                   http://www.cryptomonkeys.com/ <http://www.cryptomonkeys.com/>

Making life more interesting for people since 1977




More information about the PLUG mailing list