[PLUG] Add gmail like security enhancements to rainloop?
Louis Kowolowski
louisk at cryptomonkeys.org
Tue Feb 12 17:19:52 UTC 2019
Have you considered doing client cert instead? It sounds like it may be less work.
> On Feb 12, 2019, at 2:25 AM, Michael Christopher Robinson <michael at robinson-west.com> wrote:
>
> So SMS isn't that secure... I figured as much. I'm thinking I can
> inexpensively add GPS equipment to Linux laptops and desktops so that
> in theory I should be able to send my GPS coordinates to the server.
> If the server receives acceptable GPS coordinates and a valid client
> identifier from the client securely... that can be the trigger to
> allow access to rainloop and effectively thwart dictionary attackers.
> There are android and IOS apps that allow ssh, but I'm wanting scp and
> scp only I think. Can javascript trigger a secure data exchange
> between the client and the server? How do I dynamically program Apache
> to only allow pre authorized source IP addresses to access rainloop?
> The IP list should self prune within reason because the trusted client
> devices are not always using the same IP address. When you try to go
> to https://goose.robinson-west.com, you should either get an identify
> yourself page or rainloop depending on whether or not I trust you yet.
> I'm thinking the identify yourself page needs to get you the client to
> send the GPS coordinates and the the secret key if you have it in a
> secure manner. If the secret key matches for an accepted device and
> the GPS coordinates land in an acceptable geographic region for that
> device, you are golden. Whether I need a special security service that
> I write or I need ecmascript is not clear.
>
> I envision a server having a range of GPS coordinates it can accept,
> and a list of 256 digit numbers it trusts. For example, I know I'm
> going to be inside the US, so I allow GPS coordinates that land within
> US territory. Not sure how to accomplish this though... If I choose
> to travel to Canada, how do I allow for that???
>
> Of primary importance is getting a pre determined client identifier
> from client to server securely, I can always add on GPS coordinates
> later.
>
> With Apache the common thing is to allow all clients or require all
> granted I believe. I want something like require all listed or
> redirect all not listed instead.
>
> -- Michael C. Robinson
>
> _______________________________________________
> PLUG mailing list
> PLUG at pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
--
Louis Kowolowski louisk at cryptomonkeys.org <mailto:louisk at cryptomonkeys.org>
Cryptomonkeys: http://www.cryptomonkeys.com/ <http://www.cryptomonkeys.com/>
Making life more interesting for people since 1977
More information about the PLUG
mailing list