Skip to content

Latest commit

 

History

History
77 lines (74 loc) · 4.45 KB

README.md

File metadata and controls

77 lines (74 loc) · 4.45 KB

skynet-interface

This repository includes a few JavaScript files that can help building browser apps that interact with Skynet.

Contents

skynet.js I had trouble making my apps work when run locally, so I implemented my own Skynet functions. It is also possible to use Skynet SDK, of course.
crypto.js Various cryptographic functions including generating a passphrase from username/password pair.
words.js A list of English words (2048) used for generating passphrases is stored on Skynet. This module is used for interacting with this list.
index.js Entry points for the functions to be called from within a html file.
main.js Javascript file precompiled with npx webpack. It can be referenced within a html file.
keydb.js Functions, which check if the given key already exists in the database, and, if not, append that key. The database is stored on Skynet and accessed via Registry.

Some notes on security

A passphrase is generated from username/password combination according to the following steps:

  1. The username + password combination is padded with zeroes to a 32-character string. The zeroes are placed between the username and the password to act as a separator. This limits the total length of username + password currently by 31 character.
  2. The padded string is encrypted with a 256-byte AES key in CBC mode. This serves two purposes:
    • as we are going to have a number of zeroes in the string as well as potentially repeating alphabetic characters, we do not want our passphrase to contain always the same words
    • if we change just one bit in the combination, we want to have a major impact on most of the bits in the outcome
  3. The encrypted string is converted from Uint8Array to 11-bit integer array with values ranging from 0 to 2047.
  4. The resulting array is used as a word index for building the passphrase.

The recovery of the username and the password is done in the reversed sequence.

The way of identifying yourself using username/password combination is intended for those who prefer a traditional way over using long seeds. If a username/password combination is chosen properly, it should provide a similar level of security.

It is important to note that, while the username is intended to be public, neither the password nor the passphrase are meant to be leaving your PC. The generated passphrase should be used to generate a public/private key pair with keyPairFromSeed() function.

The 31 character limit of username + password combination can be extended if needed. As AES works with 16-byte blocks, the length of a padded input string needs to be a multiple of 16 (this includes at least one zero separator). Here are the length of passphrases that can be generated from inputs with different lengths:

Username + Password Passphrase
15 characters 12 words
31 character 24 words
47 characters 35 words
63 characters 47 words

The AES key and CBC-mode initialization vector are derived from appId.

Needless to say that, like in normal username/password selection, a user needs to choose a strong password. However, it is currently possible that the same username can be chosen by different users (as long as their passwords are different). This could be prevented, for example, by keeping a registry of all occupied usernames.

The username and the password are easily recoverable from the passphrase if they are forgotten.

About appId

If you want your app to keep some own data stored on Skynet, then your app needs to have own public/private keys. These can be generated from appId. This means that an appId must be reasonably long to guarantee that there is no other app out there having the same appId.

However, currently there is no way that a Skapp could have its own private data not accessible by the user of this Skapp. This should be kept in mind when assessing the importance of privacy.