Security and TOFU
Albert Vaca
albertvaka at gmail.com
Sun Nov 13 20:36:11 UTC 2016
Nothing in this life is completely fail- or hack-proof, but I think KDE
Connect security is, at this point, pretty decent :)
Since the recent version 1.0, it uses SSL and trust-on-first-use, like SSH
(which you could say is not hack-proof either, nothing is). Of course, SSH
has likely been audited way more than kdeconnect, so if you are a security
specialist and want to check kdeconnect for implementation errors or other
security flaws, it would be of great help!
Albert
On Sun, Nov 13, 2016 at 6:50 PM, ixius ixius <iksius at gmail.com> wrote:
> Hello,
>
> I am concerned about security aspect of the kde-connect pairing procedure.
> I am no expert in security but as I understand the pairing of the devices
> currently is not completely fail-(or hack-)proof. Am I right or am I
> missing something? And if I am not wrong, I wonder if there are any plans
> to solve the issues?
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kdeconnect/attachments/20161113/bf885c60/attachment.html>
More information about the KDEConnect
mailing list