LOC-2 joinRoom now generates and returns a 1024 bit session key
author B Tasker
()
committer B Tasker
()
commit 462e9dfd34d7e338abceea1fd896718a5c68b12b
tree 185b7feb5eb23fc7adffbc026f557faf1cf27736
parent 4eac571d338fa478190e80dd48e443b0981d236f
LOC-2 joinRoom now generates and returns a 1024 bit session key

When the user successfully joins a room, a 1024 bit session key is generated and returned. The client stores this for use with later requests.

It's use isn't currently enforced (coming soon) and the table isn't currently tidied when a user leaves/is kicked (again coming soon).

The session key is prefixed by the room id, in the format

[roomid]-[sesskey]

The idea being that when a room is closed, it's trivial to remove all related sessions.

My concern here, though, is that it may leak how many rooms there are. If your session key starts 10 then you know there are (or have been) 10 rooms (including yours).

So, either we need to change the prefix to be the room name, or perhaps just have the server seed the room IDs with a random number at startup.

The problem with the latter is that we risk running out of IDs if the number's truly unbounded, and if it is bounded and we're near the upper bound you can still take an educated guess.

So it's probably better to switch using the room name in hindsight. Will change that next
client/LocalChatClient.py
server/LocalChat.py