This software turns a Windows PC in to a personal cloud server with browser-based remote access, file and data storage, and webcam access with motion detect. Currently looking for general feedback on the product and its usability.
You’ve identified a nice juicy target there. So, how much work have you put in towards making it secure? How much work have you done to make it robust in the face of concerted attacks?
Another great question! Regarding Security/Defense:
Browser sessions are protected using TLS versions 1.0 through 1.2 for maximum browser compatibility. ECDHE cipher suites are supported to provide Perfect Forward Secrecy (when supported by the browser). There are limits imposed on login attempts per user, per IP, and per session. If per-user limit is reached, then IP whitelists are imposed. Saved passwords and associated data are protected using AES-256 with salt and MAC. Beyond that, the security of the product ultimately relies on choosing a strong password, verifying your certificate, and restricting physical access to your PC.
Post-Quantum cipher suites are not yet supported as the IETF draft is still in Experimental status and browser support is limited as far as I know. But we definitely DO intent to add support soon. Stored passwords are protected using AES-256, which should be quantum-resistant.
