I don't consider myself qualified to comment on cryptography, and I didn't read the code too closely, but I love seeing projects like this and appreciate that it's clearly human-written.
A couple things I didn't get:
* This is P2P, so it's arbitrary which side is "client" or "server", right? Users aren't connecting to a common "hub"?
* How are users meant to discover each other, or know what the password is? Is this something where those arrangements are made separately (perhaps in meatspace), and the authentication just cares that both sides use the same password?
Also: I get that the program isn't doing its own persistence, but I don't think "ram only — nothing touches disk" can be guaranteed these days with modern OS attitudes towards virtual memory.
I don't consider myself qualified to comment on cryptography, and I didn't read the code too closely, but I love seeing projects like this and appreciate that it's clearly human-written.
A couple things I didn't get:
* This is P2P, so it's arbitrary which side is "client" or "server", right? Users aren't connecting to a common "hub"?
* How are users meant to discover each other, or know what the password is? Is this something where those arrangements are made separately (perhaps in meatspace), and the authentication just cares that both sides use the same password?
Also: I get that the program isn't doing its own persistence, but I don't think "ram only — nothing touches disk" can be guaranteed these days with modern OS attitudes towards virtual memory.