Transcript from the "Secret-Handshake" Lesson
>> In terms of what you can use a node right now that's somewhat audited. There's this package that's part of a project called Secure Scuttlebutt and they have some preliminary auditing done on this package called Secret Handshake that's used for this offline peer to peer encrypted social database.
[00:00:21] Which I'm going to talk a little bit more later. So it all uses this thing called pole streams, which are kind of one of these alternative streaming interfaces. One nice thing about pole streams is they're a bit smaller in the browser, but then you have to use pull streams and they're different.
[00:00:39] So you have to like wrap things like standard in and standard out if you want to use those. So you can use this package pull- stream- to -stream there's also one called stream- to -pull -stream to like take a pull stream, turn it into a node stream and vice versa.
[00:00:52] So I almost had a demo for setting up secret handshake correctly but it's actually quite difficult cause there's so many moving pieces with a lot of these stuff. If you wanna learn more, there's an example in the read me for secret handshake and you can pick it apart to kinda see how it works.
[00:01:12] So this would be useful tool if you want to establish a connection without divulging to either an passive adversary, who's who's inspecting the traffic on the network or if you accidentally dialed the wrong number connecting to a server. You don't wanna accidentally divulge who you are, or who you're trying to connect to.
[00:01:34] So, these are different guarantees that this module can provide.
>> If you use something like passport js so will it take care of this or is it, you need to do this under that?
>> So if you use something like passport js, that's more dealing with kind of like web sessions like session data.
[00:01:54] So this is a lot lower level than something like you would get with passport or some other kind of similar tool. This is like calling out to see routines and doing like low level crypto. So you can build your own things like passport, maybe on top of this stuff, but it's not something that you get for free.
>> From an end user developer standpoint, if I'm using passport, should I be considering all this what crypto does or elaborate like passport take care of that?
>> Yeah, so I think you would use this kind of these kinds of routines. These kinds of low level API's if you want to do things that are very different from what you would use something like passport for, like, for example, if you want to build a system where you can securely connect to other peers across the network, maybe that's a node utility that works on the command line.
[00:03:32] Okay, so, these are some basics of the Sodium API. Maybe we can take a short break, like five minutes and people can install Chloride. And you can just run some of these routines and generate a key pair with crypto assign key pair and then verify some messages.