The security model for something like tiddlywiki is completely different than a large online service.
Two factor authentication for something like tiddlywiki doesn't do much to improve security. Two factor authentication is mainly helpful in situations where there are large centralised stores of login information that may be compromised. In that case two factor authentication can help prevent breeches because just because someone has your login information they can't necessarily get to your data. For this reason these large systems generally have physically separate systems for the authentication and the actual data store. A tiddlywiki would normally not be stored on this type of system so the same system has the login info and the data. So if someone were to breech the system and get the login info they are already where they need to be to get your data and a two factor authentication system can actually be counter productive. It is distressingly easy, at least in the US, to hijack a cellphone signal using a man-in-the-middle attack and intercept an sms if that is your second channel in your two factor setup. A simple single file wiki that you encrypt and put on a usb drive and carry around with you is far more secure than any online system. It would be as secure as anything can be and still be usable. Nothing is secure against a rubber hose attack. As things stand right now the setup I have for ooktech.xyz is about as secure as anything online. I don't control the physical hardware and it may be slightly more secure to store the tiddlers in an encrypted database instead of as normal files, but that is debatable because any authentication system is on the same physical system so it loses a lot of the benefits of the secure database that way. But I don't think that any of that is actually what you are thinking about. You seem to be talking about secure access to a remote system which isn't really a tiddlywiki question. It is a matter of what remote system you are using, how do you intend for the participants in the conversation to connect to it and how much interest do people have in what you are doing. The question of 'is remote access from one computer to another possible' is yes, Tox manages it using p2p methods that I have been working on replicating with Dodo and they may be able to be applied to Tiddlywiki. And as a note about threat and security models, if I wanted to hack into a big cloud system I wouldn't bother with anything technologically sophisticated. The weakness of facebook is that they employ people who have access to the systems and not all of them are paid well. As the people selling access to the Aadhar database showed, there are plenty of people who will give you access if you find the right person to give some money to. So the question isn't about if you can make tiddlywiki secure, that is easy: yes. The question is, what are the circumstances around what you are doing with it and is they secure. You can have the best lock and strongest doors in existence but it doesn't help if you leave your windows open. -- You received this message because you are subscribed to the Google Groups "TiddlyWiki" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/tiddlywiki. To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/985af24b-9edc-432b-8298-10753d6c762d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
