Security Model

Deskdrop syncs clipboard content and transfers files strictly across devices on the same LAN or VPN. Understanding what it protects against is essential to evaluating its posture.

Cryptographic Primitives

Key ExchangeX25519 ECDH256-bit ephemeral per session for forward secrecy.

Symmetric EncryptionChaCha20-Poly1305256-bit AEAD; 96-bit strictly monotonic counter nonce.

Key DerivationHKDF-SHA256Combines ECDH shared secret for session context.

PIN DerivationHKDF-SHA256 (PIN)IKM = ECDH shared secret to yield a visual 6-digit match.

In Scope (Defended)

Network eavesdropping

All clipboard and file content is encrypted. A passive observer on the LAN sees only ciphertext.

Man-in-the-middle on first connection

Mitigated via TOFU and PIN-based pairing. The PIN is mathematically bound to the X25519 shared secret. A MITM produces a mismatched PIN.

Replay attacks

Session frames enforce a monotonically increasing per-session nonce counter. Replayed or out-of-order frames are dropped instantly.

Fingerprint substitution

The trust registry records the SHA-256 of the peer's public key upon first pairing. A different key from the same device immediately severs the connection.

Out of Scope

Malicious device you have already trusted

Once trust is established, a compromised peer can push data. You must manually revoke compromised devices.

Physical access to your device

If an attacker can read your `trust.json` or process memory, they can impersonate trusted devices. Full-disk encryption is highly recommended.

Network-level MITM after initial trust

The current implementation pins the ephemeral public key from the first session. A sophisticated MITM reusing that pinned fingerprint is not defended against until Long-Term Identity Keys ship.

Metadata leakage

Device names in mDNS records are unencrypted. Observers can see which devices are running Deskdrop, though not the content being synced.