DeskdropDeskdrop
FeaturesRoadmapSecurity
GitHub
Download
DeskdropDeskdrop

A production-grade, zero-server shared clipboard and peer-to-peer file transfer engine. Licensed under AGPL-3.0.

ProductFeaturesSecurityRoadmap
ResourcesArchitectureGitHubDownload
© 2026 Deskdrop. All rights reserved.
Privacy PolicyTerms & LicensingGitHub

Security Model

Deskdrop syncs clipboard content and transfers files strictly across devices on the same LAN or VPN. Understanding what it protects against is essential to evaluating its posture.

Cryptographic Primitives

Key ExchangeX25519 ECDH256-bit ephemeral per session for forward secrecy.
Symmetric EncryptionChaCha20-Poly1305256-bit AEAD; 96-bit strictly monotonic counter nonce.
Key DerivationHKDF-SHA256Combines ECDH shared secret for session context.
PIN DerivationHKDF-SHA256 (PIN)IKM = ECDH shared secret to yield a visual 6-digit match.

In Scope (Defended)

Threat Mode: Passive Sniffing
Alice
192.168.1.100
Mallory (Attacker)
Bob
192.168.1.200
Defense MechanismChaCha20-Poly1305 AEAD

Threat Explanation

A passive listener tries to read raw Wi-Fi packets broadcasted across the local network.

protocol-defense.log

Out of Scope

Malicious device you have already trusted

Once trust is established, a compromised peer can push data. You must manually revoke compromised devices.

Physical access to your device

If an attacker can read your `trust.json` or process memory, they can impersonate trusted devices. Full-disk encryption is highly recommended.

Network-level MITM after initial trust

The current implementation pins the ephemeral public key from the first session. A sophisticated MITM reusing that pinned fingerprint is not defended against until Long-Term Identity Keys ship.

Metadata leakage

Device names in mDNS records are unencrypted. Observers can see which devices are running Deskdrop, though not the content being synced.