Introduction
Hi everyone! I’m thrilled to share that I’ve successfully completed my Google Summer of Code 2025 project with Freifunk and qaul!
I’ve spent the past few months working on implementing a comprehensive RPC user authentication layer for qaul. This journey has been both challenging and incredibly rewarding, and I’m excited to share the final results of my work.
A huge thank you to my mentor MathJud for his continuous guidance and support throughout this project, and to Andibraeu and the entire Freifunk community for this amazing opportunity!
Project Overview
qaul enables peer-to-peer communication without any internet or communication infrastructure, using local wifi networks or shared phone wifi networks. My project focused on creating a robust authentication and encryption system that would lay the foundation for multi user support per node and future web interface.
Progress after mid term
Session Management System
I developed a token-based session management system. The tokens for each user are stored in their configuration file, which ensures session persistence.
Protobuf updates
Extended qaul’s RPC communication structure with new authentication modules:
message LoginRequest {
string username = 1;
bytes password = 2;
}
message LoginResponse {
string status = 1;
bytes token = 2;
string message = 3;
}Impact and Benefits
This project brings significant benefits to the qaul ecosystem and its users:
For Users:
- Enhanced security through proper authentication.
- Ability to use multiple identities on the same node
- Session persistence across application restarts
- Foundation for web-based access without app installation
For Developers:
- Extensible authentication framework for future features
- Modular design enabling easy maintenance and updates
For the Community:
- Improved scalability
- Foundation for building web interfaces
- Support for shared node resources in community networks
Challenges and Learning
This project presented several technical challenges that deepened my understanding:
RPC System Integration: Extending qaul’s existing RPC infrastructure required careful study of the codebase and multiple iterations to achieve integration.
Cryptographic Implementation: Implementing secure authentication without exposing passwords required the dual-hash approach with nonces, ensuring each authentication is unique.
The tradeoffs we made
We have one active session per user right now instead of multiple concurrent sessions.
We’ve tokens in the config.yaml, but we also have private keys. So, that works!
The challenge-response flow adds complexity, but ensures passwords are never shared over the network, and the whole mechanism also prevents rainbow attacks.
The known inefficiencies
- Nonce is a simple counter instead of random number.
- No prevension of duplicate usernames, this is the reason that causes authentication failures when multiple users share names.
Scopes of improvement
- Multiple sessions per user that would enable multiple devices for a user.
- Security layer for authenticated user containment in libqaul. For that a user can only execute functions it is entitled to.
- Additional protobuf message to ask the system for all available users to login.
- This function delivers different results, whether a user is local or a user is trying to remotely login.
Conclusion
Completing this GSoC project has been an incredible journey of growth and learning.
This isn’t goodbye 🙂 I’m excited to continue contributing to qaul and the broader freedom tech ecosystem. The future of decentralized, censorship-resistant communication is bright, and I’m honored to be part of building it!