Skip to content

Local switch shared secrets#6794

Merged
OBattler merged 3 commits into
86Box:masterfrom
chungy:switch-secrets
Feb 10, 2026
Merged

Local switch shared secrets#6794
OBattler merged 3 commits into
86Box:masterfrom
chungy:switch-secrets

Conversation

@chungy

@chungy chungy commented Feb 10, 2026

Copy link
Copy Markdown
Contributor

Summary

This alters the local switch function to use a "shared secret" to separate logical switches. Only by having an identical shared secret can two 86Box machines transmit and receive packets between each other. This feature is optional inasmuch the text field can be left blank. This can be useful in the circumstance of having multiple people on one LAN, say Fred and Wilma each have their own computers and want to set up 86Box networks that don't accidentally join each other, they might use the shared secrets "fred" and "wilma" respectively to keep isolation.

Since shared secrets can supplant the limited number of switch groups, that feature has also been entirely done away with. Using unique shared secrets to segment unique networks is a viable alternative.

IMPORTANT: This is not a security feature! Packets are transmitted in plain-text as they always have, and a malicious actor can trivially modify a local copy of 86Box to "spoof" the shared secret hash and join on a network.

Checklist

This allows for a “shared secret” to be entered for a network switch,
segmenting traffic so that multiple people could use the feature
simultaneously without accidentally entering into or interfering with
each other's networks.

Takes a string specified in the configuration file (using the
net_%02i_secret key) and hashes it through SHA3-256 to prepend to each
data packet.  This hash is used to compare packets on reception and
allow or discard them.
Two birds in one commit: with the introduction of shared secrets,
there is a practically-infinite amount of local switches that can be
used, by merely editing the shared secret string.  As such, support
for old switch groups has been removed.

In addition to this, the multicast address for local switch has been
altered to 239.255.80.86.  This ensures a hard compatibility break
with the previous code and old (albeit interim) builds of 86Box would
not attempt to receive packets with shared secrets.
I used AI to translate the phrase.  If it got any of the wrong, I
trust it'll be fixed.  :-)
@chungy chungy changed the title Switch secrets Local switch shared secrets Feb 10, 2026
@OBattler OBattler merged commit bc17da0 into 86Box:master Feb 10, 2026
45 checks passed
@chungy chungy deleted the switch-secrets branch February 10, 2026 07:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants