Most active commenters
  • lotharrr(5)

←back to thread

Magic Wormhole: get things from one computer to another, safely

(github.com)
816 points tosh | 19 comments | 17 Aug 24 16:59 UTC | HN request time: 1.075s | source | bottom
1. lotharrr ◴[17 Aug 24 18:45 UTC] No.41276886[source]
author here.. happy to answer any questions!
replies(9): >>41276960 #>>41277084 #>>41277310 #>>41277500 #>>41277604 #>>41277995 #>>41278638 #>>41278665 #>>41284597 #
2. nickpsecurity ◴[17 Aug 24 18:51 UTC] No.41276960[source]
I just wanted to thank you for making it. I wanted it just to bootstrap VM’s on new machines. I ended up using it all the time for many things. Great project!
3. twp ◴[17 Aug 24 19:07 UTC] No.41277084[source]
Seconded, magic-wormhole is fantastic and has "just worked" for me several times. Thank you for all your work in creating this brilliant software!
4. matricaria ◴[17 Aug 24 19:39 UTC] No.41277310[source]
Why is this better than rsycn or scp?
replies(1): >>41277551 #
5. Bayes7 ◴[17 Aug 24 20:04 UTC] No.41277500[source]
great project!
6. lotharrr ◴[17 Aug 24 20:11 UTC] No.41277551[source]
scp/rsync are great tools, but they require pre-coordination of keys. One side is the client, the other is the server. The client needs an account on the server machine (so the human on the client machine must provide an ssh pubkey to the human on the server machine, who must be root, and create a new account with `adduser`, and populate the ~/.ssh/authorized_keys file). And the client needs to know the server's correct hostkey to avoid server-impersonation attacks (so the human on the server machine must provide an ssh host pubkey to the human on the client machine, who puts it in their ~/.ssh/known_hosts file).

Once that's established, and assuming that the two machines can reach each other (the server isn't behind a NAT box), then the client can `scp` and `rsync` all they want.

Magic-wormhole doesn't require that coordination phase. The human sending the file runs `wormhole send FILENAME` and the tool prints a code. The human receiving the file runs `wormhole rx CODE`. The two programs handle the rest. You don't need a new account on the receiving machine. The CODE is much much shorter than the two pubkeys that an SSH client/server pair require, short enough that you can yell it across the room, just a number and two words, like "4-purple-sausages". And you only need to send the code in one direction, not both.

Currently, the wormhole programs don't remember anything about the connection they just established: it's one-shot, ephemeral. So if you want to send a second file later, you have to repeat the tell-your-friend-a-code dance (with a new code). We have plans to leverage the first connection into making subsequent ones easier to establish, but no code yet.

Incidentally, `wormhole ssh` is a subcommand to set up the ~/.ssh/authorized_keys file from a wormhole code, which might help get the best of both worlds, at least for repeated transfers.

replies(1): >>41278051 #
7. happosai ◴[17 Aug 24 20:16 UTC] No.41277604[source]
Nice project. Is there iptables connection tracking module that can handle the protocol?
replies(1): >>41277763 #
8. lotharrr ◴[17 Aug 24 20:37 UTC] No.41277763[source]
None that I know of. It just uses a TCP connection to the mailbox server (with keepalives), and then TCP connections for the bulk-transfer transit phase, so I can't think of anything special that iptables would need to handle it well.

The encrypted connection is used to exchange IP addresses.. maybe you're thinking of the module that e.g. can modify FTP messages to replace the IP addresses with NAT-translated ones? Our encryption layer would prevent that, but we'd probably get more benefit from implementing WebRTC or a more general hole-punching scheme, than by having the kernel be able to fiddle with the addresses.

9. psanford ◴[17 Aug 24 21:11 UTC] No.41277995[source]
Hey Brian! Just wanted to say that I really appreciate all the work that you put into Magic Wormhole.
10. InfiniteRand ◴[17 Aug 24 21:18 UTC] No.41278051{3}[source]
But if you already have ssh set up for the target machine, is there any advantage such as speed or recoverability vs scp?
replies(2): >>41278689 #>>41286591 #
11. peterhadlaw ◴[17 Aug 24 22:45 UTC] No.41278638[source]
Thank you, I use this software so much and it's really a wonderful solution
12. panarky ◴[17 Aug 24 22:50 UTC] No.41278665[source]
I use wormhole a lot, but I've been too lazy to figure out if it's as secure as ssh/scp, so I always gpg the file I'm transferring before putting it into wormhole.

Is that paranoid behavior?

replies(2): >>41278815 #>>41280800 #
13. lotharrr ◴[17 Aug 24 22:53 UTC] No.41278689{4}[source]
Mostly no. ssh/rsync is compiled C code, so might be slightly faster than a Python-based `wormhole`, if you have a really fast connection to take advantage of. And rsync provides that lovely continue-from-interrupted-transfer feature that magic-wormhole currently lacks.

But wormhole has turned out to be more usable in some cases. I've had days where I'm sshed into a bastion host, then sshed from there into a server, then cd'd into a deep directory with lots of spaces and quotes and shell metacharacters in the path, and then found a file that I wanted to copy out. To do that with ssh, I have to first configure ProxyJump to let me reach the internal machine with a single ssh command, and then figure out how to escape the pathname correctly (which somehow never works for me). With `wormhole send` I get to skip all of that, at the cost of having to do it once per file.

14. lotharrr ◴[17 Aug 24 23:14 UTC] No.41278815[source]
It can't hurt, but it shouldn't be necessary. The client-side software establishes an encrypted connection with its peer, using an encryption scheme that should be just as secure [but see below] as what GPG or SSH will give you.

For GPG to add security, you also have to make sure the GPG key is transferred safely, which adds work to the transfer process. Either you're GPG-encrypting to a public key (which you must have copied from the receiving side to the sending side at some point), or you're using a symmetric-key passphrase (which you must generate randomly, to be secure, and then copy it from one side to the other).

I should note that magic-wormhole's encryption scheme is not post-quantum -secure. So if you've managed to get a GPG symmetric key transferred to both sides via PQ-secure pathways (I see that current SSH 9.8 includes "kex: algorithm: sntrup761x25519-sha512@openssh.com", where NTRU is PQ-secure), then your extra GPG encryption will indeed provide you with security against a sufficiently-large quantum computer, whereas just magic-wormhole would be vulnerable.

replies(2): >>41279070 #>>41280733 #
15. panarky ◴[18 Aug 24 00:02 UTC] No.41279070{3}[source]
When I ask if wormhole is as secure as ssh/scp I'm not really thinking about post-quantum security, I'm thinking about the number of brilliant people looking at the code and the number of brilliant people attempting to break it.
16. ◴[18 Aug 24 07:17 UTC] No.41280733{3}[source]
17. jwilk ◴[18 Aug 24 07:38 UTC] No.41280800[source]
> too lazy to figure out if it's as secure as ssh/scp

It absolutely isn't. See my rant: https://news.ycombinator.com/item?id=24519895

replies(1): >>41286583 #
18. deknos ◴[18 Aug 24 19:09 UTC] No.41284597[source]
Hi, i have indeed some questions!

* is there an app for it? where i can share the password via qrcode? for when the data is to big for qrcodes? * what do you plan on doing regarding quantum computation? switching to some pqsafe cryptography, also to be safe before save-now-decrypt-later-attack? * is it possible to extend your protocol over more generic proxies like turn servers?

19. mistell ◴[19 Aug 24 00:05 UTC] No.41286591{4}[source]
The whole point is wormhole fills in a gap where scp isn’t viable or convenient.