Magic Wormhole: get things from one computer to another, safely

(github.com)

816 points tosh | 2 comments | 17 Aug 24 16:59 UTC | HN request time: 0.415s | source

Show context

jmakov ◴[17 Aug 24 19:47 UTC] No.41277377[source]▶

>>41275920 (OP) #

Can it also generate a link so the client can just ckick on it instead of having to install things?

replies(1): >>41277826 #

1. lotharrr ◴[17 Aug 24 20:46 UTC] No.41277826[source]▶

>>41277377 #

Alas no. It's a one-shot file-transfer tool, and we don't store a copy of the encrypted data or anything. So the sender must stay running until the receiver has finished downloading. If you're comfortable with relying on servers for your security, then I believe wormhole.app offers the clickable zero-install link that you described.

Magic-wormhole can't use that approach, because our security model rules out reliance on servers for confidentiality or integrity. We could safely store ciphertext without violating the model, but you need an interactive protocol with the sender to get the decryption key (otherwise the wormhole code would be a lot larger), so it wouldn't improve the experience very much, and would cost a lot more to operate. The wormhole servers have trivial storage requirements, so the only real costs are bandwidth for the transit relay helper, for when the two sides can't make a direct connection.

replies(1): >>41279172 #

2. SushiHippie ◴[18 Aug 24 00:24 UTC] No.41279172[source]▶

>>41277826 (TP) #

It's actually possible via https://winden.app which uses the wormhole protocol (compared to wormhole.app which is not affiliated with the matic wormhole project), once you upload a file there it will show you a link which is basically winden.app/#passphrase

As it uses the anchor tag # the passphrase doesn't even get sent to the server hosting the website, so it all happens client side.

↑