Slide 1

Slide 1 text

Move Things From One Computer to Another, Safely Brian Warner magic-wormhole.io PyCon 2016

Slide 2

Slide 2 text

me == Brian Warner • Buildbot, Foolscap, Versioneer • AllMyData: Tahoe-LAFS • Mozilla: Add-On SDK, Firefox Sync, Persona, Firefox Accounts • Today: Magic Wormhole [email protected] @lotharrr github.com/warner

Slide 3

Slide 3 text

Magic-Wormhole: a File Transfer Program • Securely moves a file from one computer to another • or a directory, or a string • My claim: easier than all other secure tools • Especially for moving to an unrelated computer

Slide 4

Slide 4 text

What It Looks Like pip install magic-wormhole

Slide 5

Slide 5 text

What It Looks Like pip install magic-wormhole

Slide 6

Slide 6 text

What It Looks Like pip install magic-wormhole

Slide 7

Slide 7 text

Solved Problem? • What's wrong with the tools we currently use?

Slide 8

Slide 8 text

"easily". "safely". dictate string to sender dictate string to receiver needs proximity eavesdroppers send email ~30 chars ISPs, CAs, internet upload to FTP/HTTP ~60 chars server, ISPs, CAs, internet dropbox ~60 chars Dropbox, CAs + URL shortener ~20 chars Shortening Service, lucky guessers, Dropbox, CAs USB drive X eww cooties SSH/scp ~740 char pubkey none magic wormhole ~20 chars none

Slide 9

Slide 9 text

How Does It Work? • Rendezvous Message Exchange • PAKE, Key Agreement • IP Address Exchange • Transit Connection • Data Transfer

Slide 10

Slide 10 text

Rendezvous Server typical code: 1-liberty-assume Channel ID

Slide 11

Slide 11 text

PAKE-based Security P assword A uthenticated K ey E xchange 1992: EKE 1997: SRP 2005: SPAKE2 2008: J-PAKE

Slide 12

Slide 12 text

SPAKE2 diagram credit: Dan Boneh Alice Bob pw pw pip install spake2

Slide 13

Slide 13 text

Security of PAKE • Weak Secret + Interaction == Strong Secret • Passive eavesdropper gets zero information • Active MitM gets one guess per protocol run • failed guess == zero information • failed guesses are visible to users

Slide 14

Slide 14 text

Wormhole Codes 2-company-spyglass Channel ID aardvark absurd accrue acme adrift adult afflict ahead aimless Algol allow alone ammo ancient apple artist assume Athens aardvark absurd accrue acme adrift adult afflict ahead aimless Algol allow alone ammo ancient apple artist assume Athens len(words)==256

Slide 15

Slide 15 text

Single Use • Wormhole codes are single-use, forward-secure • Default code: 2 words * (256-word list) == 16 bits • 65536 possible codes, equally likely • User must retry 655 times before attacker has 1% chance of success

Slide 16

Slide 16 text

Laziness Improves Security

Slide 17

Slide 17 text

IP Address Exchange • Find addresses with ifconfig • Listen on TCP ports • Exchange addresses+ports • Try to connect, trade encrypted handshakes • First successful connection wins

Slide 18

Slide 18 text

Data Relay Server

Slide 19

Slide 19 text

Encrypted Transit • Provides encrypted record pipe • Uses NaCl SecretBox (Salsa20/Poly1305) • Keys are HKDF(masterkey, purpose) • Data is hashed (SHA256) during transit • Final ACK confirms the hash

Slide 20

Slide 20 text

Library API w = wormhole(AppID, relay_url) w.set_code("1-peachy-seabird") w.send(b"hello") answer = w.get()

Slide 21

Slide 21 text

Future Work • GUI, pre-packaged installers, browser extension • Negotiate better transports: • WebRTC, ICE/STUN, libutp • Tor Onion Services • Add SPAKE2 to libsodium • Port to other languages: JavaScript, Go, Rust

Slide 22

Slide 22 text

Beyond File Transfer • Use this anywhere you need to deliver a credential • Provisioning new client devices • Pairing client devices to each other • Populating addressbook entries in communication/messaging systems

Slide 23

Slide 23 text

Provisioning Clients Old New Type password into server Type password into client Get Wormhole code from server Type code into client

Slide 24

Slide 24 text

Messaging Apps Old New Alice sends public key to server Bob asks server for Alice's key Alice shows Wormhole code to Bob Bob gets Alice's key from Alice (via wormhole)

Slide 25

Slide 25 text

Add PAKE to your Toolbox • Cryptographic tools disseminate too slowly • We need good examples, compelling use cases, helpful libraries • File transfer is a foot in the door. PAKE is the rest.

Slide 26

Slide 26 text

Magic-Wormhole Move Things From One Computer to Another, Safely Brian Warner https://github.com/warner/magic-wormhole [email protected] Thanks To: Rackspace, Twisted, Glyph, djb, 2255-19 @lotharrr magic-wormhole.io pip install magic-wormhole