$30 off During Our Annual Pro Sale. View Details »

Brian Warner - Magic Wormhole: Simple Secure File Transfer

PyCon 2016
May 29, 2016
Programming
1
670

Brian Warner - Magic Wormhole: Simple Secure File Transfer

"magic-wormhole" is a simple tool to move files from one computer to another, like "scp" but without the setup. By telling the recipient just a few secret words, the file is safely encrypted and delivered directly to the correct machine. The talk will explain the security mechanics, the cryptography (NaCl and SPAKE2), and how to use the underlying open-source library in your own applications.

https://us.pycon.org/2016/schedule/presentation/1838/

PyCon 2016

May 29, 2016
Tweet

More Decks by PyCon 2016

See All by PyCon 2016
Kelsey Gilmore-Innis - Seriously Strong Security on a Shoestring
pycon2016
6
840
Manuel Ebert - Putting 1 million new words into the dictionary
pycon2016
6
870
Brett Slatkin - Refactoring Python: Why and how to restructure your code
pycon2016
17
5.2k
Mike Graham - The Life Cycle of a Python Class
pycon2016
7
8.5k
Nathaniel Manista, Augie Fackler - Code Unto Others
pycon2016
0
470
Alex Gaynor - The cobbler's children have no shoes, or building better tools for ourselves
pycon2016
0
610
Adrienne Lowe - Bake the Cookies, Wear the Dress: Connecting with Confident Authenticity
pycon2016
0
310
Jake Vanderplas - Statistics for Hackers
pycon2016
17
4.5k
Daniele Procida - Documentation-driven development - lessons from the Django Project
pycon2016
3
790

Other Decks in Programming

See All in Programming
JavaScript なしで動作するモダンなコードの書き方
azukiazusa1
14
9.6k
Gatlingによる負荷テスト入門
irof
6
560
安心してリリース!〜Blue/Greenデプロイ戦略の実体験〜 - NIFTY Tech Day 2023
niftycorp
0
130
アーキテクチャ刷新の現場 / Scene of architectural renewal
nrslib
2
340
WantedlyでFeature Storeを導入する際に考えたこと
zerebom
1
390
Python機械学習勉強会in新潟のロゴが無いので、生成AIで作ってみましょう / osc2023niigata
kasacchiful
0
220
Hono v3 and v4
yusukebe
4
2.6k
生成AI×ノーコード (スピーディーなアプリ開発の新時代)
knr109
3
4.3k
技術書を読む技術(JJUG CCC 2023 Fall)
yonetty
1
270
個人から始める開発生産性向上
takamin55
1
200
DMMプラットフォームにおけるコード品質を改善する取り組みの理想と現実
pospome
3
1.8k
Second-System Syndrome: A tale of power-assert
twada
PRO
9
3.5k

Featured

See All Featured
Understanding Cognitive Biases in Performance Measurement
bluesmoon
5
740
Raft: Consensus for Rubyists
vanstee
130
6k
A better future with KSS
kneath
230
16k
Producing Creativity
orderedlist
PRO
335
38k
Art Directing for the Web. Five minutes with CSS Template Areas
malarkey
197
11k
Designing on Purpose - Digital PM Summit 2013
jponch
108
6.2k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
53
33k
Creatively Recalculating Your Daily Design Routine
revolveconf
208
11k
Fireside Chat
paigeccino
18
2.3k
Bootstrapping a Software Product
garrettdimon
PRO
299
110k
From Idea to $5000 a Month in 5 Months
shpigford
376
45k
BBQ
matthewcrist
76
8.5k

Transcript

  1. Move Things From One Computer to Another,
    Safely
    Brian Warner
    magic-wormhole.io
    PyCon 2016

    View Slide

  2. me == Brian Warner
    • Buildbot, Foolscap, Versioneer
    • AllMyData: Tahoe-LAFS
    • Mozilla: Add-On SDK, Firefox Sync, Persona, Firefox Accounts
    • Today: Magic Wormhole
    [email protected]
    @lotharrr
    github.com/warner

    View Slide

  3. Magic-Wormhole: a
    File Transfer Program
    • Securely moves a file from one computer to another
    • or a directory, or a string
    • My claim: easier than all other secure tools
    • Especially for moving to an unrelated computer

    View Slide

  4. What It Looks Like
    pip install magic-wormhole

    View Slide

  5. What It Looks Like
    pip install magic-wormhole

    View Slide

  6. What It Looks Like
    pip install magic-wormhole

    View Slide

  7. Solved Problem?
    • What's wrong with the tools we currently use?

    View Slide

  8. "easily". "safely".
    dictate string
    to sender
    dictate string
    to receiver
    needs
    proximity
    eavesdroppers
    send email ~30 chars
    ISPs, CAs,
    internet
    upload to
    FTP/HTTP
    ~60 chars
    server, ISPs,
    CAs, internet
    dropbox ~60 chars Dropbox, CAs
    + URL
    shortener
    ~20 chars
    Shortening Service,
    lucky guessers,
    Dropbox, CAs
    USB drive X eww cooties
    SSH/scp
    ~740 char
    pubkey
    none
    magic
    wormhole
    ~20 chars none

    View Slide

  9. How Does It Work?
    • Rendezvous Message Exchange
    • PAKE, Key Agreement
    • IP Address Exchange
    • Transit Connection
    • Data Transfer

    View Slide

  10. Rendezvous Server
    typical code: 1-liberty-assume
    Channel
    ID

    View Slide

  11. PAKE-based Security
    P assword
    A uthenticated
    K ey
    E xchange
    1992: EKE
    1997: SRP
    2005: SPAKE2
    2008: J-PAKE

    View Slide

  12. SPAKE2
    diagram credit: Dan Boneh
    Alice Bob
    pw pw
    pip install spake2

    View Slide

  13. Security of PAKE
    • Weak Secret + Interaction == Strong Secret
    • Passive eavesdropper gets zero information
    • Active MitM gets one guess per protocol run
    • failed guess == zero information
    • failed guesses are visible to users

    View Slide

  14. Wormhole Codes
    2-company-spyglass
    Channel
    ID
    aardvark
    absurd
    accrue
    acme
    adrift
    adult
    afflict
    ahead
    aimless
    Algol
    allow
    alone
    ammo
    ancient
    apple
    artist
    assume
    Athens
    aardvark
    absurd
    accrue
    acme
    adrift
    adult
    afflict
    ahead
    aimless
    Algol
    allow
    alone
    ammo
    ancient
    apple
    artist
    assume
    Athens
    len(words)==256

    View Slide

  15. Single Use
    • Wormhole codes are single-use, forward-secure
    • Default code: 2 words * (256-word list) == 16 bits
    • 65536 possible codes, equally likely
    • User must retry 655 times before attacker has 1%
    chance of success

    View Slide

  16. Laziness Improves Security

    View Slide

  17. IP Address Exchange
    • Find addresses with ifconfig
    • Listen on TCP ports
    • Exchange addresses+ports
    • Try to connect, trade encrypted handshakes
    • First successful connection wins

    View Slide

  18. Data Relay Server

    View Slide

  19. Encrypted Transit
    • Provides encrypted record pipe
    • Uses NaCl SecretBox (Salsa20/Poly1305)
    • Keys are HKDF(masterkey, purpose)
    • Data is hashed (SHA256) during transit
    • Final ACK confirms the hash

    View Slide

  20. Library API
    w = wormhole(AppID, relay_url)
    w.set_code("1-peachy-seabird")
    w.send(b"hello")
    answer = w.get()

    View Slide

  21. Future Work
    • GUI, pre-packaged installers, browser extension
    • Negotiate better transports:
    • WebRTC, ICE/STUN, libutp
    • Tor Onion Services
    • Add SPAKE2 to libsodium
    • Port to other languages: JavaScript, Go, Rust

    View Slide

  22. Beyond File Transfer
    • Use this anywhere you need to deliver a credential
    • Provisioning new client devices
    • Pairing client devices to each other
    • Populating addressbook entries in
    communication/messaging systems

    View Slide

  23. Provisioning Clients
    Old New
    Type password into server
    Type password into client
    Get Wormhole code from server
    Type code into client

    View Slide

  24. Messaging Apps
    Old New
    Alice sends public key to server
    Bob asks server for Alice's key
    Alice shows Wormhole code to
    Bob
    Bob gets Alice's key from Alice
    (via wormhole)

    View Slide

  25. Add PAKE to your Toolbox
    • Cryptographic tools disseminate too slowly
    • We need good examples, compelling use cases,
    helpful libraries
    • File transfer is a foot in the door. PAKE is the rest.

    View Slide

  26. Magic-Wormhole
    Move Things From One Computer to Another,
    Safely
    Brian Warner
    https://github.com/warner/magic-wormhole
    [email protected]
    Thanks To: Rackspace, Twisted, Glyph, djb, 2255-19
    @lotharrr
    magic-wormhole.io
    pip install magic-wormhole

    View Slide