Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Brian Warner - Magic Wormhole: Simple Secure File Transfer

Brian Warner - Magic Wormhole: Simple Secure File Transfer

"magic-wormhole" is a simple tool to move files from one computer to another, like "scp" but without the setup. By telling the recipient just a few secret words, the file is safely encrypted and delivered directly to the correct machine. The talk will explain the security mechanics, the cryptography (NaCl and SPAKE2), and how to use the underlying open-source library in your own applications.


PyCon 2016

May 29, 2016

More Decks by PyCon 2016

Other Decks in Programming


  1. me == Brian Warner • Buildbot, Foolscap, Versioneer • AllMyData:

    Tahoe-LAFS • Mozilla: Add-On SDK, Firefox Sync, Persona, Firefox Accounts • Today: Magic Wormhole [email protected] @lotharrr github.com/warner
  2. Magic-Wormhole: a File Transfer Program • Securely moves a file

    from one computer to another • or a directory, or a string • My claim: easier than all other secure tools • Especially for moving to an unrelated computer
  3. "easily". "safely". dictate string to sender dictate string to receiver

    needs proximity eavesdroppers send email ~30 chars ISPs, CAs, internet upload to FTP/HTTP ~60 chars server, ISPs, CAs, internet dropbox ~60 chars Dropbox, CAs + URL shortener ~20 chars Shortening Service, lucky guessers, Dropbox, CAs USB drive X eww cooties SSH/scp ~740 char pubkey none magic wormhole ~20 chars none
  4. How Does It Work? • Rendezvous Message Exchange • PAKE,

    Key Agreement • IP Address Exchange • Transit Connection • Data Transfer
  5. PAKE-based Security P assword A uthenticated K ey E xchange

    1992: EKE 1997: SRP 2005: SPAKE2 2008: J-PAKE
  6. Security of PAKE • Weak Secret + Interaction == Strong

    Secret • Passive eavesdropper gets zero information • Active MitM gets one guess per protocol run • failed guess == zero information • failed guesses are visible to users
  7. Wormhole Codes 2-company-spyglass Channel ID aardvark absurd accrue acme adrift

    adult afflict ahead aimless Algol allow alone ammo ancient apple artist assume Athens aardvark absurd accrue acme adrift adult afflict ahead aimless Algol allow alone ammo ancient apple artist assume Athens len(words)==256
  8. Single Use • Wormhole codes are single-use, forward-secure • Default

    code: 2 words * (256-word list) == 16 bits • 65536 possible codes, equally likely • User must retry 655 times before attacker has 1% chance of success
  9. IP Address Exchange • Find addresses with ifconfig • Listen

    on TCP ports • Exchange addresses+ports • Try to connect, trade encrypted handshakes • First successful connection wins
  10. Encrypted Transit • Provides encrypted record pipe • Uses NaCl

    SecretBox (Salsa20/Poly1305) • Keys are HKDF(masterkey, purpose) • Data is hashed (SHA256) during transit • Final ACK confirms the hash
  11. Future Work • GUI, pre-packaged installers, browser extension • Negotiate

    better transports: • WebRTC, ICE/STUN, libutp • Tor Onion Services • Add SPAKE2 to libsodium • Port to other languages: JavaScript, Go, Rust
  12. Beyond File Transfer • Use this anywhere you need to

    deliver a credential • Provisioning new client devices • Pairing client devices to each other • Populating addressbook entries in communication/messaging systems
  13. Provisioning Clients Old New Type password into server Type password

    into client Get Wormhole code from server Type code into client
  14. Messaging Apps Old New Alice sends public key to server

    Bob asks server for Alice's key Alice shows Wormhole code to Bob Bob gets Alice's key from Alice (via wormhole)
  15. Add PAKE to your Toolbox • Cryptographic tools disseminate too

    slowly • We need good examples, compelling use cases, helpful libraries • File transfer is a foot in the door. PAKE is the rest.
  16. Magic-Wormhole Move Things From One Computer to Another, Safely Brian

    Warner https://github.com/warner/magic-wormhole [email protected] Thanks To: Rackspace, Twisted, Glyph, djb, 2255-19 @lotharrr magic-wormhole.io pip install magic-wormhole