[HN Gopher] Hyperbeam: A 1-1 E2E encrypted internet pipe powered... ___________________________________________________________________ Hyperbeam: A 1-1 E2E encrypted internet pipe powered by Hyperswarm Author : thinkmassive Score : 92 points Date : 2020-12-13 15:27 UTC (7 hours ago) (HTM) web link (github.com) (TXT) w3m dump (github.com) | bno1 wrote: | How does this deal with carrier NAT? | pfraze wrote: | The Hyperswarm DHT has a hole-punching protocol | zaroth wrote: | It seems the difference between this and spiped is that this has | a discovery protocol (DHT) and NAT hole punching. | | Not sure how it compares to Magic Wormhole and the like. | walrus01 wrote: | it appears magic wormhole requires both clients to use a fixed | known "mailbox" server (its own separate daemon) to communicate | with and discover each other. | lucb1e wrote: | You don't need any server / daemon for magic wormhole. You | can apt install it and just invoke the command without any | server or setup. | | Might the difference be that this is more about bidirectional | communication and magic wormhole is unidirectional and | specifically for file transfer? | wiml wrote: | Magic-wormhole does require a server, although it isn't a | very demanding job. Brian Warner runs the default server. | lucb1e wrote: | This also requires a DHT though, it's not as if hyperbeam | can work completely without third party systems. You'll | need someone to run your default server somewhere either | way. | rcakebread wrote: | Reminds me of skypipe, from 8 years ago: | https://github.com/progrium/skypipe | | Used to work with a free dotcloud account, from the defunct | company that started Docker. | fwip wrote: | I've been playing around with this, and it's pretty cool. Say I | want to share a single file with a developer - maybe it's a | config file, or a simple script, or a secret token. I would run: | hyperbeam hey-jane-here-you-go < mygoodfile.txt | | And Jane would run, on her end: hyperbeam hey- | jane-here-you-go > fwips-good-file.txt | | Note that the existence of npx makes this even simpler! You can | tell your friend over discord "Hey, type in: 'npx hyperbeam hey- | jane-here-you-go' and you'll get what I'm sending you. :)" | | Note that "hey-jane-here-you-go" is effectively a one-time | passphrase that I'm using, and will only be sent to computers | listening for that exact passphrase at the time you send it. If | you're sending military secrets, you might need to use very long | and complicated passphrases. But if you're sending a cat picture, | you could probably use "for-jane" without risk of collision. | walrus01 wrote: | From the documentation for hyperswarm, it appears the 'topic' | (the shared secret) is limited to 32 bytes, so I don't see how | that can be used for a very long crypto key. | anchpop wrote: | Is 256 bits not enough? I'm curious what the standard is | linuxdude314 wrote: | This makes very little sense to me. Are you proposing to make | your own router or switch with this stack in it, or add it onto | an Arista or something? | | What problem is this solving? Normally things like transit don't | have encryption because it occurs at a higher level. | | To me it seems advantageous to keep the pipes dumb, curious of | the rational behind this. | viraptor wrote: | > What problem is this solving? | | You have two machines on networks you don't know/control and no | established identities/accounts. You want to pipe some data | between them without setting up a more permanent network like | ZeroTier with SSH or other access. | | > Normally things like transit don't have encryption because it | occurs at a higher level. | | OpenVPN, IPsec, nebula, ZeroTier, Hamachi, and many others | would disagree. | Throwaway1771 wrote: | Yeah, I'd be curious to see plaintext pros and cons between | this and a quick Wireguard 1:1. | tangent128 wrote: | tl;dr: Hyperbeam is roughly a netcat tunnel that connects | via a DHT topic instead of network address; use it where | you want a secure one-off tunnel. (for example, to transfer | a key for Wireguard) | | Wireguard: | | + Can tunnel arbitrary IP traffic | | ~ Has stricter encryption, with full asymmetric keys (and | optionally adding a symmetric key) | | - requires permissions to load a kernel module and | configure the network stack | | Hyperbeam: | | + Only needs userland UDP sockets, not a kernel module | | ~ Derives its keys from a passphrase, so does not require | transferring a full cryptographic key between devices | | - is a single application-layer pipe, applicable in shell | workflows but not transparently tunneling arbitrary | applications | walrus01 wrote: | > Are you proposing to make your own router or switch with this | stack in it, | | this has nothing to do with that, to me this looks like the | same general concept as using netcat (nc) to pipe text, but | with auto discovery and encryption. ___________________________________________________________________ (page generated 2020-12-13 23:01 UTC)