[HN Gopher] Hyperbeam: A 1-1 E2E encrypted internet pipe powered...
___________________________________________________________________
Hyperbeam: A 1-1 E2E encrypted internet pipe powered by Hyperswarm
Author : thinkmassive
Score : 92 points
Date : 2020-12-13 15:27 UTC (7 hours ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| bno1 wrote:
| How does this deal with carrier NAT?
| pfraze wrote:
| The Hyperswarm DHT has a hole-punching protocol
| zaroth wrote:
| It seems the difference between this and spiped is that this has
| a discovery protocol (DHT) and NAT hole punching.
|
| Not sure how it compares to Magic Wormhole and the like.
| walrus01 wrote:
| it appears magic wormhole requires both clients to use a fixed
| known "mailbox" server (its own separate daemon) to communicate
| with and discover each other.
| lucb1e wrote:
| You don't need any server / daemon for magic wormhole. You
| can apt install it and just invoke the command without any
| server or setup.
|
| Might the difference be that this is more about bidirectional
| communication and magic wormhole is unidirectional and
| specifically for file transfer?
| wiml wrote:
| Magic-wormhole does require a server, although it isn't a
| very demanding job. Brian Warner runs the default server.
| lucb1e wrote:
| This also requires a DHT though, it's not as if hyperbeam
| can work completely without third party systems. You'll
| need someone to run your default server somewhere either
| way.
| rcakebread wrote:
| Reminds me of skypipe, from 8 years ago:
| https://github.com/progrium/skypipe
|
| Used to work with a free dotcloud account, from the defunct
| company that started Docker.
| fwip wrote:
| I've been playing around with this, and it's pretty cool. Say I
| want to share a single file with a developer - maybe it's a
| config file, or a simple script, or a secret token. I would run:
| hyperbeam hey-jane-here-you-go < mygoodfile.txt
|
| And Jane would run, on her end: hyperbeam hey-
| jane-here-you-go > fwips-good-file.txt
|
| Note that the existence of npx makes this even simpler! You can
| tell your friend over discord "Hey, type in: 'npx hyperbeam hey-
| jane-here-you-go' and you'll get what I'm sending you. :)"
|
| Note that "hey-jane-here-you-go" is effectively a one-time
| passphrase that I'm using, and will only be sent to computers
| listening for that exact passphrase at the time you send it. If
| you're sending military secrets, you might need to use very long
| and complicated passphrases. But if you're sending a cat picture,
| you could probably use "for-jane" without risk of collision.
| walrus01 wrote:
| From the documentation for hyperswarm, it appears the 'topic'
| (the shared secret) is limited to 32 bytes, so I don't see how
| that can be used for a very long crypto key.
| anchpop wrote:
| Is 256 bits not enough? I'm curious what the standard is
| linuxdude314 wrote:
| This makes very little sense to me. Are you proposing to make
| your own router or switch with this stack in it, or add it onto
| an Arista or something?
|
| What problem is this solving? Normally things like transit don't
| have encryption because it occurs at a higher level.
|
| To me it seems advantageous to keep the pipes dumb, curious of
| the rational behind this.
| viraptor wrote:
| > What problem is this solving?
|
| You have two machines on networks you don't know/control and no
| established identities/accounts. You want to pipe some data
| between them without setting up a more permanent network like
| ZeroTier with SSH or other access.
|
| > Normally things like transit don't have encryption because it
| occurs at a higher level.
|
| OpenVPN, IPsec, nebula, ZeroTier, Hamachi, and many others
| would disagree.
| Throwaway1771 wrote:
| Yeah, I'd be curious to see plaintext pros and cons between
| this and a quick Wireguard 1:1.
| tangent128 wrote:
| tl;dr: Hyperbeam is roughly a netcat tunnel that connects
| via a DHT topic instead of network address; use it where
| you want a secure one-off tunnel. (for example, to transfer
| a key for Wireguard)
|
| Wireguard:
|
| + Can tunnel arbitrary IP traffic
|
| ~ Has stricter encryption, with full asymmetric keys (and
| optionally adding a symmetric key)
|
| - requires permissions to load a kernel module and
| configure the network stack
|
| Hyperbeam:
|
| + Only needs userland UDP sockets, not a kernel module
|
| ~ Derives its keys from a passphrase, so does not require
| transferring a full cryptographic key between devices
|
| - is a single application-layer pipe, applicable in shell
| workflows but not transparently tunneling arbitrary
| applications
| walrus01 wrote:
| > Are you proposing to make your own router or switch with this
| stack in it,
|
| this has nothing to do with that, to me this looks like the
| same general concept as using netcat (nc) to pipe text, but
| with auto discovery and encryption.
___________________________________________________________________
(page generated 2020-12-13 23:01 UTC)