[HN Gopher] Magic Wormhole: Get things from one computer to anot... ___________________________________________________________________ Magic Wormhole: Get things from one computer to another, safely Author : jstanley Score : 168 points Date : 2021-05-24 08:37 UTC (14 hours ago) (HTM) web link (github.com) (TXT) w3m dump (github.com) | anotherhue wrote: | Magic Wormhole is one of my absolute favourite tools. | | see also https://wormhole.app/ | gidam wrote: | to avoid confusion Ferros should have chosen a different and | better name, considering that magic-warmhole is an older | project doing more or less the same thing (with different and | better technology and it's real free software) | CobrastanJorji wrote: | That seems like a wonderful service, but if it allows up to 100 | downloads over 24 hours, I kind of worry that it's gonna get | massively abused for nefarious purposes. It's not quite | "publicly writable S3 bucket" abusable, but it's close. | atonse wrote: | Is this open source? How do we know it's doing as advertised? | [deleted] | lotharrr wrote: | For (my) magic-wormhole, yep, entirely, source is on the | github link above. | | It uses a pair of helper servers (that I run), for which the | source is also on github. But the protocol (implemented in | the client, not the server) is carefully designed to be | resistant against server misbehavior. | | So you can either study the client and convince yourself the | protocol is indeed secure, or rely upon my claims that my | code is working as advertised. But you don't need to rely | upon my claims that my servers are not snooping or | interfering: that's protected by the protocol. | noahmasur wrote: | They're actually different projects. | | This is what I could find for wormhole.app source: | https://github.com/SocketDev/wormhole-crypto | lotharrr wrote: | (author of magic-wormhole here) | | aww, thanks :) | | BTW for anyone reading, https://wormhole.app/ is awesome and | serves a very similar purpose, but uses entirely different | technology (no PAKE) and has a different security model. | | In my (https://magic-wormhole.io) world, we've kicked around | ways to make a good browser-based client (and I've tried to | prepare the protocols to work well there), but I haven't had | time to pursue any of them. The tasks include 1: port | everything to JS (or take the core of the Rust port and compile | it to WASM, then write an IO layer in JS), 2: glue it to the | browser's file/blob upload/download APIs, 3: settle on a | trusted-application security model. | | To make it work in a vanilla browser with no setup phase, | you're pretty much limited to relying upon the webserver from | which you get the page, which is the model wormhole.app | provides. Other options include using an addon (which shifts | the reliance set slightly), or running some sort of Electron | thing (making it not really a browser app) that you get from | some distribution channel (debian, homebrew, etc) which shifts | the reliance set in a better direction.. at least you're | probably getting the same application as everybody else using | that distribution, vs a webserver that could conceivably serve | up a different version each time. | throwaway67114 wrote: | Edit: sorry made some blunder. You are Brian, just saw on | your profile. | lotharrr wrote: | Edit: no worries, I just added it there a minute ago, | didn't realize I'd left that box blank. | | I'm Brian Warner. | ccmcarey wrote: | FYI looks like magic-wormhole.io doesn't listen on 443, only | on port 80 (which redicts to github). | tptacek wrote: | For what it's worth, and I know you're not looking for this | fight, but I think it's important: | | There is a world of difference between what Magic Wormhole | can promise and what Wormhole.app can promise. Magic Wormhole | relies entirely on clientside cryptography; once you have it | installed, you can trust that it's doing what it says on the | tin. Which means you can reasonably use it operationally. | | "Wormhole.app" --- which has a frustrating name, given the | distinction --- demands that you trust the server, since the | server can on every transaction defeat the cryptography | you're using. | | If someone owns up a Magic Wormhole relay server, there's not | much they can plausibly do to intercept the files you send. | But if someone owns up Wormhole.app, they can, I believe, | quietly pick up and store people's files. | | Incidentally, apropos none of this: I've been using the | Golang https://github.com/psanford/wormhole-william port on | some of my machines for a year now, interoperating with the | standard Python Magic Wormhole, and it works great. | | Magic Wormhole is an achievement. I wrote a blog post about | modern cryptographic tools, and what I have to say about | Magic Wormhole is that everyone I've introduced to it | immediately starts wormholing all sorts of stuff; it's kind | of addictive. Thanks for designing it! | mynameisash wrote: | I _really_ want to see the Rust version get more mature and | see this made into a browser plugin. I keep mulling over | trying to help out with the project, at least on the Rust | side (since I know nothing about WASM). | psanford wrote: | There are some folks who have a fork of Wormhole William that | runs in the browser (via wasm) and uses a websocket based | relay (keeping the rest of the Magic Wormhole protocol the | same): https://github.com/psanford/wormhole-william/pull/49 | [deleted] | ghostly_s wrote: | Didn't Mozilla have a project similar to this a few years back | that was discontinued? | HanayamaTriplet wrote: | I believe you're thinking of Firefox Send: | https://support.mozilla.org/en-US/kb/what-happened-firefox-s... | Fiahil wrote: | As always, the most difficult problem is not sending files | between computers, but between smartphones, tablets and | computers. | | I'm still looking for a solution I could use to share pictures | and PDF files from Android phones to iPads and Laptops using the | "share" modal and completely self-hosted... | shepherdjerred wrote: | I use Resilio Sync for this purpose. It uses a peer-to-peer | model, it's free, and it works well enough. If you want it | available 24/7 without relying on peers being online then you | can install the application on a cheap Kimsufi VPS. | | https://www.resilio.com/individuals/ | alcover wrote: | I use yopp for this. It's just a very crude local server with a | file picker. | | https://github.com/josephernest/Yopp | tptacek wrote: | _There 's no security, so everyone who has the URL can | download your last file (well, not if you downloaded it, | because then it will be automatically deleted on server). | Why? Because sometimes you just want a quick solution for | non-sensitive/personal data, rather than a super secure | solution that would take 2 minutes (go to Gmail on phone, | enter login, enter password, upload file, go to Gmail on | computer, enter login, enter password, download the | file...)*_ | Fiahil wrote: | As many others: not working with the share modal. | | > This tool requires a total number of 7 actions to get the | work done | | What the hell?! | smusamashah wrote: | On Android, you can install croc in Termux and send files to | any other platform with croc installed. | Fiahil wrote: | Yes, sure, but it's not working with the share modal. It's | not what I'm looking for. | somethingwitty1 wrote: | Maybe overkill for you use-case, but something such as | NextCloud could be used: https://nextcloud.com/ | | I use this for cross-family backup and sharing. My main use- | case is getting my photos from my phone to my desktop. | StavrosK wrote: | NextCloud is great if you need Dropbox-like functionality. | For straight-up syncing of a single directory, or multiple | single directories, SyncThing is fantastic. | Fiahil wrote: | Syncthing doesn't have an iOS app, and nextcloud is not | what I'm looking for. | orthecreedence wrote: | I use Matrix/Element for this (via encrypted channels | obviously) all the time. | SilverRed wrote: | For small files this is probably fine but you are keeping | those files stored on the matrix server forever which costs | them a fair bit. | Fiahil wrote: | I haven't tried this one, but, like the ftp solution, I think | the ux would be clunky | [deleted] | velosol wrote: | I've used Total Commander's Send to Wifi [1] before and found | it workable for that use case (where both are on the same WiFi | network; presumably you could use a hotspot for a place without | WiFi at all). | | [1]: https://www.ghisler.com/androidplugins/wifi/ | lucgommans wrote: | I made https://dro.pm for this. You get a link like dro.pm/h | which is short enough to even share over the phone or tell | someone at a conference to open. Not like chat apps where you | have to be connected to the other person first (even if that is | yourself, need to navigate to that chat) and no need to install | any software. It's made to be fast on any connection (e.g. by | allocating the link before you even entered any data), and due | to being ephemeral it's also less prone to being used for | phishing like other link shorteners are. | | It auto-detects when you enter a link, otherwise treats text | inputs as a pastebin, you can ctrl+v an image, and it has file | uploads up to a few gigabytes. Code is on github | (https://github.com/lgommans/dro.pm/) though I still have to | change the license to be more permissive (I've decided that I | won't pursue this as a commercial thing, just open a ticket if | you want me to change the license sooner than whenever I work | on this next). Viewing uploaded files instead of downloading is | also possible for image/audio/video mime-types by adding | /preview to any link. | | You can also use it from the command line if you're on a | keyboard+terminal-only machine, e.g. just `wget -L | dro.pm/h.txt` to download the uploaded file (the links accept | an arbitrary .extension) or for uploading from the command line | there is a bash one-liner contained in the page source itself, | see: `curl https://dro.pm | head` | | Made a mistake and uploaded something private or want to edit | the link? Just click delete on the website, or on the command | line you can use the token that you get when creating a new | link. | shkkmo wrote: | That isn't self hosted and it appears that all the data you | send will be exposed to dro.pm | lucgommans wrote: | Should I package it as a .deb, or what makes something | self-hosted? The code is already on github: | https://github.com/lgommans/dro.pm/ (link was buried in the | text - I had a hard time prioritizing what people would | want to read first, since that depends on your use-case). | | I guess magic wormhole is the wrong context to be making | this argument in since everyone's primed for peer to peer | now, but in general, yeah when using dro.pm it will need to | put your data on dro.pm, similar to how pastebin stores | your data when you use pastebin. It otherwise (and that's | why I made this design decision) couldn't work after you | close the tab, making it much less suitable for most of the | intended use-cases. If you want peer to peer file transfer, | you could have a look at https://file.pizza (not made by | me) | shkkmo wrote: | You license is non-standard and does not appear to permit | self hosting. | | This appears to me much more like blantant self promotion | rather than attempt to participate in the discussion. | Your tool has none of the requested features (self hosted | file transfer using the native share dialog.) | lucgommans wrote: | Again, I already wrote: | | > though I still have to change the license to be more | permissive (I've decided that I won't pursue this as a | commercial thing, just open a ticket if you want me to | change the license sooner than whenever I work on this | next). | | Guess that'll have to be now then. Getting this sort of | crap is what makes me wonder why I bother putting this | work out there in the first place. | Fiahil wrote: | This starts to become a little bit repetitive, so I'll keep | it short: no share modal, no Android/iOS, not self-hosted | lucgommans wrote: | It starts to become a little repetitive, so I'll cite from | what I replied to the sibling comment: | | > Should I package it as a .deb, or what makes something | self-hosted? The code is already on github: | https://github.com/lgommans/dro.pm/ (link was buried in the | text - I had a hard time prioritizing what people would | want to read first, since that depends on your use-case). | | As for no mobile app: how much faster is it going to get | than opening the browser that's already on everyone's | homescreen and typing a 7-8 character link? Or if you self- | host it, you can host it on your own TLD like https://me/ | | And there is a share modal for Android, actually. | jandrese wrote: | There is no technical reason sending files should be difficult, | the problem is entirely political. A file transfer service that | works too well immediately becomes a hotbed of porn, warez, | rips, etc... Then it gets sued and/or shut down by the | authorities. So all file services have to suck in specific ways | to discourage abuse. The trick is to find the one that sucks in | ways that aren't as much of an issue for your use case. | Fiahil wrote: | My fundamental requirement is for it to be self hosted. | Therefore the porn and warez are absolutely not an issue. | PaulDavisThe1st wrote: | There's a fairly significant difference between 1:N file | transfer (1 person "sends", N "recieve") and 1:1 file | transfer. What you say seems like a good summary of the | issues for 1:N, but not particularly relevant for 1:1 | offtop5 wrote: | Any reason FTP doesn't work ? I imagine you could run an FTP | server on a Raspberry Pi | jandrese wrote: | Being completely plaintext makes it unacceptable for many use | cases in the modern world. It's also a touch more complicated | than it needs to be for the standard use case. Binary vs. | ASCII transfer mode (and ASCII is the default most of the | time even though it only very rarely makes sense). Plus the | whole passive vs. active mode thing. Too many footguns and no | security rule it out. | lucgommans wrote: | If you're running FTP as plaintext you're indeed doing it | wrong, I'm not sure that that must be what GP meant. Not as | if we explicitly mention (START)TLS for every other | protocol that supports it. | SilverRed wrote: | You can't have secure FTP without a certificate and you | can't have a certificate without DNS/domain names unless | you want to manually add certificates around which is bad | UX again. | | The ideal situation would be some universal airdrop which | will never happen. The next easiest solution is to use | cloud storage and send a link to the other person. | Fiahil wrote: | Ftp could work, but the ux is very bad | offtop5 wrote: | Then you could just implement your own client. There are | already dozens of not hundreds of FTP clients for any | device you could imagine, if you don't like the ux take an | open source one and clean it up a bit. | INTPenis wrote: | I host my own Firefox Send instance for this purpose. | | https://gitlab.com/timvisee/send (a fork of the original code) | Fiahil wrote: | Too bad, it's missing an iOS client :( | psanford wrote: | I have a Magic Wormhole client for Android that I wrote for the | occasional sensitive file transfer to and from my phone[0]. I | was planning on adding iOS support as well, but Apple's general | hostility toward open source apps discouraged me enough to not | want to work on that. | | [0]: https://github.com/psanford/wormhole-william-mobile | amelius wrote: | The best thing to work on if you hate Apple is probably an | iOS emulator. | psanford wrote: | What? I don't hate Apple. | cmurf wrote: | I recently spent 15 minutes trying to figure out how to get | Android to connect via smb, couldn't figure it out. It's such a | stupid PITA it's almost by design and "yeah just use the | cloud". | squarefoot wrote: | Android, just like iOS, was designed with the idea of turning | the user into a customer for products and services, therefore | many things that we take for granted on desktop PCs, often | even free, under those mobile OSes are either non existing or | proprietary, filled with adware etc. By becoming mainstream | they pretty much destroyed decades of efforts in bringing | free and open source and standards to the masses. | charlesdaniels wrote: | Agreed. Especially on iOS, there isn't really a convenient way | to do this. I'd love something that uses an ssh key pair to | accept files from the "share" dialog and have them end up in | ~/Desktop. I tried hacking something with Shortcuts, but | couldn't get it working. | cturtle wrote: | Linux Mint's "Warpinator" [0] is a newer project and has worked | well for my needs. Very easy to send files to and from my | android phone to Linux. | | [0]: https://github.com/linuxmint/warpinator | Fiahil wrote: | And how would I use : a) the share modal b) an iPad? | obloid wrote: | I've been using KDE connect recently and it's great for moving | files between my phone and laptop. Another fun feature is | sharing a url from the phone to the laptop and it opens the | browser to the page. I don't know of any similar software but | being able to do the same thing between iOS and android would | be great. | TheAdamAndChe wrote: | I second this. File transfers between my phone and computer | are seamless and quick. I can even use it to find my phone | when I use it. It is rare to find open source software that | Just Works, and KDE Connect is one of these rare gems that | does so. | j-james wrote: | I second KDE Connect. Despite the name, it's not limited to | KDE by any means - there's implementations for Windows, | MacOS, and even GNOME Shell. It's very straightforward to set | up and has a bunch of other features besides file transfer, | like using your phone as a touchpad, sending SMS messages | from the desktop, or pinging either device. | Fiahil wrote: | Would have been a strong contender if it had an iOS client | sidpatil wrote: | I use Snapdrop (https://snapdrop.net/) to transfer files | between my iPhone and my Linux laptop. It offers a self-hosting | option, and there are apps for Android and iOS available | (though I've only used the Web interface). | Fiahil wrote: | I used snapdrop as well, but it's not working with the share | modal on phones. This means it's not what I am looking for! | | The primary use case is for me to share PDF scans made with | my iPad/phone with my laptop. The second use case is for | sharing screenshots of my laptop with others on my favorite | messenger. | 12ian34 wrote: | maybe Syncthing (for Android, ideally syncthing-fork via | F-Droid) will work for you. Share modal, cross platform, works | with or without a centralised server. | oldfart2 wrote: | Have you heard of the command scp? It comes standard on most | distros. | andrewnicolalde wrote: | That requires opening a port if you intend to perform a | transfer over the internet :) | [deleted] | Noumenon72 wrote: | Is this suitable for transferring files I own off a work computer | without getting in trouble? My notes files have gotten too | numerous for the amount my work will let me email as one zip | file. | throwaway67114 wrote: | Doesn't zip software such as 7zip support splitting of | compressed files into as many pieces as you like and then | rejoin them when you want? | hnnnnnnng wrote: | How many of these webrtc peer to peer file sharing sites are we | going to have? I swear there are hundreds at this point. None of | them offer anything different than each other. Sure, it's a great | project for a frontend dev to throw together on a weekend. But | that's about it | dennis-tra wrote: | Magic wormhole isn't strictly peer to peer nor uses WebRTC as | the traffic is routed through a relay server. This was my | motivation to build one of these hundreds file sharing tools | [0]. My aim was to build a truly decentralised file sharing CLI | as basically a drop-in replacement for croc/magic-wormhole - so | it seems relevant to mention it here. It's based on libp2p and | comes with its own trade offs. | | lotharrr (the author of magic-wormhole) gave kind and valuable | feedback when I posted it on HN [1]. | | [0] https://github.com/dennis-tra/pcp | | [1] https://news.ycombinator.com/item?id=26127923 | brink wrote: | There are a lot of them because they're fun to write. NES | emulators are another example. | tgsovlerkhgsel wrote: | Did you read the link? | | This is a cli application. I am not aware of them also offering | a web site, although that would certainly be a great addition. | byproxy wrote: | See also: https://github.com/schollz/croc | pmccarren wrote: | I'm a huge fan of croc! Even just for the sake of a single | binary, but there's so much more to love about it. | tptacek wrote: | Note upthread about the security track record, though. | IanCal wrote: | I'm a little confused about the security model - with a default | middle server and a 1/65536 chance of guessing the password, | isn't it fairly likely it could be guessed? Or just a clash of | passwords (birthday paradox)? | | I think I'm probably missing something. | alecst wrote: | Here's a link from Brain Warner (the author) talking about | that: | | https://www.youtube.com/watch?v=oFrTqQw0_3c&t=1775s | | Hope it helps, it's a good question. | tptacek wrote: | In addition to what everyone else here points out, you can also | set an arbitrarily long code, to make that probability as low | as you want; you're looking for the `-c` option. | ptomato wrote: | You only get one shot at guessing it per transmission attempt. | gojomo wrote: | Indeed, and as the docs (https://magic- | wormhole.readthedocs.io/en/latest/welcome.html...) explain, | you'd likely notice an active attack, and the paranoid can | choose any arbitrarily-longer code: | | > PAKE effectively trades off interaction against offline | attacks. The only way for a network attacker to learn the | shared key is to perform a man-in-the-middle attack during | the initial connection attempt, and to correctly guess the | code being used by both sides. Their chance of doing this is | inversely proportional to the entropy of the wormhole code. | The default is to use a 16-bit code (use -code-length= to | change this), so for each use of the tool, an attacker gets a | 1-in-65536 chance of success. As such, users can expect to | see many error messages before the attacker has a reasonable | chance of success. | | (It does strike me, however, that if a 'mailbox server' | becomes heavily used, with many pending-but-incompleted | wormholes, then an attacker making random guesses might | manage to receive _someone 's_ random file, instead of the | real intended-recipient. Perhaps the sending-side should | optionally require an interactive sender-ack, after showing | for confirmation a receiver-generated unique secret? In any | case: using a longer code, and/or using a private mailbox, | could each help eradicate such risks.) | psanford wrote: | You also don't have to use words from the default | dictionary. You can specify your own code. | callahad wrote: | > _Perhaps the sending-side should optionally require an | interactive sender-ack_ | | Check out the `--verify` flag for `wormhole send` and | `wormhole receive` | jsnell wrote: | Previous discussion, including two frontpage submissions this | year: | | https://news.ycombinator.com/item?id=9953767 | | https://news.ycombinator.com/item?id=14649727 | | https://news.ycombinator.com/item?id=24702975 | | https://news.ycombinator.com/item?id=27237536 | dang wrote: | Thanks! Here's a formatted list. (I think we'll probably just | make HN's software automatically render links to past threads | this way--I can't think of any downsides.) | | _Magic-Wormhole: Get Things from One Computer to Another, | Safely_ - https://news.ycombinator.com/item?id=27237536 - May | 2021 (4 comments) | | _Magic-Wormhole: Get Things from One Computer to Another, | Safely_ - https://news.ycombinator.com/item?id=24702975 - Oct | 2020 (9 comments) | | _Ask HN: What is your favorite method of sending large files?_ | - https://news.ycombinator.com/item?id=24351111 - Sept 2020 | (354 comments) | | _Ask HN: A more convinient Magic Wormhole alternative?_ - | https://news.ycombinator.com/item?id=21352217 - Oct 2019 (3 | comments) | | _Magic-Wormhole - Get things from one computer to another, | safely_ - https://news.ycombinator.com/item?id=14649727 - June | 2017 (179 comments) | | _Get things from one computer to another, safely_ - | https://news.ycombinator.com/item?id=9953767 - July 2015 (15 | comments) | alexjplant wrote: | This was a solved problem 25 years ago... pcAnywhere could do | this between any two Windows machines [1] provided you had the | requisite cable. It was a yellow 25-pin DSub (i.e. parallel port) | cable. Yellow is one of the fastest colors right up there with | Ferrari Red and I do seem to remember getting speeds that were | quite a bit faster than our 56k modem was capable of :P | | [1] | https://socket3.wordpress.com/2017/04/07/pcanywhere32-3-thin... | mahathu wrote: | I use a Telegram (web) chat with myself for sharing files across | devices occasionally and it works exceptionally well. | sorenjan wrote: | You can also use python and any kind of http download tool | (browser, curl). Works well within a local network, or if you | have control over your firewall. python -m | http.server 8000 | jstanley wrote: | There are 2 obvious problems with this approach that Magic | Wormhole fixes: | | 1. you can't start downloading on the other side until the | upload is complete - for large transfers this is a significant | delay | | 2. the Telegram operators can read your files | suifbwish wrote: | Telegram is end to end encrypted | ycombinete wrote: | Not by default | SilverRed wrote: | And only on mobile so the web client can never be | encrypted. | throwaway67114 wrote: | The only thing end to end encrypted in Telegram is 1 on 1 | mobile chats and calls, and you have to explicitly enable | it. | pmccarren wrote: | I'm a huge fan of croc[0]. Very similar to Magic Wormhole, but a | bit more flexible and written in go. | | Straight from the README: | | > croc is a tool that allows any two computers to simply and | securely transfer files and folders. AFAIK, croc is the only CLI | file-transfer tool that does all of the following: | | - allows any two computers to transfer data (using a relay) | | - provides end-to-end encryption (using PAKE) | | - enables easy cross-platform transfers (Windows, Linux, Mac) | | - allows multiple file transfers | | - allows resuming transfers that are interrupted | | - local server or port-forwarding not needed | | - ipv6-first with ipv4 fallback | | - can use proxy, like tor | | refs: | | [0]https://github.com/schollz/croc | WhatIsDukkha wrote: | Sadly croc lacks "wormhole ssh invite" which is about 90% of my | use of wormhole. | CobrastanJorji wrote: | That sounds super useful, but I don't see it mentioned in the | documentation anywhere. I found it in the source code, | though. Looks like it allows a remote user to add credentials | to an authorized_keys file? | WhatIsDukkha wrote: | From the docs - | | """ wormhole ssh --help Usage: wormhole ssh [OPTIONS] | COMMAND [ARGS]... Facilitate | sending/receiving SSH public keys | | Options: --help Show this message and exit. | | Commands: accept Send your SSH public-key In response to a | 'wormhole ssh invite'... invite Add a public-key to a | ~/.ssh/authorized_keys file """ | psanford wrote: | Croc has a history of major security vulnerabilities. | throwaway67114 wrote: | croc probably shouldn't be used if you want security: | | [1] https://news.ycombinator.com/item?id=27054885 | | [2] https://twitter.com/Sc00bzT/status/1396199915638992896 | | Magic Wormhole has a good implementation in Go, which is | compatible with the original Python implementation (croc is not | compatible with magic wormhole). It has windows binary and | binaries for most of the popular OS. | | https://github.com/psanford/wormhole-william | | Binaries: https://github.com/psanford/wormhole-william/releases | | There's GUI: https://github.com/Jacalz/wormhole-gui | | Android app too: https://github.com/psanford/wormhole-william- | mobile | | Support for resuming transfers is planned I think. | tobias2014 wrote: | In a sense it is good when people actually check opensource | software for security vulnerabilities, and these get fixed, | no? There would only be reason of concern if a project shows | overall continued sloppiness, but I'm not aware of that for | croc. Correct me if I'm wrong. | ptomato wrote: | See also the (compatible, same middle server by default) golang | port, https://github.com/psanford/wormhole-william, complete with | static binaries for mac/win/linux. I've found this helpful when | I've needed to send files to somebody who would have problems | getting a whole pythonpile of dependencies installed. ___________________________________________________________________ (page generated 2021-05-24 23:01 UTC)