safely magic-wormholewarner/magicwormhole-pycon2016.pdffile (or directory or string) transfer...
TRANSCRIPT
![Page 1: Safely magic-wormholewarner/MagicWormhole-PyCon2016.pdfFile (or directory or string) Transfer Program • Securely moves a file from one computer to another • Claim: easier than](https://reader035.vdocuments.us/reader035/viewer/2022081623/613ec9f3c500cf75ab361d1d/html5/thumbnails/1.jpg)
Move Things From One Computer to Another, Safely
Brian Warner
magic-wormhole.io
PyCon 2016 #magicwormhole@lotharrr
![Page 2: Safely magic-wormholewarner/MagicWormhole-PyCon2016.pdfFile (or directory or string) Transfer Program • Securely moves a file from one computer to another • Claim: easier than](https://reader035.vdocuments.us/reader035/viewer/2022081623/613ec9f3c500cf75ab361d1d/html5/thumbnails/2.jpg)
File (or directory or string) Transfer Program
• Securely moves a file from one computer to another
• Claim: easier than all other secure tools
• Especially for moving to an unrelated computer
![Page 3: Safely magic-wormholewarner/MagicWormhole-PyCon2016.pdfFile (or directory or string) Transfer Program • Securely moves a file from one computer to another • Claim: easier than](https://reader035.vdocuments.us/reader035/viewer/2022081623/613ec9f3c500cf75ab361d1d/html5/thumbnails/3.jpg)
What It Looks Like
pip install magic-wormhole
![Page 4: Safely magic-wormholewarner/MagicWormhole-PyCon2016.pdfFile (or directory or string) Transfer Program • Securely moves a file from one computer to another • Claim: easier than](https://reader035.vdocuments.us/reader035/viewer/2022081623/613ec9f3c500cf75ab361d1d/html5/thumbnails/4.jpg)
What It Looks Like
pip install magic-wormhole
![Page 5: Safely magic-wormholewarner/MagicWormhole-PyCon2016.pdfFile (or directory or string) Transfer Program • Securely moves a file from one computer to another • Claim: easier than](https://reader035.vdocuments.us/reader035/viewer/2022081623/613ec9f3c500cf75ab361d1d/html5/thumbnails/5.jpg)
What It Looks Like
pip install magic-wormhole
![Page 6: Safely magic-wormholewarner/MagicWormhole-PyCon2016.pdfFile (or directory or string) Transfer Program • Securely moves a file from one computer to another • Claim: easier than](https://reader035.vdocuments.us/reader035/viewer/2022081623/613ec9f3c500cf75ab361d1d/html5/thumbnails/6.jpg)
Solved Problem?
• What's wrong with the tools we currently use?
![Page 7: Safely magic-wormholewarner/MagicWormhole-PyCon2016.pdfFile (or directory or string) Transfer Program • Securely moves a file from one computer to another • Claim: easier than](https://reader035.vdocuments.us/reader035/viewer/2022081623/613ec9f3c500cf75ab361d1d/html5/thumbnails/7.jpg)
"easily". "safely".dictate string
to senderdictate string
to receiverneeds
proximity eavesdroppers
send email ~30 chars ISPs, CAs, internet
upload to FTP/HTTP ~60 chars server, ISPs,
CAs, internet
dropbox ~60 chars Dropbox, CAs
+ URL shortener ~20 chars
Shortening Service, lucky guessers, Dropbox, CAs
USB drive X eww cooties
SSH/scp ~740 char pubkey none
magic wormhole ~20 chars none
![Page 8: Safely magic-wormholewarner/MagicWormhole-PyCon2016.pdfFile (or directory or string) Transfer Program • Securely moves a file from one computer to another • Claim: easier than](https://reader035.vdocuments.us/reader035/viewer/2022081623/613ec9f3c500cf75ab361d1d/html5/thumbnails/8.jpg)
How Does It Work?• Rendezvous Message Exchange
• PAKE, Key Agreement
• IP Address Exchange
• Transit Connection
• Data Transfer
![Page 9: Safely magic-wormholewarner/MagicWormhole-PyCon2016.pdfFile (or directory or string) Transfer Program • Securely moves a file from one computer to another • Claim: easier than](https://reader035.vdocuments.us/reader035/viewer/2022081623/613ec9f3c500cf75ab361d1d/html5/thumbnails/9.jpg)
Rendezvous Server
typical code: 1-liberty-assume
Channel ID
![Page 10: Safely magic-wormholewarner/MagicWormhole-PyCon2016.pdfFile (or directory or string) Transfer Program • Securely moves a file from one computer to another • Claim: easier than](https://reader035.vdocuments.us/reader035/viewer/2022081623/613ec9f3c500cf75ab361d1d/html5/thumbnails/10.jpg)
PAKE-based Security
P assword A uthenticated K ey E xchange
1992: EKE 1997: SRP 2005: SPAKE2
![Page 11: Safely magic-wormholewarner/MagicWormhole-PyCon2016.pdfFile (or directory or string) Transfer Program • Securely moves a file from one computer to another • Claim: easier than](https://reader035.vdocuments.us/reader035/viewer/2022081623/613ec9f3c500cf75ab361d1d/html5/thumbnails/11.jpg)
SPAKE2
diagram credit: Dan Boneh
Alice Bob
pw pw
pip install python-spake2
![Page 12: Safely magic-wormholewarner/MagicWormhole-PyCon2016.pdfFile (or directory or string) Transfer Program • Securely moves a file from one computer to another • Claim: easier than](https://reader035.vdocuments.us/reader035/viewer/2022081623/613ec9f3c500cf75ab361d1d/html5/thumbnails/12.jpg)
Security of PAKE• Weak Secret + Interaction == Strong Secret
• Passive eavesdropper gets zero information
• Active MitM gets one guess per protocol run
• failed guess == zero information
• failed guesses are visible to users
![Page 13: Safely magic-wormholewarner/MagicWormhole-PyCon2016.pdfFile (or directory or string) Transfer Program • Securely moves a file from one computer to another • Claim: easier than](https://reader035.vdocuments.us/reader035/viewer/2022081623/613ec9f3c500cf75ab361d1d/html5/thumbnails/13.jpg)
Security of PAKE
• Wormhole codes are single-use, forward-secure
• Default code is 2 words (256-word list) == 16 bits
• User must retry 655 times before attacker has 1% chance of success
![Page 14: Safely magic-wormholewarner/MagicWormhole-PyCon2016.pdfFile (or directory or string) Transfer Program • Securely moves a file from one computer to another • Claim: easier than](https://reader035.vdocuments.us/reader035/viewer/2022081623/613ec9f3c500cf75ab361d1d/html5/thumbnails/14.jpg)
Laziness Improves Security
![Page 15: Safely magic-wormholewarner/MagicWormhole-PyCon2016.pdfFile (or directory or string) Transfer Program • Securely moves a file from one computer to another • Claim: easier than](https://reader035.vdocuments.us/reader035/viewer/2022081623/613ec9f3c500cf75ab361d1d/html5/thumbnails/15.jpg)
IP Address Exchange• Find addresses with ifconfig
• Listen on TCP ports
• Exchange addresses+ports
• Try to connect, trade encrypted handshakes
• First successful connection wins
![Page 16: Safely magic-wormholewarner/MagicWormhole-PyCon2016.pdfFile (or directory or string) Transfer Program • Securely moves a file from one computer to another • Claim: easier than](https://reader035.vdocuments.us/reader035/viewer/2022081623/613ec9f3c500cf75ab361d1d/html5/thumbnails/16.jpg)
Data Relay Server
![Page 17: Safely magic-wormholewarner/MagicWormhole-PyCon2016.pdfFile (or directory or string) Transfer Program • Securely moves a file from one computer to another • Claim: easier than](https://reader035.vdocuments.us/reader035/viewer/2022081623/613ec9f3c500cf75ab361d1d/html5/thumbnails/17.jpg)
Encrypted Transit• Provides encrypted record pipe
• Uses NaCl SecretBox (Salsa20/Poly1305)
• Keys are HKDF(masterkey, purpose)
• Data is hashed (SHA256) during transit
• Final ACK confirms the hash
![Page 18: Safely magic-wormholewarner/MagicWormhole-PyCon2016.pdfFile (or directory or string) Transfer Program • Securely moves a file from one computer to another • Claim: easier than](https://reader035.vdocuments.us/reader035/viewer/2022081623/613ec9f3c500cf75ab361d1d/html5/thumbnails/18.jpg)
Library APIw = wormhole(AppID, relay_url)
w.set_code("1-peachy-seabird")
w.send(b"hello")
answer = w.get()
![Page 19: Safely magic-wormholewarner/MagicWormhole-PyCon2016.pdfFile (or directory or string) Transfer Program • Securely moves a file from one computer to another • Claim: easier than](https://reader035.vdocuments.us/reader035/viewer/2022081623/613ec9f3c500cf75ab361d1d/html5/thumbnails/19.jpg)
Future Work• GUI, pre-packaged installers, browser extension
• Negotiate better transports:
• WebRTC, ICE/STUN, libutp
• Tor Onion Services
• Add SPAKE2 to libsodium
• Port to other languages: JavaScript, Go, Rust
![Page 20: Safely magic-wormholewarner/MagicWormhole-PyCon2016.pdfFile (or directory or string) Transfer Program • Securely moves a file from one computer to another • Claim: easier than](https://reader035.vdocuments.us/reader035/viewer/2022081623/613ec9f3c500cf75ab361d1d/html5/thumbnails/20.jpg)
Beyond File Transfer
• Use this anywhere you need to deliver a credential
• Provisioning new client devices
• Pairing client devices to each other
• Populating addressbook entries in communication/messaging systems
![Page 21: Safely magic-wormholewarner/MagicWormhole-PyCon2016.pdfFile (or directory or string) Transfer Program • Securely moves a file from one computer to another • Claim: easier than](https://reader035.vdocuments.us/reader035/viewer/2022081623/613ec9f3c500cf75ab361d1d/html5/thumbnails/21.jpg)
Provisioning ClientsOld New
Type password into server
Type password into client
Get Wormhole code from server
Type code into client
![Page 22: Safely magic-wormholewarner/MagicWormhole-PyCon2016.pdfFile (or directory or string) Transfer Program • Securely moves a file from one computer to another • Claim: easier than](https://reader035.vdocuments.us/reader035/viewer/2022081623/613ec9f3c500cf75ab361d1d/html5/thumbnails/22.jpg)
Messaging AppsOld New
Alice sends public key to server
Bob asks server for Alice's key
Alice shows Wormhole code to Bob
Bob gets Alice's key from Alice (via wormhole)
![Page 23: Safely magic-wormholewarner/MagicWormhole-PyCon2016.pdfFile (or directory or string) Transfer Program • Securely moves a file from one computer to another • Claim: easier than](https://reader035.vdocuments.us/reader035/viewer/2022081623/613ec9f3c500cf75ab361d1d/html5/thumbnails/23.jpg)
Add PAKE to your Toolbox
• Cryptographic tools disseminate too slowly
• We need good examples, compelling use cases, helpful libraries
• File transfer is a foot in the door. PAKE is the rest.
![Page 24: Safely magic-wormholewarner/MagicWormhole-PyCon2016.pdfFile (or directory or string) Transfer Program • Securely moves a file from one computer to another • Claim: easier than](https://reader035.vdocuments.us/reader035/viewer/2022081623/613ec9f3c500cf75ab361d1d/html5/thumbnails/24.jpg)
Magic-WormholeMove Things From One Computer to Another,
Safely
Brian Warner
https://github.com/warner/magic-wormhole
Thanks To: Rackspace, Twisted, Glyph, djb, 2255-19
@lotharrr
magic-wormhole.io