Whonix Wiki Download Docs News Support Tips Issues Contribute DONATE

magic-wormhole - easyly get things from one computer to another, safely - review?

Usability wise one of the most usable and useful tools I’ve found in a while.

Is it secure? Any audit being done? Post-quantum safe?

Should we install it in Whonix by default?

Wormhole is a really cool project and was mentioned by TPO dev Meejah:

Its written by Brian Warner a Tahoe-LAFS dev who really knows what he’s doing.

Its probably using ECC since DJS’s libsodium is a dependency so its not PQ resistant yet.

Yes please include it in Whonix by default. Its a very cool too to have.

Edit by Patrick:
ticket -> https://phabricator.whonix.org/T771



The secret wormhole code must not be sent over an insecure channel, as an adversary can perform a Man-in-the-Middle (MITM) Attack and intercept transfers with complete reliability.

By default, wormhole codes contain 16 bits of entropy. If an attacker can intercept your network connection – either by owning your network or owning the rendezvous server – they can attempt an attack. They will have a one-in-65536 chance of successfully guessing the code, allowing them to pose as your intended partner. If they succeed, they can immediately start a new wormhole (using the same code), allowing your partner to connect to them instead of you. By passing, observing, and possibly modifying messages between these two connections, they could perform an MITM attack. [8]

Basic probability suggests that peers will see a large number of “WrongPasswordErrors” before the attacker is likely to successfully guess any wormhole code. In fact, about 32,000 failures would be reported before they have a 50 percent chance of being successful. If many failures emerge and it appears someone is trying to guess the codes, it is possible to make a longer code and significantly reduce adversary chances, for example: wormhole send --code-length=4 .

In other words, if it fails the first time for about 32,000 users the next user will be unlucky and receive a malicious file.

How long does the code length have to be make this as unlikely as guessing a TLS or .onion private key?

Once that is answered, I can add a wrapper swormhole or so which automatically sets --code-length=x.

1 Like