|
|
|
|
|
|
by zaroth
2187 days ago
|
|
|
Neat tool. Just read the documentation, for others interested, it is a command line tool where you enter a send command on one machine, it generates a 16-bit one time code, then you type a receive command on another machine (which includes the one-time code) which is used to negotiate a strong shared key that is then used to transfer the file. The initial handshake uses the 16-bit code with an interactive PAKE algorithm to generate a shared key. An attacker would need to MITM the initial connection and guess the one time code on their first guess. So this gives a network privileged attacker a 1-in-65k chance of breaking into the connection, or if they fail you would see an error message on the sender side. Offline attacks on the one-time code are not possible. The pre-built program uses a hard-coded server for assisting in making the network connection in order to setup the initial connection (discovery, key negotiation) as well as a TURN server to assist in the file transfer. You can setup and use your own servers for discovery and transit with command line arguments. Looks like this; % wormhole send README.md
Sending 7924 byte file named 'README.md'
On the other computer, please run: wormhole receive
Wormhole code is: 7-crossover-clockwork
Sending (<-10.0.1.43:58988)..
100%|=========================| 7.92K/7.92K [00:00<00:00, 6.02MB/s]
File sent.. waiting for confirmation
Confirmation received. Transfer complete.
And on the receiver side; % wormhole receive
Enter receive wormhole code: 7-crossover-clockwork
Receiving file (7924 bytes) into: README.md
ok? (y/n): y
Receiving (->tcp:10.0.1.43:58986)..
100%|===========================| 7.92K/7.92K [00:00<00:00, 120KB/s]
Received file written to README.md
I believe the "7" in the wormhole code is what's used so that the two peers can find each other when connecting to the "Rendezvous Server" which forwards messages between the two machines to facilitate the key generation. |
|
|