| HN Mirror

Y	Hacker News new \| ask \| show \| jobs


	by bscphil 2094 days ago
	It can be enough for PAKE. Depends on what your requirements are. Edit: to be more specific: 32 bits means that an attacker has a 1 / 4294967296 chance of guessing your password. They do not get multiple tries, because that's not how PAKE works. It's akin to agreeing with someone that you will meet in the park and exchange a short secret phrase to prove your identities, whereupon you will exchange GPG keys with each other or whatever. You don't need 128 bits of security for the "meeting in the park" exchange, any short unguessable phrase will do.

1 comments

phonebucket 2094 days ago

> an attacker has a 1 / 4294967296 chance of guessing your password

One attacker has that chance for one transfer.

But if the service is popular, then it's perfectly feasible that typing in som random choice intercepts some arbitrary file belonging to someone.

link

bscphil 2094 days ago

That's right. But you'd have to attack an extraordinary number of transfers to have even a small chance of managing to get one by luck, and an attack of that scale would very quickly become obvious since everyone would have their transfers interrupted. I agree with you in principle though, I'd like to see just a bit more entropy.

link

lioeters 2094 days ago

> a bit more entropy

The appropriate use of "bit" here made me smile.

link

Dangeranger 2094 days ago

Increasing the passphrase to four words would bring the odds up to 1 / 6,990,080,303,376. In magic-tunnel I believe there is a flag to change the number of words used by default. It appears that schollz/croc allows you to use your own passphrase, but not increase the default word size, that would be a good feature request.

link

bscphil 2094 days ago

You're quite right, of course, but keep in mind that magic-wormhole is using a much smaller wordlist, and in fact only has 1 / 65536 odds by default. The people writing software in this space don't seem to believe this is a credible threat.

link

psanford 2093 days ago

You can use whatever string you want as the passphrase for Magic Wormhole, the receiver just won't get tab completion.

link

Dangeranger 2085 days ago

How would tab completion work in a situation like this? Are the clients exchanging information about the passphrase over the same communication channel?

link

zaroth 2094 days ago

No, you need to be able to MITM the connection and inject packets in order to get one shot at trying to break into that specific transfer.

If you guess wrong, the machines trying to do the transfer see an error.

link