[phonebucket]

> an attacker has a 1 / 4294967296 chance of guessing your password

One attacker has that chance for one transfer.

But if the service is popular, then it's perfectly feasible that typing in som random choice intercepts some arbitrary file belonging to someone.

[bscphil]

That's right. But you'd have to attack an extraordinary number of transfers to have even a small chance of managing to get one by luck, and an attack of that scale would very quickly become obvious since everyone would have their transfers interrupted. I agree with you in principle though, I'd like to see just a bit more entropy.

[lioeters]

> a bit more entropy

The appropriate use of "bit" here made me smile.

[Dangeranger]

Increasing the passphrase to four words would bring the odds up to 1 / 6,990,080,303,376. In magic-tunnel I believe there is a flag to change the number of words used by default. It appears that schollz/croc allows you to use your own passphrase, but not increase the default word size, that would be a good feature request.

[bscphil]

You're quite right, of course, but keep in mind that magic-wormhole is using a much smaller wordlist, and in fact only has 1 / 65536 odds by default. The people writing software in this space don't seem to believe this is a credible threat.

[psanford]

You can use whatever string you want as the passphrase for Magic Wormhole, the receiver just won't get tab completion.

[Dangeranger]

How would tab completion work in a situation like this? Are the clients exchanging information about the passphrase over the same communication channel?

[zaroth]

No, you need to be able to MITM the connection and inject packets in order to get one shot at trying to break into that specific transfer.

If you guess wrong, the machines trying to do the transfer see an error.