Comments (7)
Oh wow, I somehow had completely ignored that the protocol uses the entire code including the Nameplate for PAKE. I'll have a look into this.
The thing is, that nameplates technically do not need to be numeric, so it is not easy to do validation. Maybe the best thing would be to simply assert something about the length of the password?
Also, note that in what you describe codes like foo-bar
would parse "foo" as nameplate and "bar" as password, which still has some password but with only half the entropy.
from magic-wormhole.rs.
I don't see any issue with allowing string nameplates. (Actually, you can even set the code to the empty string, and have it claim an empty nameplate with an empty password. I transferred a file this way with no issues.)
Also, note that in what you describe codes like
foo-bar
would parse "foo" as nameplate and "bar" as password, which still has some password but with only half the entropy.
That's a footgun for users to be sure. The biggest issue is that it's not obvious to the user what part of the code is nameplate and what part of it is password. That's actually how I discovered this bug, I was trying to figure out how MWRS handled that internally.
I think the cleanest way to do this might be to break with the Python client and have separate --password
and --nameplate
options. If the user doesn't provide a nameplate, pick one automatically like normal, but continue to use their custom password. This would create a cleaner break between the two.
Of course this might require more refactoring, and I'm not sure if breaking backward compatibility is an issue here.
Edit: to clarify, I'm not suggesting breaking with the protocol and only using the password portion for PAKE. I'm suggesting changing the CLI so that the nameplate and password portions of the code are provided separately by the user.
from magic-wormhole.rs.
This has somehow been falling through the cracks, and I am not looking forward to making a new semver-breaking release so soon after the last one.
Luckily this isn't difficult to solve, even with the current cli arguments. Generally this would "only" require some entropy validation in https://github.com/magic-wormhole/magic-wormhole.rs/blob/main/cli/src/main.rs#L295 by splitting the code
once with -
and then checking the entropy of the remaining string. To simplifly matters it would probably be enough to check whether the remaining code is at least 4 bytes long. This isn't enough to be really secure, but enough to ensure that we have at least something.
As a bonus, printing a warning whenever the code is less than, say, 10 bytes, is probably a good idea. And maybe amending the documentation to include some more information about how the code argument works, and about this check.
I'll get around to it before the next minor release in a couple weeks, but I am always glad about contributions :)
from magic-wormhole.rs.
It's worth thinking about which issues we want to fix here:
- It's possible to have no security by passing
longtotallysecurephrase
to--code
, as long as it doesn't contain a dash. Someone right now could be repeatedly sendinglist
to the mailbox server every second and attempting to download from any mailbox that doesn't use a number as its nameplate. This would be fixed by a solution as simple asstr.contains("-")
. - It's not possible to use a custom code if you want the wormhole client to pick an unused nameplate for you, which is extremely annoying. Wanting to use a custom code: really common. Wanting to use a custom nameplate (with no guarantee it will be available): probably very rare?? That's what my
--nameplate
and--password
suggestion is supposed to solve. - It's possible to have greatly reduced security by sending a code the user expects to be secure like
--code claim-arrange
, because the first word becomes the nameplate. If you're using the PGP wordlist to generate codes, that's a whole 8 bits of security.
A solution like "check that the code is at least four bytes long" doesn't solve this issue, because the PGP words are all >= 4 bytes but would still only have 8 bits of entropy. Given that the output of wormhole-rs is already very verbose, perhaps it would be a reasonable to explicitly print
nameplate (public): claim
passphrase (private): arrange
when a custom code is used. This wouldn't cause any issue with UX because we already explicitly print the whole wormhole "code" and give an example of usage "wormhole-rs receive claim-arrange".
from magic-wormhole.rs.
I think nameplates do have to be numbers, no? https://github.com/magic-wormhole/magic-wormhole/blob/master/docs/server-protocol.rst#concepts
(At least, they currently are in the reference implementation, although I'm not entirely sure where that's enforced, or not)
from magic-wormhole.rs.
@meejah it's not enforced, in fact you can even make the nameplate the empty string and that works too.
from magic-wormhole.rs.
The intent is clearly that they're numbers, so probably it should be enforced (both on clients and the server).
from magic-wormhole.rs.
Related Issues (20)
- RUSTSEC-2023-0037: crate has been renamed to `crypto_secretbox` HOT 1
- Release mac binaries HOT 2
- RUSTSEC-2023-0052: webpki: CPU denial of service in certificate path building
- [Feature request] Drop xsalsa20poly1305 dependency HOT 3
- Adapt help message for renamed binary HOT 1
- Windows binary for v0.6.1 HOT 2
- Enable transfers over link scoped addresses
- Expose the TLS implementation features of async-tungstenite
- CI test failures HOT 1
- For Android HOT 3
- Performance issue on Mac with M1 pro HOT 3
- [FR] Please publish binary crate on crates.io, too
- Automatically generate man pages HOT 1
- test_send_many fails on amd64 and armel/hf HOT 6
- RUSTSEC-2024-0357: `MemBio::get_buf` has undefined behavior with empty buffers
- Crate bytemuck 1.16.1 is yanked
- Panic on port forward in version 0.7.1 HOT 1
- No way to get the name/path of the received file when using --noconfirm/--yes HOT 1
- Use the tracing crate for structured logging
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from magic-wormhole.rs.