The new WebWormHole service works as a portal through which files are transferred from a computer to another. Press the button New Wormhole - and get the code to enter. A person on the other hand enters the same code or URL - and an ephemeral tunnel is established between you, through which files are transferred directly. Very simple and efficient. Github source code .To install the portal between devices, it is not necessary to open a browser. The client on Go is launched from the command line and generates one-time code in the console.Installation:$ go get -u webwormhole.io/cmd/ww
Broadcast:$ cat hello.txt
hello, world
$ ww send hello.txt
8-enlist-decadence
The recipient on the other side of the ephemeral tunnel enters a one-time code into the console - and receives the file.$ ww receive 8-enlist-decadence
$ cat hello.txt
hello, world
The author of the program, Salman Aljammaz, warns that the client is in early development, uses experimental cryptographic libraries, therefore, it may not work properly in all browsers. The program also did not pass a security audit, so it may not work correctly and is unsafe.The author borrowed the idea and name from the Magic Wormhole program , which also establishes a peer-to-peer connection and transfers files between computers.
Magic WormholeThe difference is that WebWormHole uses WebRTC, which allows you to break through firewalls and NAT, as well as start transmission from the browser.Each tunnel is protected by a one-time password and PAKEThis is a specific key exchange with password authentication for establishing an encrypted connection. However, the password itself is not transmitted over the network in any form.The verification is carried out approximately as in a zero-disclosure proof in which the recipient can verify the reliability of any statement without having any other information from the sender.
SPAKE2In WebWormHole, to generate a common encryption key, session descriptions are exchanged with fingerprints of DTLS certificates that WebRTC uses to encrypt connections.Transferring files through a peer-to-peer tunnel is faster and safer than by mail, FTP, or other methods. For convenience and safety, these methods are compared in a table fromMagic Wormhole presentations :Note . Since the compilation of this table back in 2016, convenient services were launched for transferring files such as Firefox Send (there is a console client ) and File.pizzaIn addition to the Python Wormhole, there are other clients for establishing direct WebRTC connections between computers:As a bonus:- rtc-ssh : WebRTC wrapper for SSH connections
Through the WebRTC channel, you can establish video communication between devices, transfer voice, files, etc.As for the PAKE key exchange mechanism, it is also useful in various fields. For example, it allows authentication on the site without sending a password to the server.