Kicksecure ™

Download

Debian morph to Kicksecure (Hardware) Windows (VM) Linux (VM) Mac (VM) VirtualBox (VM) KVM (VM) Qubes (VM) USB ISO (coming soon) More options Source Code

About

Overview Features Why Open Source? Project Activities Contributors Mission & Vision

Docs

Documentation FAQ Troubleshooting

Community

Forums Contribute

Support

Free Plus Premium Contact

Tools Upload file Special pages Recent changes Print Version Page meta What links here Related changes Page information

Page Read Edit History Move Protection Unwatch Watch Delete Purge

User Preferences Watchlist Contributions Logout Create account Login

Donate

This page describes how to share files with others.

If you are interested in copying files into and out of Kicksecure Virtual Machines, see File Transfer.

Magic-Wormhole[edit]

Introduction[edit]

The Magic-Wormhole package: ^{[1] [2]}

... provides a library and a command-line tool named wormhole, which makes it possible to get arbitrary-sized files and directories (or short pieces of text) from one computer to another. The two endpoints are identified by using identical "wormhole codes": in general, the sending machine generates and displays the code, which must then be typed into the receiving machine.

This is by far the simplest way to send files securely between two endpoints that the Kicksecure developers have encountered.

The wormhole tool uses PAKE “Password-Authenticated Key Exchange”, a family of cryptographic algorithms that uses a short low-entropy password to establish a strong high-entropy shared key. ^[3] The codes are short and human-pronounceable, using a phonetically-distinct word list. The receiving side offers tab-completion on the code words, so usually only a few characters must be typed. Wormhole codes are single-use and do not need to be memorized.

In the future, it is planned to use ephemeral onion services (OnionShare style) to eliminate reliance on a rendezvous server susceptible to DoS attacks. ^[4] Work on a Rust port is underway. ^{[5] [6]}

Operation[edit]

The following example shows the output related to sending the file "README.md" with Magic-Wormhole. Replace README.md with the name of any file in the home directory. ^[7]

Sender:

% wormhole send README.md

Sending 7924 byte file named 'README.md'
On the other computer, please run: wormhole receive
Wormhole code is: 7-crossover-clockwork

Sending (<-10.0.1.43:58988)..
100%|=========================| 7.92K/7.92K [00:00<00:00, 6.02MB/s]
File sent.. waiting for confirmation

Confirmation received. Transfer complete.

Recipient:

% wormhole receive

Enter receive wormhole code: 7-crossover-clockwork
Receiving file (7924 bytes) into: README.md
ok? (y/n): y
Receiving (→tcp:10.0.1.43:58986)..
100%|===========================| 7.92K/7.92K [00:00<00:00, 120KB/s]

Received file written to README.md

Code Word Security[edit]

The secret wormhole code must not be sent over an insecure channel, as an adversary can perform a Man-in-the-Middle (MITM) Attack and intercept transfers with complete reliability.

By default, wormhole codes contain 16 bits of entropy. If an attacker can intercept the network connection -- either by owning your network or owning the rendezvous server -- they can attempt an attack. They will have a one-in-65536 chance of successfully guessing the code, allowing them to pose as your intended partner. If they succeed, they can immediately start a new wormhole (using the same code), allowing your partner to connect to them instead of you. By passing, observing, and possibly modifying messages between these two connections, they could perform an MITM attack. ^[8]

Basic probability suggests that peers will see a large number of "WrongPasswordErrors" before the attacker is likely to successfully guess any wormhole code. In fact, about 32,000 failures would be reported before they have a 50 percent chance of being successful. If many failures emerge and it appears someone is trying to guess the codes, it is possible to make a longer code and significantly reduce adversary chances, for example: wormhole send --code-length=4.

Footnotes[edit]

---

Unfinished: This wiki is a work in progress. Please do not report broken links until this notice is removed, use Search Engines First and contribute improving this wiki.

Kicksecure A secure by default operating system with the latest security research in place.

Dark mode

Follow us on social media

FREE  ·  PLUS  ·  PREMIUM Support

At Kicksecure we value freedom and trust, supporting Open Source and Freedom Software

By using this website, you acknowledge you have read, understood, and agree to be bound by these these agreements: Terms of Service, Privacy Policy, Cookie Policy, E-Sign Consent, DMCA, Imprint 2012-2024 ENCRYPTED SUPPORT LP

Your support makes
all the difference!

We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!