Magic Wormhole Invitesļƒ

Magic Wormholeļƒ

magic wormhole is a server and a client which together use Password Authenticated Key Exchange (PAKE) to use a short code to establish a secure channel between two computers. These codes are one-time use and an attacker gets at most one ā€œguessā€, thus allowing low-entropy codes to be used.

Invites and Joinsļƒ

Inside Tahoe-LAFS we are using a channel created using magic wormhole to exchange configuration and the secret fURL of the Introducer with new clients.

This is a two-part process. Alice runs a grid and wishes to have her friend Bob use it as a client. She runs tahoe invite bob which will print out a short ā€œwormhole codeā€ like 2-unicorn-quiver. You may also include some options for total, happy and needed shares if you like.

Alice then transmits this one-time secret code to Bob. Alice must keep her command running until Bob has done his step as it is waiting until a secure channel is established before sending the data.

Bob then runs tahoe create-client --join <secret code> with any other options he likes. This will ā€œuse upā€ the code establishing a secure session with Aliceā€™s computer. If an attacker tries to guess the code, they get only once chance to do so (and then Bobā€™s side will fail). Once Bobā€™s computer has connected to Aliceā€™s computer, the two computers performs the protocol described below, resulting in some JSON with the Introducer fURL, nickname and any other options being sent to Bobā€™s computer. The tahoe create-client command then uses these options to set up Bobā€™s client.

Tahoe-LAFS Secret Exchangeļƒ

The protocol that the Alice (the one doing the invite) and Bob (the one being invited) sides perform once a magic wormhole secure channel has been established goes as follows:

Alice and Bob both immediately send an ā€œabilitiesā€ message as JSON. For Alice this is {"abilities": {"server-v1": {}}}. For Bob, this is {"abilities": {"client-v1": {}}}.

After receiving the message from the other side and confirming the expected protocol, Alice transmits the configuration JSON:

{
    "needed": 3,
    "total": 10,
    "happy": 7,
    "nickname": "bob",
    "introducer": "pb://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@example.com:41505/yyyyyyyyyyyyyyyyyyyyyyy"
}

Both sides then disconnect.

As you can see, there is room for future revisions of the protocol but as of yet none have been sketched out.