Show HN: Retriever – Securely share secrets over the internet | Better HN

99 comments

71 comments · 24 top-level

rakoo2y ago· 9 in thread

I don't get it: if you have a canal of communication anyway, why not send the secret directly ? We have many options for E2E encrypted communications, some of which are perfect replacements for whatever you use that isn't. I don't see the need for this.

Luctct2y ago

I suppose generic communication channels have a lot of noise for Big Brother monitors. When someone exchanges Retriever links though, monitors will know that some "secret" is being shared and can focus on potential targets more easily, with a noise filter.

rakoo2y ago

My point was assuming proper e2e encryption, so Big Brother can't know it's a retriever link. It also can't know it's an actual secret

doublerabbit2y ago

People claim E2E yet unless the code is actually open source your believing in faith.

Call me cynical, paranoid but I do not believe the E2E with WhatsApp truly is. It claims to be, yet now owned by the biggest data mining company in existence. How can I trust that?

And don't give me any "three ticks" bullshit. Show me source.

rakoo2y ago

I never talked about WhatsApp. There are other, working solutions that don't have the problem WhatsApp has.

0xdeadbeefbabe2y ago

The source for bash was open for years (maybe even 40) before shellshock.

asadeddinOP2y ago

You can definitely do that. This is just a different mechanism to do so. Your statement could be applied on any secret sharing system that 1password, Bitwarden, Lastpass have. They have a place in the world, and I'm not sure everyone is comfortable with E2E encrypted comms as a way to share secrets.

The whole idea around this was an open-source research project that people can use day-to-day or enhance to share secrets with a zero-knowledge system. What makes this unique is that it's minimal work to do this with a big level of security that you can run on your own.

rakoo2y ago

Password managers serve another purpose, which is remembering, filling and storing passwords, possibly in a collaborative way. Exchanging secrets are, to me, secondary in functionality.

> and I'm not sure everyone is comfortable with E2E encrypted comms as a way to share secrets.

I'd live to know what would make people uncomfortable with this, because your system is, in practice, exactly that :)

> What makes this unique is that it's minimal work to do this with a big level of security that you can run on your own.

I love that this can be used over any channel, secure or not, but I would prefer if we all just switched to proper secure communications everywhere. In 2024 there is no good reason not to anymore.

And if I take your point and consider self hosting this, then it's much easier and better to install proper secure communication with my peers.

Again, I'm not against the idea of allowing secure exchange of secrets in an insecure environment, but as engineers if we really want to solve problems we should look at the real one: why are communications not secure, and how to fix this. This is not a technical problem, it's a societal one, and the solution might be societal. Unfortunately as engineers we tend to suck on the social level so we don't want to see it, but it's height time we take the plunge.

SamBam2y ago

No, I think the question is: if you're passing the URLs via email, WhatsApp, or anything else, then if that system is compromised then you've revealed the secret.

If you trust that system not to be compromised, then you may as well have just sent the secret plain-text.

In what way or in what scenario does this ever grant you MORE secrecy?

andrewaylett2y ago

I want an ephemeral channel, with an audit trail of accesses. My regular communications channels provide very nearly the opposite -- they're long-lived, and I can't tell how often folk access them. They might also show history on-screen at times that are inconvenient for security, and I don't know what kind of notifications the recipient has set up.

A tool like Bitwarden Send lets me share a link that references a secret, limit the number of times it may be accessed, and validate out of band (using the secure channel you mention) that the single access I saw was indeed the intended recipient. I can -- and do -- confirm receipt and clear the shared value before putting the secret into whatever system it's intended for.

This seems to have similar properties. I still want an E2E channel for passing the links around, but once the exchange has been verified there's no permanent record of the actual value being exchanged in our chat history.

tptacek2y ago· 6 in thread

People keep reinventing Magic Wormhole, and nobody has really done it better; most of them don't even reach parity.

https://github.com/magic-wormhole/magic-wormhole

chasingtheflow2y ago

But you have to have it installed. I could see this solution being useful for dealing with non-technical users.

meejah2y ago

There is a Web client at https://winden.app (although it uses different servers than the defaults in the Python CLI, the latter can be easily configured to use the same servers).

However, see further discussion in this article about the difficulties of Web / JavaScript security in this context (i.e. you're depending on the people operating the Web server to not serve different JS on each and every visit).

emptysongglass2y ago

Haven't found anything better than croc, personally.

https://github.com/schollz/croc

Croc is an iteration of the magic wormhole design. Magic wormhole is more popular. Either is fine.

How secure is that, though?

Very. Much more secure (respectfully!) than this is.

rerdavies2y ago· 4 in thread

Why bother encrypting the fragment of the URL at all? Anyone who has the text of the URL gets the message, whether the fragment is encrypted or not. Encryption is just obfuscation.

An even better way to do this would be to use a data: URL instead. That avoids risks associated with a compromised web server.

   data:,Put your secret message here.

Even better still: just put the message in plain text on a piece of paper. That avoids risks associated with a compromised browser.

Am I missing something?

> Encryption is just obfuscation.

This is what you're missing. Obfuscation is not encryption, and anyone with access to the encrypted data in the URL would not be able to crack it in a reasonable amount of time unless they know something we don't know about public key encryption and SubtleCrypto's implementation of it.

edit: and the problem it's trying to solve are to reach people that you can't just hand a slip of paper of what you want to tell them.

rerdavies2y ago

In this case, you crack the encryption by cutting and pasting the URL into your browser's address bar. Navigate to the link, and you get the decrypted message. It is encryption as theatre. Non-functional encryption. Encryption that hides nothing.

lkbm2y ago

This presumably uses something like Diffie-Hellman[0]. Getting the URL isn't enough to decrypt the message. Even if you intercept 100% of the data passed between the two users, they still end up with information that you don't.

Now if you intercept and replace the URL, they may be in trouble.

[0] https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exc...

lkbm2y ago

I guess technically they don't have information you don't have, but they have it in a usable form—e.g., they have two prime numbers and you just have the product.

SamBam2y ago· 3 in thread

I'm confused. How do you send the request URL, and how do you receive the encrypted secret?

If the answer is "email, chat, text, Whatsapp" or whatever, them why not just send the secret plaintext?

If anyone can get into any of those systems, then they can easily get your secret from the two urls, so why bother with the encryption?

asadeddinOP2y ago

You can send the URL in whatever medium is convenient. However, if someone gets a hold of the URL with the secret, they will not be able to see the secret. For example, here's a URL containing the secret. Can you see the secret?

https://retriever.corgea.io/#eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJ...

If I glean from the landing page correctly, there will be a private key somewhere in the browser e.g. localstorage. This way the sender can encrypt the secret with the public key of the receiver. Mitm attacks are certainly possible, but eavesdropping is not.

asadeddinOP2y ago

You're correct. While a Mitm is possible, it'll be useless because the actor will have to get access to the private key from the requester'ss browser. They would have to be on the requester's machine

_el1s72y ago· 3 in thread

Nothing new here. Sites like privnote.com have been around much longer. PGP, end-to-end encryption is everywhere now.

asadeddinOP2y ago

The end result of sharing the secret is the same. We didn't reinvent secret sharing. What's unique here is there's no server keeping record of a secret, a link or the parties involved. It's the truest form of zero-knowledge because the data doesn't exist in Retriever. With Privnote if you have the link to the secret, then you have the secret. With Retriever, only the requester has it.

lcnPylGDnU4H9OF2y ago

> 2) They add their secret and share the URL Retriever generates.

How do you prevent the URL from becoming something which needs to be kept secret?

I don't see how privnote.com is the same as this. Privnote seems to use a database and the links themselves should be treated as secrets as anyone with the link can read the note.

prophesi2y ago· 3 in thread

This is great! Would it be possible for it to be entirely serverless by letting the repo generate a static HTML page with no CDN's that you could send to others? It would add a bit of friction to the process, but each party could append the hash to the URL after they open the file.

asadeddinOP2y ago

That's pretty much what Retriever.corgea.io is doing right now actually. It's hosted on GitHub pages, and serving a static HTML page. There's no other code running it. I'm not sure if they're using a CDN tho!

za_creature2y ago

Same idea, as a shareable static html page. It never made it to the front page though:

https://news.ycombinator.com/item?id=38365892

That’s a great idea, I think something like this would work very well as a installable PWA even.

MattPalmer10862y ago· 3 in thread

Interesting. I guess the only weakness I can see is that there is no way to know that a request genuinely comes from the person you think is requesting it.

On the one hand, that is down to how you send and receive the URLs. On the other hand, it doesn't make it clear that you should pay attention to that and that it provides no identity authentication.

asadeddinOP2y ago

That's a really interesting perspective. I thought of the anonymity piece as a feature more so than a limitation. For example, you want to share something between two people, but want to "burn after reading". This way no one can associate the message to the two users or get access to the contents. The requester can always clear their local storage of the key. For example, it would be really useful when sharing information between a whistleblower and a journalist. Identity comes from the medium you share really in this case.

MattPalmer10862y ago

Also an interesting perspective. I didn't think of the lack of built in identity authentication as a feature.

I guess my only point is that it should be clear that's how it works so people can take appropriate precautions in either case.

muchosandwich2y ago

That's a great point. Definitely a human factors improvement that should be implemented.

g4zj2y ago· 2 in thread

I generally just use GPG.

1. I share my public key (if not done previously).

2. They encrypt the secret and send the result back, all using whichever tools they'd like.

3. Only I (and any additional recipients specified during encryption) can view the secret data.

asadeddinOP2y ago

That's definitely a good way to do it, and if it works for you then awesome! We're kind of doing something similar here with this in a workflow where you don't have to share the key and it requires not technical knowledge of doing this. I actually did this with my dad over mobile phones and he doesn't know how to use public-private key encryption.

g4zj2y ago

I'd argue that using GPG as the sharer of a secret has nearly the same level of complexity when using something like pgptool.org, assuming there is no need to _sign_ the data as well.

forty2y ago· 2 in thread

Doing cryptography in a webapp and saying the server doesn't know the secret doesn't work, as the crypto code comes from the server without any way for the user to check whether it has been tempered with our not.

asadeddinOP2y ago

The crypto in this case doesn't come from the server. Nothing goes to the server for encryption. It's actually the browser that's generating the key pair and encrypting and decrypting. This is what makes all of this unique.

See: https://github.com/Corgea/retriever/blob/main/js/crypto.js

paulgb2y ago

Right, but how do we know that https://retriever.corgea.io faithfully returns the code in that GitHub repo? We still have to trust corgea.io.

hashmush2y ago· 2 in thread

We use self-hosted yopass at work. Works great and since the link only works once you can simply send the URL with the decryption key to the receiver. If they can open it, the secret is safe to use!

https://yopass.se/

semi-extrinsic2y ago

> since the link only works once

Unfortunately this is an anti-feature for almost all large corporations. There is inevitably a security scanner somewhere that consumes the link before the user can.

You're right, but yopass let's you send the link and decryption key separately. The link is only destroyed if the secret is decrypted, not if you just reach the prompt to supply the key.

tmoehle2y ago· 2 in thread

Generally a good idea, but it’s implementation is not fully thought through.

It’s supposed to be a secure place where secrets are shared, but it comes with Remote Code Executions that are out of the users control. Multiple JavaScript files are loaded from third party hosts to display the page, that would offer a significant attack vectors to your users secrets.

You should both reduce the code dependency on large, external frameworks, as well as verify the necessary files and deliver them from the same host, that already serves the rest of the page (because you‘re going to have to trust that host anyway).

jotaen2y ago

To be fair, except for vue.global.min.js, all the JS files which OP pulls from third-party hosts are integrity-checked. So unless clients use very outdated browsers that don’t support the `integrity` attribute, the respective third parties wouldn’t be able to start inserting malicious code in the future.

That being said, I agree it’s still a cheap security improvement for OP to control the hosting themselves. (Plus to integrity-check the Vue dependency.)

psd12y ago

Hmm.

If we pretend that there are no vulnerabilities today, then the mind turns to what will change in the future.

I tolerate js in the Bitwarden extension because it's necessary, funded, supported and necessary. But Retriever sounds to me like a project that would do better to minimise surface area.

bvrmn2y ago· 2 in thread

It seems key-pair is generated only once. Could be great to get fresh for every request.

asadeddinOP2y ago

Totally! Someone was kind enough to issue a PR to allow you to delete the private key and generate a new one. We're going to fold those changes in.

A default key expiry of 3 days would be helpful here too, as it would mitigate the threat of someone compromising the endpoint and extracting secrets from browser history.

bnpxft2y ago· 2 in thread

great, my browser history is going to be full of secrets now

asadeddinOP2y ago

Your browser history will be full of URLs that only your browser can access. A contributor was kind enough to build a delete function for this to wipe the private key and generate a new one. This would render all those URL's useless. We'll be merging that soon.

muchosandwich2y ago

Sort of. Malicious browser extensions could look at history and look at local storage before the key is deleted.

Semitangent2y ago· 1 in thread

Looks really interesting and I love the name! So, to deploy it in my (trusted) infrastructure, all I need is to clone it and put it on my server? I'll discuss it with my team

asadeddinOP2y ago

Thanks! Yea, that's all you need to do really. It's pretty simple to get it up and running :)

brianoconnor2y ago· 1 in thread

Love it. Always wanted to have exactly this for password sharing. Simple yet secure.

asadeddinOP2y ago

Thank you! Glad that you love it, and hope you'll use it :)

kreetx2y ago· 1 in thread

How to I know this isn't a honeypot? To build something like this, I'd build it against something people already trust. Since here everything is new, it's difficult to want to paste anything into it.

asadeddinOP2y ago

I totally understand that concern, and I'm pretty security conscious too my self. A few things, you can check the console and network logs while you're interacting with the application. You'll see we Retriever doesn't send anything to a server. If that's not convincing, you can also run your own instance of it and see it doesn't send anything.

city412y ago· 1 in thread

Minor nit: retriever is misspelled

> Retreiver lets you request secrets from anyone without any of the data going to a server.

asadeddinOP2y ago

Thanks for sharing that! We got a couple of PR's from very kind folks to fix that. We'll merge them soon.

taffit2y ago

I'm loving it! So simple, yet exactly the thing needed to share a secret quickly in a secure manner over a non-secure channel, e. g. email. Still a fresh idea I've never seen elsewhere. Congrats and thank you for providing this!

sherifnada2y ago

Great tool. Secret sharing always felt needlessly complicated and clunky. I love that this lets you securely share secrets with zero barriers to entry in seconds. No need for "what's your email" or "hey make sure you accept the share on lastpass" or any of that. Just a quick one-two secure envelope exchange.

Would like to give a shout out to LANDrop (not affiliated) if the users are on the local network. I use it. It's very good at saturating the link bandwidth and traffic is guaranteed not to exit the firewall.

https://github.com/LANDrop/LANDrop

alxgsv2y ago

Shameless plug: https://bobtoalice.com is a one-file html program to do the same. It can handle files, too.

dncornholio2y ago

I will not use this. It loads too many third party domains. It has a tracker. Something like this should not be this leaky IMHO.

meejah2y ago

"Without needing a server" but both parties have to visit a Web ... server ... to do the exchange. So there _is_ in fact "a server in the middle".

382y ago

this is bad, really bad.

the sender themself cant even read the returned message from a private window. its just another webapp that invades and disrespects privacy.

j / k navigate · click thread line to collapse