undefined | Better HN

0 pointstptacek2y ago0 comments

Very. Much more secure (respectfully!) than this is.

0 comments

4 comments · 2 top-level

jcul2y ago· 2 in thread

I'm curious as to why you think that?

I only took a glance at their "why we built this" page, but it seems sound to me. Also, it seems to serve a different purpose to wormhole.

Wormhole allows you to easily ans securely transfer files between two machines, if I understand correctly.

This is a convenient way to generate a public / private key pair and share your public key with someone encoded in a URL. In turn they can conveniently encrypt a short message using your public key which is also encoded in a URL for sending back over an insecure channel.

Being in the browser and having to trust it is not sending anything online, is not ideal. But on paper the concept seems pretty sound to me. I think it's a cool idea and can imagine it could come in useful.

akerl_2y ago

> Being in the browser and having to trust it is not sending anything online, is not ideal. But on paper the concept seems pretty sound to me.

This seems contradictory. If the main thing that's useful is that it uses URLs/browsers, but using URLs/browsers breaks the security of the system, what part of it seems pretty sound?

jcul2y ago

I mean the concept of generating a private / public key pair and sharing a public key is pretty sound.

If your browser is compromised or can't be trusted then you have bigger problems.

But if we assume this site can be trusted not to send secrets online (which is easy to verify) and they are not rolling their own crypto primitives in javascript, then the idea is pretty sound imo.

Personally I would use gpg or openssl for this, but it's not that easy for non-technical users.

1 more reply

amelius2y ago

Sorry, I got confused. I just looked back at old HN discussions, and it was Croc with the security issues, not Magic Wormhole.

j / k navigate · click thread line to collapse