Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Is this comment in reference to Wormhole.app? If so, it contains multiple inaccuracies.

1. The salt is only ever used once. All shared files are concatenated into a single stream and encrypted one time.

2. Only end-to-end encrypted file data is sent to the server. By definition, the server cannot be involved in end-to-end encryption.



I'm referring only to the library Wormhole uses for this, and its security UX, and to the implications of using vanilla AES-GCM. I don't know of and haven't looked for vulnerabilities in your application.

I wouldn't have fully agreed with the grandparent comment either, but your refutation was also inaccurate, so here we are.


This thread is really annoying to me. I see two people I look up to basically talking past one another in a situation where one of them could be providing a lot more advice, as I've seen them do on many occasions, but seems not to want to because they are mad about a naming decision.

Every thread on hacker news that devolves into a fight over a name choice is pointless and distracts from the good work people are doing. Names are hard, and they're even harder to change, we should come up with a more productive way to have that conversation, or not have it at all.

In the mean time, I'm super disappointed.


I guess you'll have to stay disappointed, because "wormhole" is a very bad name for a new point-to-point file transfer system, browser-mediated cryptography is almost never really "end-to-end", and AES-GCM is not an ideal choice for an AEAD, though it is, as I said earlier, "imperfectly fine".

There's no larger issue I'm here to comment on!


Because of your presence as an often helpful contributor on this site, folks have brigaded around your low effort critique and tanked any chance that we'll have a productive conversation about the technology, or, heck, even the name at this point. You have an outweighed role in the direction conversations can go on this site, and playing ignorant to that while dragging feross and his work down every chance you get because of a naming choice is sad to watch.

Edit: it's also pretty clear feross received this feedback and decided to keep the name, so all you are doing is fanning flames: https://news.ycombinator.com/item?id=26666142

Edit2: I know you know the rules of the site, but really, read them, you seem to be breaking many of the top rules by riding on that high horse.

Be kind. Don't be snarky. Have curious conversation; don't cross-examine. Please don't fulminate. Please don't sneer, including at the rest of the community.

Comments should get more thoughtful and substantive, not less, as a topic gets more divisive.


Yeah, I stand by what I said, sorry.


Thanks for responding, you don't owe me or anyone an apology in my opinion and I appreciate that you took the time to read what I said, despite being disappointed with your response.


Just trying to expand on the points made by GP.

1. Salt is randomly generated, I see no reason why this would not be the case other than using the salt parameter incorrectly. I primarily want the GP to list the symmetric ciphers which mitigate incorrect salt usage, since that info is useful.

2. I see that RFC8188 spells out that the stream is encrypted before sent to the server. Again, I want to understand the issue here, why does the GP say that it is not an end-to-end system. The only thing I can think of is because this is a utility that is itself a server and not a client, so the man in the middle would be between the client and the wormhole server.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: