Connection without a need for a magic word using hotp #40
Comments
|
Well the count could just be the number of time 30s has elapsed since a reference date until now. This way as long as they are triggered in the same 30s window they would have the same count no? Also this reminds me about edgevpn but in python. |
|
@lnee94 do you mean that after an initial connection, the two sides could (as they now share a secret) set up a HOTP-based method for future connections? |
Yes that is what I mean. That was something you wanted to add. to magic worm hole |
If you open multiable applications at one time this race condition would so I think hotp would be best |
|
Hi, I made my own simple shell wrapper around magic-wormhole to send files without using the same code, without sending the code every time but without considerable security tradeoffs. It's in wormrot.sh and basically creates a different key derived from the current timestamp + a time window size + a secret. If two scripts try to connect at roughly the same time they will find each other. The Let me know what you think of this. Although I know this is not the same topic as the initial issue I still think it might be of interest here.
I'm not sure I follow, the hole mechanism only has 2 ends so you are not supposed to open more than 2 applications at once time. |
HOTP wikiipita
hotp works by generating a one time password using a secret key and a counter
The listener could generate an OTP of say length 8 with key 0xdeadbeef and count of 5 they get 49004148
If the receiver has the same key and can figure out the count they would also get 49004148
Pros
1: It is standard so easy to find libraries for
2: You don't have to refresh the code
Cons:
1: You have to get the count to each party, and the counts may be desynced.
2: You may have to implement a way for the listener to send the count to connector.
Thanks for your time Luke
The text was updated successfully, but these errors were encountered: