Imagine a scenario where you need to securely transfer files from one machine (let’s call it A) to another machine (we’ll call it B) without leaving any traces behind. How can you accomplish this task?
The first idea that may come to mind is to copy the files onto a USB stick, dispose of it, and perhaps even go to the extent of consuming it to ensure no trace remains. However, this method is not foolproof, especially if you have dietary restrictions or concerns about seafood. Additionally, sending the USB stick through traditional mail services would still expose it to potential risks.
Fortunately, there is a better solution.
Another method to securely transfer files between computers without leaving traces is by using a tool called Magic Wormhole. This powerful tool enables you to safely transmit files of any size over a network.
To install Magic Wormhole, you can use the following command:
pip install magic-wormhole
Magic Wormhole provides both a library and a command-line tool, allowing you to easily transfer files or directories between computers while ensuring security. It achieves this by utilizing PAKE (Password-Authenticated Key Exchange), an encryption algorithm that employs a low-entropy password to establish high-entropy cryptographic key sharing. This key is then used to encrypt the data during the transfer.
Here’s an example of a connection between two machines using Magic Wormhole:
% wormhole send README.md Sending 7924 byte file named 'README.md' On the other computer, please run: wormhole receive Wormhole code is: 7-crossover-clockwork Sending (<-10.0.1.43:58988).. 100%|=========================| 7.92K/7.92K [00:00<00:00, 6.02MB/s] File sent.. waiting for confirmation Confirmation received. Transfer complete.
% wormhole receive Enter receive wormhole code: 7-crossover-clockwork Receiving file (7924 bytes) into: README.md ok? (y/n): y Receiving (->tcp:10.0.1.43:58986).. 100%|===========================| 7.92K/7.92K [00:00<00:00, 120KB/s] Received file written to README.md
In the example above, you can see that Magic Wormhole generates a simple code (‘7-crossover-clockwork’) that you can share with another person via a secure communication channel, such as an encrypted audio channel on Signal. The recipient will enter this code when prompted by Magic Wormhole to establish the encryption key sharing and initiate the secure file transfer.
To successfully break the encryption and obtain the shared key, an attacker would need to somehow gain access to the password (e.g., by overhearing it in a public place) or perform a man-in-the-middle attack during the initial connection phase, which lasts only a few seconds. The chances of guessing the password correctly are 1 in 65,536. However, Magic Wormhole will display enough errors to legitimate users with each failed password attempt, raising suspicions if an attack is being attempted. Therefore, the risks remain relatively low.
If you would like to test Magic Wormhole, detailed instructions are provided here. It can even work through the Tor network.
For those interested in delving deeper into the topic, you can find comprehensive information from Brian Warner, the creator of Magic Wormhole, here (video from 2016).”