magic-wormhole-protocols icon indicating copy to clipboard operation
magic-wormhole-protocols copied to clipboard

Published 20 hours ago verified publisher icon magic-wormhole

Wormhole Seeds

Open piegamesde opened this issue 3 years ago • 42 comments

Migrated from https://github.com/magic-wormhole/magic-wormhole/issues/77, as I think it's a good idea to discuss feature that are not Python-exclusive here.

Basically, both sides of a Wormhole connection would derive a 128-bit mailbox-id and a 256-bit wormhole secret (from the PAKE session key), and store it for later use as a "Seed". This seed is used exactly like a normal wormhole code, except that the mailbox ID is used directly (instead of being treated as a "nameplate" which then points to a mailbox), and the Seed can be reused.

(we don't strictly need to use PAKE each time, but it happens to provide forward-secrecy, and we already have all the code in place.. it'd actually be more work to use a simple non-PAKE KDF).

(also, the wormhole secret could be considerably shorter, and still be safe, but there's no harm in making it full-sized)

piegamesde avatar Mar 23 '21 21:03 piegamesde