Shortwire: The smallest VPN that connects two computers via the Internet
50 points
28 days ago
| 8 comments
| github.com
| HN
axoltl
28 days ago
[-]
I took a quick look at the crypto design here, and it is deeply flawed. Please don't use this.

The key exchange is simply an XOR of the pre-shared key with the session key instead of a proper key wrapping, there's no chaining mode specified for the AES encryption as far as I can see and perhaps most critically none of the data is authenticated.

A great example of "don't roll your own crypto".

reply
mojyack
28 days ago
[-]
Author here. Thanks for pointing out the security issue! I'm a novice in cryptography, and the encryption used in this program was just an idea I came up with. I'm going to learn a bit more, but if you have any good ideas for improvements, could you let me know?
reply
axoltl
28 days ago
[-]
Cryptography is tricky to get right. There are a ton of subtle ways things can go wrong! I think the first thing to realize is your problem has probably been solved by someone else, so you can use off-the-shelf solutions. TLS has a pre-shared symmetric key option: https://en.wikipedia.org/wiki/TLS-PSK for example.

Second, I think it's important to know how crypto fails in order to use it properly. https://www.cryptopals.com has a bunch of challenges that walk you through breaking a crypto implementation.

reply
alphager
28 days ago
[-]
I can fully recommend this book by one of the TLS 1.3 contributors; it doesn't require a cryptographer background and serves as an extremely good starting point: https://www.manning.com/books/real-world-cryptography?a_aid=...
reply
endofreach
28 days ago
[-]
OT: i stumbled upon your name a few times here on HN now through nice & interesting comments.

I am not ready yet, but are you for hire to help a startup with your expertise in the near future? How could I contact you?

reply
axoltl
28 days ago
[-]
Always happy to talk! I've put a temporary email in my profile.
reply
HL33tibCe7
28 days ago
[-]
It’s puzzling to me that they didn’t just use TLS.
reply
buro9
28 days ago
[-]
The rest of the ideas seem valid, it's a shame to have the project undermined by the crypto.

Is there no website of canonical examples of good crypto that can be shown to the author, so that they may trivially have good crypto?

reply
HL33tibCe7
28 days ago
[-]
Good crypto is hard. It’s extremely easy to make very subtle mistakes that completely undermine a cryptographic protocol’s security.

Ultimately protocols like this need to be designed by someone with extensive experience in cryptography, then reviewed and tested by many similar people, before they can be considered safe to use.

reply
orphea
28 days ago
[-]
Perhaps libsodium? A library with selected crypto primitives and functions that is harder to misuse.
reply
kevin_nisbet
28 days ago
[-]
Maybe a noise implementation? http://www.noiseprotocol.org/

Iirc this is what wireguard is based on and wireguard would be a great project to learn the crypto choices from.

reply
arghwhat
28 days ago
[-]
I honestly don’t think it has any interesting ideas. It doesn’t seem any easier than a WireGuard tunnel.

The way for a non-cryptographer to make good crypto is to not write any crypto and rely on standard setups like TLS. Even chaining standard algorithms together can be dangerous.

reply
kkfx
28 days ago
[-]
The idea seems a "quick support" kind of connectivity, meaning you just pass a string to be paste in a terminal and you are on the same "LAN", for such casual temporary usage I'm not much concerned, but... Where the "linker" service to be self-hosted on demand?
reply
mojyack
28 days ago
[-]
You can use my server written in the README.

the peer-linker's source can be found here https://github.com/mojyack/peer-linker

The documentation is not ready yet, but I will write it soon.

reply
kkfx
28 days ago
[-]
Thanks, but please in general publish always the complete package, relaying on third party service it's like not being FLOSS because the potential user still do not have at his/her own hand the complete infra so can't really operate, extend, improve alone and give back the results.

The current service epidemic have almost killed free IT in general and we must stop it.

reply
issafram
28 days ago
[-]
Yea I was considering getting rid of Wireguard for this

/s

reply
suprjami
28 days ago
[-]
Not sure why this needs to exist. Wireguard is quicker and easier, and apparently has much better security.
reply
xmprt
28 days ago
[-]
Probably an example of what a minimal VPN could look like. I think it's more for educational purposes rather than to actually be used.
reply
vendiddy
28 days ago
[-]
Even if for educational purposes, a tool intended for security should have good security.
reply
sevg
28 days ago
[-]
To be fair, there's no mention on the README that it's for research or education, so I think it's reasonable to judge it as a "production" tool.
reply
alexvitkov
28 days ago
[-]
If you by default treat every GitHub repo as quality production code unless explicitly mentioned otherwise, you're in for a bad time.
reply
sevg
28 days ago
[-]
No, I didn't say assume it is production quality, I said "judge". In other words, measure it against a higher standard.

First person compared it to WireGuard, next person said yeah but it's probably for education, and I'm saying yeah but I think it's fair to compare it to WireGuard since the README doesn't make it clear whether it's a toy or a production tool.

And if you compare it to WireGuard then it becomes clear you shouldn't use this thing if you want real encryption.

reply
mojyack
28 days ago
[-]
Of course, I think WireGuard is more robust and powerful. But I wanted a tool that was simple and quick to set up. And it's a great way to learn about networking.
reply
johnklos
28 days ago
[-]
tinc [1] is very lightweight and simple to set up. There's also ssh -w for quick and easy tun-over-Internet connections.

[1] https://www.tinc-vpn.org

reply
fulafel
28 days ago
[-]
You can also use IPSec with manual keys which works out of the box tools and is standard, interops with other platforms as well, even with router OSes. On linux side eg like this: https://unix.stackexchange.com/questions/638436/rekey-ipsec-...
reply
jwr
28 days ago
[-]
This is a good time to mention vpncloud, a fantastic Linux-daemon solution for connecting several cloud machines together without relying on cloud provider dependent VPNs. I've been using vpncloud in production for several years now and it has been rock solid and reliable.
reply
gforce_de
28 days ago
[-]
reply
mojyack
27 days ago
[-]
I've made some improvements to shortwire, including support for ChaCha20-Poly1305 in addition to AES.

It may not perfect, but I think it's a lot better.

reply
aborsy
28 days ago
[-]
Here is a dead simple VPN, by the developer of libsodium

https://github.com/jedisct1/dsvpn

reply
firesteelrain
28 days ago
[-]
This looks alot like stunnel to me which is a much more mature and better product.
reply