Michał "rysiek" Woźniak · 🇺🇦Hey #InfoSec, anyone with opionons #LocalSend? 👀
Specifically, I am interested in anyone with informed opinions on how secure it is. Has it been audited?
SpaceLifeForm
Nazo@SpaceLifeForm @rysiek Run away WHY? It's LAN only by default, it uses encryption, and you can set several security options like not auto-accepting and using a password.
Is there some exploit in it? Some fundamental security flaw? Or do you solely hate it because it creates a convenience?
If it is truly LAN only, why is encryption needed?
Why can I not accomplish the same functionality via sneaker net?
Be careful.
@SpaceLifeForm @rysiek Because someone could potentially sniff on your LAN? I didn't say LAN only. I said by default though. As in you'd have to manually open and forward ports and all that. It's not going to UPNP it for you or anything. Not sure how you'd handle the broadcast though.
Encryption may not be strictly needed. But there's literally no reason not to have it. It's easy to implement and other than using 0.0001% more CPU power, it's definitely not going to hurt anything. So give me a good reason NOT to have it even on something that can't go online.
Anyway, I'm going to work with the assumption here that you didn't really know why you said run away at this point.
I know exactly why I said run away.
It is a solution in search of a problem.
If you have not vetted the code, then you need to worry about store and forward.
@SpaceLifeForm @rysiek What do you mean in search of a problem? The problem has existed for a long time. "What is a good way to get files back and forth across devices?" There are a lot of possible solutions, yes, but none quite fit all use-cases. SMB is a big hassle. KDE connect is not universal. Etc etc.
The problem was always there. It has been there since computers first existed. You can argue this or that may suit specific cases better, but this one is a pretty good option that seems to fit the case of being pretty darned universal.
You have not yet mentioned any exploits or security problems with it. Just that you don't like it on principle alone.
The worst use case is from mobile to desktop, I will grant you that.
I have hundreds of floppy drives and I am not afraid to use them.
@SpaceLifeForm @rysiek You, uh, might want to upgrade. Some stuff is several hundred megabytes. Compressed. That could take a while to transfer one floppy at a time even if you can somehow get a 2.88MB formatted disk. (I think I heard of people getting to 1.72 or something like that via various methods, but that's probably your maximum limit.)
Also, good luck even connecting it to some devices.
Also, while you're spending a whole day making said transfer, I'm done it like 15 seconds.
BTW, some stuff I've transferred is more than a couple of gigabytes. At floppy drive speeds that would probably take a week...
I understand your perspective wrt bandwidth.
I am looking at the problem from the perspective of a secure channel.
Let's say I want to send you a large file that is really sensitive.
The only way I can trust that it remains secure is to encrypt it.
But, how do I securely transmit the decryption key to you?
This is why Security is Hard.
@SpaceLifeForm @rysiek I mean your literal answer there is keys.
We're talking about transferring files on a LAN though. The highest threat model applicable here should refer to if you're using a public LAN (say store WiFi or something.) That's the threat model you look at here, not "will State hackers sitting in my lap find a way to break it if I let them work on it all day?" You run it on two devices in a LAN, set a pin, transfer a file, then close it on each. You're setting the bar so high nearly nothing clears it -- including the LAN you'd be running it on really...
If it is purely LAN, and you trust your endpoints, then you could use SFTP.
But, what if I do not trust my endpoints?
@SpaceLifeForm @rysiek What if you do? SFTP is a pain to setup, especially on mobile devices.
You just really really do not like this program, but you have not yet once given a single actual reason why it's exploitable or etc. And I'm not even saying it's not. The question is just "will it suddenly expose your info to the web" or something like that, not "can a state actor sitting outside my house hacking into my LAN maybe get into it with a few days to work at it?"
I think it's time to just put this one to rest.
I agree. Mobile is the endpoint that I would be worried about.
@SpaceLifeForm @rysiek Right, well, if I see any black vans parked nearby I'll close it down, but in the meantime it looks to be safe enough to run five minutes at a time for quick transfers across my LAN.
I'm moving on here.