Thread 106496316

Why is there no program where me and my friend have the same program installed and I type in his IP address and can send infinite amount of files to him directly and encrypted?

Why does everything need to be uploaded to some shit server first? Is there no open protocol like that? No I'm not talking about bittorrent.

>>106496316 (OP)
that's a VPN retard

we haven't invented that technology yet. you have to mail him an ssd

>>106496316 (OP)
It is called FIleZilla, newfriend.
https://filezilla-project.org/

>>106496316 (OP)
netcat

>Is there no open protocol like that?
Uh openssh?

I remember 25 year ago I was doing that.
You create a local server and you set a folder to share
You give your ip to your friend and he can download any file in the folder

>>106496316 (OP)
scp you doofus

>>106496478
can i get in trouble for having that installed on my computer?

>>106496539
Secure cp is just as legal as normal cp.

>>106496316 (OP)
Yeah, there should be some kind of 'file transfer protocol' of some sort.

>>106497789
so not at all??

>>106497811
I can't believe kikes managed to remove support for that in the browsers.

>>106497817
Worst thing they did. Even worse than 9/11.

>>106496316 (OP)
Because mainly for security reasons, systems do not accept received traffic they didn't specifically ask for. If you performed an HTTP request (entered a webpage URL), it will allow the remote server to send you the requested data (the web page), but if a server just sends you a web page out of nowhere your router will tell the server to fuck off and not forward the received data to your PC. (A secondary reason is that your router won't know which PC to send the data to unless configured for it (port forwarding), and a third reason is that modern ISPs are assholes and may perform this rejection before it even reaches your router.)

In order to be able to receive unprompted requests from outside the local network, your PC would have to be open ('exposed') to internet requests (router configured to forward traffic to it, typically only traffic on a certain port) and some program needs to run to handle those requests. The first part is the main problem here; a 'solution' called UPnP exists which allows a program to tell your router to forward certain traffic to your system, but in practice this is a security nightmare (both in the sense of accidentally leaving the forwarding enabled for outdated software you didn't know you're running, and malware kindly asking the router to let malicious traffic through and actually getting its way). Any solution that makes solving this problem easy for legitimate use also makes it easy for malware and usually has a high risk of resulting in poor security configuration due to negligence ("oh I installed that six years ago no clue what it does").

Next there's the problem of authorization; you don't want just anyone with your IP to be able to upload CP to your PC. So you need to create an account or similar to make sure only your friend can upload things to your PC.

>>106496316 (OP)
>>106497876
Once you've configured your router to forward traffic on the right port(s) and created a user account or similar for your friend, file transfers are actually simple and there are many solutions for it, including as mentioned by previous posters FTP, SFTP and scp, as well as other solutions like rsync. Most of these do again have the problem that exposing too much or granting too much access is still problematic: where should your friend be able to write? Should your friend be able to overwrite existing files? Can your friend delete files? Depending on the solution you used you'd also need to configure things to prevent your friend from browsing other folders on your PC, and maybe you don't want him to be able to download things. But other than locking it down sufficiently it's pretty simple...

...on Linux. Many of these tools are either pre-installed on most distros or one command away from being installed. Windows to my knowledge does not have any such easy file transfer utilities (it allows easy SMB sharing, but that's local network only and you need to jump through MANY hoops to make it work remotely) so you're essentially out of luck there. It also needs to be noted that security on Windows is always iffy in general and I, personally, don't expose Windows machines to the internet any more than is really necessary. (I did have a Windows server once, 15 years ago. It got infected by a virus without any interaction on my side, and ever since then all my servers have been Linux.)

>>106497816
all linux users have cp on their pc and most seem to get away with it

Whatever happened to IRC XDCC?

you mean ftp?

I love Mio so much.
My first and only waifu.

>>106496316 (OP)
/g/ used to have ftp servers and threads just for this
those were the days

/g/ used to be tech and media literate, those were the days...

>>106496316 (OP)
>what is syncthing over tor/i2p endpoints

>>106497986
Is this any good or does it glow?

>>106496316 (OP)
You can simply set up wireguard and forward a port for it. That would be the exact thing you described.
You dont even need a vpn like wireguard if you know what you are doing.

If you are behind CGNAT, things get complicated. Since you don't have control over the end router, you will need to rely on holepunching which is a neat trick to establish p2p connections.
Holepunching needs to be coordinated/signalled. VPNs like tailscale, zerotier, hamachi do this automatically with their servers and 90% percent of the time connections will be P2P if you aren't behind a very strict NAT.
If you don't want any 3rd party at all, you can self host rendevouz/signalling server that is public. Headscale is good for coordination/mesh type of things but anything will work as basic signalling, even IRC.

Test it yourself, STUN your address and exchange it with your friend, then start sending each other empty udp packets at the exact same time. it will go through.

Python -m http.server -p 3000
Then your friends visits your ip :3000

>>106500450
that's not encrypted

>>106496316 (OP)
You are either trolling or being extremely retarded. Since it’s 4chan, I will assume it’s the latter, so yes OP, there are in fact, MANY different ways to do exactly what you just described, each with their own caveats and pros/cons.

>>106500455
I was going to write 443 but im not sure if thatd work. Either way he should set his firewall to block all traffic except his friends ip if hes paranoid.

>>106496316 (OP)
>Encryption
>Without sharing keys over a secure channel first
>Nobody calls this out
/g/ moment

>>106496316 (OP)
check out https://github.com/9001/copyparty

>>106498146
I remember some poor sap about 15 years ago set up an FTP server to share. It was misconfigured and other anons proceeded to rm -rf / the poor dude.

>>106500484
you know asymmetric encryption exists for decades right?

>>106500472
Your connection can still be intercepted. What you have to do is chose an encryption scheme first, share keys over a secure channel >>106500484, and then encrypt before transmission.

Also remember to have the connection open at all times even when you're not active and configure a program to randomly send bogus messages(with an identifiable header post decryption to mark that it's bogus, ideally variable length), when you are not communicating to throw off any inspectors about the regularity of your connection.

>>106500518
You know you still have to share keys over a secure channel for asymmetric encryption too right?

>>106500535
If you want to communicate 1-on-1 with a friend, that is.

>>106500526
How can it still be intercepted if you set up a firewall? The firewall isn’t there just for show.

>>106500547
Nigga your packet is transmitted freely through the air, unless you beam that shit with a laser with a direct LoS to your friend's computer, somebody can read the packets without being the intended reciever. Your packet doesn't travel through friendship and magic.

>>106500535
You don't need a secure channel to exchange public keys though?

>>106496316 (OP)

sneakernet 1:1
rsync 1:256 ish

>>106500596
A third party with both public keys can dilute your communication with noise unless you're smart enough to decide on a secret header after you have exchanged the keys.

>>106500613
I guess it's still fair technically, so I'll concede.

>>10650058
Lol it doesnt matter. Unless that person is a l33t h4xx0rz that can bypass firewalls somehow.

>>106500596
Also, as an addendum btw, Your initial public key transmission can be impersonated or filtered if your communication channel is not trusted and is thus vulnerable to MiTM. Say that you're sharing your key through a chat platform, the platform can intercept that message, and change your keys with theirs and they can then essentially act as a middleman if they can intercept your packets.

>>106500640
Are you dense? Just because your computer ignores messages not addressed to it doesn't mean everyone has to.

>>106500664
A firewall means this address is okay all other addresses get dropped.

>>106500678
and have you personally verified the address?

>>106500656
Yeah, I always mistake authenticity as being granted.
So you're right but I think at that point the only "secure channel" would be exchanging the public keys (or other info) physically.

>>106500678
Pray tell me how you believe addresses are communicated and why an able party can't just lie?

>>106500702
Well if again if you're dealing with something else an antivirus firewall might offer extra protection too.

>>106500712
Irrelevant
You're placing too much faith in the address routing infrastructure or the belief that two fed vans aren't parked besides your and your friend's house right now.

>>106500689
Yes.
>unless you believe in skinwalkers

>>106496316 (OP)
>>106496332
WRONG you have to figure out how to send boolean determinants via smoke signal

>>106500761

you likely telnet to mac and push text and reciever sniffs all

>>106496316 (OP)
I remember we sent eachother mp3s and shiet on irc all the time, and everyone had their own ftp so we could download larger stuff from eachother

>>106496316 (OP)
https://github.com/schollz/croc

>>106501048
This looks interesting and I wonder why I've never heard of it. What's the catch? Do you have personal experience with it?

>>106496334
That's malware
>>106496316 (OP)
Connect to the same network and use LocalSend or croc.

>>106500484
Keys can be transferred alongside other connection information. That's how it's also typically done with 'secure' clould storage where you get something like url.com/myfile?key=ifukedyouremom to send to your friend.

>>106500613
>>106500656
In practice the short lifetime of the key (you send the info, friend uses it two minutes later) gives the attacker no time to set up an MITM unless they already have a similar one ready they just need to change a few values on.

>>106500547
You seem genuinely retarded. This is the snail mail equivalent of saying 'nobody can intercept my mail, after all the address written on it is my friend's and intercepting it is a crime'. It doesn't matter how secure your or your friend's house is, some random asshole working in mail delivery can open it and see what you're sending, and even alter it.

>>106500515
I wonder why /g/ no longer has open FTP servers and the like.

>>106500725
Why do /g/ posters and their friends always have fed vans parked outside their house?

>>106501655
To kidnap wahmen

>overcomplicating things
Just use this, you don't even need to open ports manually, its like you're on the same network, has worked for me for 2 decades

>>106496316 (OP)
There are many P2P programs out there. Use them instead of making ignorant claims.

>>106496316 (OP)
SFTP exists

>>106501762
except it's a pain to setup and you might introduce vuln. to your system.

Nobody has mentioned Syncthing and I'd like to know why

>>106501894
Your less likely to introduce a vulnerability into your system with OpenSSH than whatever other program you randomly decided to use instead that you downloaded off of Github.

Do you know how many people depend on OpenSSH? How many eyes there are on its code? It's a big fucking deal if OpenSSH gets compromised.
Your random Github project on the other hand has nobody looking at it.

>>106498022
People mostly use it to pirate anime these days.

>>106501581
>Keys can be transferred alongside other connection information.
Case in point that it's not very secure then.

>In practice the short lifetime of the key (you send the info, friend uses it two minutes later) gives the attacker no time to set up an MITM
Well given that OP specified nothing, the correct thing from a theoretical perspective is always to record what's possible over the span of the usefulness of the information's life and not what's feasible for a non state backed attacker, that's what any cryptography/netsec book will teach you, so, I don't see your point.

>>106500761
Just use IP over Avian Carrier or learn BGP and build your own bootleg tier 1 grade cross country fibre-optic and LoRaWAN nodes based private internet.

>>106498146
>>106499587
This never happened. /g/ has always been braindead retards.

>>106502679
Yes it did
be quiet
attention whore

>>106501538
croc is based and just werks. wormhole-william is faster for just one file tho
I use it for lazy file copys on my LAN all the time

>>106500455
Just encrypt all the files first and voilà.

>>106503099
Croce uses a centralized server... The dev started asking money for it lol

>>106496316 (OP)
SFTP, or normal FTP with offline encryption

>>106500484
asymmetric encryption but dont ask /g/ how it works because theyre always wrong. i had to read a history book written in 1999 about it to get an actual explanation

>>106500656
this is why you use your secret key to sign it

>>106502484
Western TV shows and movies outweigh the anime pretty hard on XDCC. But it is overwhelmingly TV smut and anime, little else.

>>106497816
>so not at all??
He's fucking with you. cp in this context refers to the copy paste command installed on all Linux systems allowing someone to copy a file and paste it somewhere else. example:
cp database.db database_backup.db

Secure copy paste or scp is just doing that but over the internet using an IP or ssh config. Usually you need ssh access to do it.

>>106503250
isnt "secure cp" not for cryptography secure, it just hashes the file before and after to make sure it actually copied teh file correctly

>>106503293
It provides copy over ssh which if configured correctly is cryptographically secure. The modern scp utility itself just uses SFTP as it's operating protocol rather than SCP(Secure copy protocol).

>>106503711
oh. ok. i thought it really was "copy, but i mean it"

>>106503193
You couldn't just read a cryptography book?

>sign it
And verify it with any amount of trust how? lol

Create a torrent and share the link with your friend.
The hard part is getting a friend to do this with T_T

>>106496326
/thread

>>106496316 (OP)
windows 95 through windows 7 supported this kind of direct file sharing. This feature was removed from windows10 in 2017.

>No I'm not talking about bittorrent.
then what are you talking about

>>106503740
>verify
if you encrypt something with your own private key it can only be decrypted with your public key. so if you send something that decrypts properly with your public key, it can be surmised that you have access to both keys and if that private key is safeguarded properly that it's genuinely from you. (ofc if your key is leaked or shared or w/e this fails and the solution is "generate new keys and make a public statement not to trust your old one)

>>106496316 (OP)
>Ctrl-f
>Onionshare not mentioned once
OK retards

>>106503860
Mate it's the very transmission of your public key that's under the risk of mitm in the original message.

>>106504022
>oh no someone modified my public key in transit!!!
so either they send the correct person junk that was encrypted wrong and simply have to try to retrieve the key again, or they send properly encrypted information to the wrong address and the recipient cant decrypt it


or you send your encrypted data to the police after not noticing you were redirected from HotAnimeTitty.BLOGSPOT.cum to fbi.gov/honeypot and that is fundamentally a skill issue

>>106504022
The only think I can think of besides physical transmission here is hosting the public key on a public profile that's being broadcasted so you too can check in on the broadcast to check if there's nothing out of line. But a state actor can be assumed to have the capability of filtering the broadcast to mitm for particular targets whose communication with you, they want compromised.

It's physical or nothing is the tl; dr.

>>106504088
>>106504022
>i dont understand it so it's bad

>>106504086
What? No. If you're sending an email to a friend over an insecure channel conveying your public key, then the miitm attacker can take your key, swap it with their own and likewise the other way around. Now they can decrypt the communication encrypted with the planted keys and then reencrypt them (or modified messages) with the original public keys and transmit it forward.

Do you know how mitm even works?

>>106503147
What does the server see? Can the server tamper with the transfers? Can croc be torified on both sides to send a file with nobody knowing who is the sender, nobody knowing who is the recipient, and nobody knowing what data was sent?

>>106504103
If anything it's you who doesn't understand that theoretically, remote authentication is impossible without establishing a secure channel first and vice versa.

They used to teach this in the asymmetric encryption section of any cybersec book lol. The west has fallen.

>>106502484
Why aren't people using it to just send files to each other like OP suggests?

>>106504149
>What? No. If you're sending an email to a friend over an insecure channel conveying your public key, then the miitm attacker can take your key, swap it with their own and likewise the other way around.
ok but then you get nothing intelligible back and can say "clearly something is compromised, i'm going to try this again later/through a different channel/etc"

who would have thought that even the most advanced encryption methods would rely on having actually the correct key and your original cleartext communication actually getting anywhere properly

>just use le PHYSICAL LOL
ok so i find your usb key in a parking lot and overwrite it, wowwwwwww secret communications literally impossible ever!!!!

>>106504149
That's why you SIGN YOUR COMMUNICATIONS

only you have your secret key, and ideally your public key isn't something sent one time, it's something that's just always accessible. (the classic is just putting it on a page on your blog, and enterprise use is with certificates that last for years)

the danger of it being changed so someone can intercept it is basically equal to someone just sending you spam in the first place. this failure relies on
>glowies intercepting your mail and changing it in transit
>me somehow getting mail from you still and not suspecting a compromise now that you've used the wrong key
>OR not getting mail back from you ever so now glowies are having a conversation with you, not me, and you never noticing
>my public key not existing anywhere else and you being too stupid to just look it the fuck up

you're a prime target for getting phished

>>106504265
>ok but then you get nothing intelligible back
But you do? The attacker has your public key and the decrypted message from the sender retard. He can just passively listen without you realizing anything is amiss. Do you even know what asymmetric encryption is?

>who would have...
Yeah, that's what authentication in CIAAA is about.

>usb
You encrypt your key storage with a password yoj remember and not write down, duh.

>they'll beat the password out of me
Outside the scope of cryptography, but obfuscation methods exist.

>>106504364
>You encrypt your key storage with a password yoj remember and not write down, duh.
so i buy a similar model of stick and just leave a whole second stick there. sneakernet BTFO!!!!!!!!!!

>>106504149
only mt. stupid retards email the public key around as a one-off thing. i would leave mine on my github or something

and if (((THEY))) compromise that to change the key i've published there as well there's worse shit going on (and reasonably, people have probably saved the key locally AND i can just generate a new set, sign that communique with the old set, and move to a platform that isnt (as) compromised)

>>106500656
>>106504149
>what is certificate signing/chain of trust

>>106504363
Nigga. The mitm attacker can send you another fake key right back, you never need to suspect a thing? Why would you suspect a thing? The sender will send you his public key and they can intercept it too. Are you incapable of understanding that? To you, it's essentially imperceptible man.

If it's still not clear to you, spell out step by step how you'd exchange keys on a attacker controlled channel.

>In a public place
How often do you recheck your pgp keys after copying them into your mail client? One time interception of the personal blog to deliver you the wrong key is not impractical for a 3 letter agency.

>You're prime target for getting phished
You're a prime target for getting glowied.

>>106504455
Doesn't invalidate the attack, only makes it more and more impractical.

>>106504475
this is why you dont send your key once, you host it somewhere public. it's right in the name.

>>106504499
nvm actually youre right anon. secure communications are literally impossible.

>>106502010
Why do you think openssh is the problem and not opening the sftp port?

>>106504522
>host it somewhere public
Already covered in the same post

>secure connections are literally impossible
Over a distance, theoretically. In reality obviously it's impractical to do most of the attacks I say for anything less than a 3 letter agency (in whose case you should obviously take extra precautions). Know your threat models and actors blah blah blah.

Aside from the parts you're basically totally wrong, you're not wrong either. Perfect secrecy is just the hill I choose to die upon. (With the permissive cryptographic definition of a secure encryption being that the information is secure over the lifetime of it's usefulness, unless you're using one time pad (lol, if you have a secure channel for they key, just send the message nigga.) or expendable padding entropy (actually useful if you can exchange a large amount of random data but can only securely meet once)).

Fun talk, anon. Read a book. I graciously accept your concession.

>>106500299
Made by BitTorrent guy.

>>106504244
I can't speak for everyone, but there are simpler alternatives. Personally, I just have a web server and if I need to send a friend a file, I give him a private link to it.

>>106504638
>comparing cert based asymmetric crypto to OTP memery
they are for different things and work in wildly different ways. maybe you can't understand how to use pgp because you insist on keeping your public key secret, in complete contravention of what makes the system both secure AND convenient

>>106496316 (OP)
magic wormhole

>>106504666
something simple like a websocket on this server would allow u both to instantly share anything. thats how chats are and most browser games

>>106504875
That seems like a big complication for very little benefit. There are so many existing tools that work with basic HTTP that provide great flexibility in how he chooses to download the file.

>>106504929
>it seems like a big complication to use HTTP. Why not just use HTTP?

>>106504942
Are you trying to imply that websockets are HTTP?

>>106504971
no, i'm trying to imply that either way it's basically "just run a server locally, bro" and the only difference is what port you open and what application you install as a downloaded binary

>>106496316 (OP)
https://www.iroh.computer/sendme

>>106504981
What? Using HTTP, my friend does "wget https://example.com/somefile.zip". If we are going to use something based on websockets, he'd have to install something custom not available by default on every system he runs.

>>106505018
to allow that you still have to set up an HTTP server and last i checked W10 doesn't come with Apache or IIS

really the Pro Gaymer Move(ie the thing a gaymer would do because he is incompetent and lazy) would be to just let him rdp into your box

>>106505037
Oh, you were speaking generally. I was only speaking for how me and my friends do it. Hence my "I can't speak for everyone". I thought you were trying to give me tips. Me and my friend don't use Windows and already have web servers for other reasons. It's pretty convenient to be able to throw links to my boomer parents as well if I want to send them something since they can barely use a browser.

If we're talking Windows using gaymers, then they can of course use whatever depending on their needs. Set up an FTP server, use Nextcloud or similar, use OpenSSH, write your own custom solution.

copyparty

https://youtu.be/15_-hgsX2V0

>>106505114
Honestly probably the biggest obstacle in file transfers or generally just hosting anything at all is Windows. It lacks many useful tools Linux distros have out of the box, and it doesn't have a simple package manager allowing you to easily and safely install utilities that don't ship with the OS.

And in spite of all of that, Windows still manages to be a huge bloated piece of shit. I'm not sure how they do it.

>>106501558
Maybe on windows? You can just use any FTP server and client you trust.