It does, except it removes a giant advantage of magic wormhole: True end to end ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		mr_mitm on July 6, 2021 \| parent \| context \| favorite \| on: Transfer.sh – Easy file sharing from the command l... It does, except it removes a giant advantage of magic wormhole: True end to end encryption requiring only TOFU. The web version downloads JavaScript every time and unless a specific version is somehow pinned by default, you are in principle vulnerable to MitM attacks.

alephu5 on July 6, 2021 [–]

Host your own version and hash all the JavaScript sources https://www.srihash.org/

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact