mrf

Members
  • Content Count

    5
  • Joined

  • Last visited

About mrf

  • Rank
    New User

Profile Information

  • Gender
    Not Telling
  1. Yes, I sure changed my secrets length. And yes, the folders with the same names would be the idea. The transport is AES encrypted, not the secret though it's a 32 bit Base64 phrase, which is nowhere near as secure as AES. Aren't you a team member? You should know this.
  2. @verloren: Your calculation is for a directed attack on one key. We are talking about undirected attacks here. You are forgetting that with every added shared folder the chances are doubled. --> The more folders are shared the easier it becomes to guess a random key. With no secondary security in place BitTorrent Sync will just become less secure with more users and more folders shared.
  3. The recommended minimum RSA public_key length is going up from 1024 to 2048 after 31st December 2013[1]. Also RSA is an asymmetric system. Yours is symmetric afaik. This indicates that your 32 char length is not secure in any way.[2] [1]See here: http://news.netcraft.com/archives/2012/09/10/minimum-rsa-public-key-lengths-guidelines-or-rules.html [2]More to read: http://en.wikipedia.org/wiki/Key_size#Symmetric_algorithm_key_lengths
  4. I have major problems with the security in BitTorrent Sync: Currently a "secret" that is generated by the sync app is a 32 character Base64 phrase. Now, targeted attacks might be very hard or near impossible without the attacker having more information, but untargeted attacks by just guessing ramdom keys en masse are very possible and likely. Also likely are accidental key collisions, depending on how many users share how many folders. The more folders are shared the higher the chance of 2 equal keys generated by different users. I know that the length of the key is variable and thereby can b