I have major problems with the security in BitTorrent Sync: Currently a "secret" that is generated by the sync app is a 32 character Base64 phrase. Now, targeted attacks might be very hard or near impossible without the attacker having more information, but untargeted attacks by just guessing ramdom keys en masse are very possible and likely. Also likely are accidental key collisions, depending on how many users share how many folders. The more folders are shared the higher the chance of 2 equal keys generated by different users. I know that the length of the key is variable and thereby can be changed by the user, which everyone should be doing right now, but that's not enough for the ones using the generated secrets. A simple and effective way to make these random attacks much harder would be to enforce the name of the shared folder to be the same on all machines in combination with the secret. The changes for the Bittorrent Sync API would be minimal as only the Sha2(foldername) would have to be added everywhere. Currently: SHA2(Secret):ip:port Possibly: SHA2(Secret):SHA2(foldername):ip:port What do you think? PS: I mean the folder basename not its path. So /home/user/Syncme/my_shared_folder should become my_shared_folder for use in this case.