milesrotaru

Members
  • Content Count

    6
  • Joined

  • Last visited

About milesrotaru

  • Rank
    New User

Profile Information

  • Gender
    Not Telling
  1. Sweet! I couldn't find any confirmation of that earlier. Good to know.
  2. Items disappear from the Devices tab when those devices are powered off or not running BT Sync. This makes it hard to keep track of all your peers. I suggest listing every device that has ever connected to one of your shared folders since the last time the secret for that folder was changed. And there could be an indicator for whether or not the device is currently online.
  3. Good point, Zbig. I also suppose if someone had enough access to a machine to steal the secret for a shared folder, they could just as easily steal the folder itself. One could share a Truecrypt volume to get around that but I don't think BT Sync hashes files in small chunks and sends only the changed parts like Dropbox does.
  4. Ooooooh. I misunderstood how those work. Thanks! Could a person I shared a one-time secret with invite more people to the folder? I'd really like to maintain control of the folder without restricting people from adding files. Even though sharing a one-time key seems a lot safer it looks like the recipient still gets the master secret and could then do something stupid like let it get stolen. If there was something like a personal master password for viewing for viewing or changing your secrets, which were encrypted, that would at least prevent accidental leaking.
  5. Are you suggesting sending out new one-time secrets every 24 hours? (or some other interval) That would be pretty good if there was a way to automate it. The usage scenario I have in mind is long term folder sharing with a small number of peers. The only way I can think to handle that with one-time secrets is to manually generate and send one out via encrypted email every morning, which my peers would then manually copy and paste into the program. It would be a security improvement I guess but not an elegant solution. Maybe with an API I could set up something cleverer.
  6. I have a few concerns about the way BitTorrent Sync handles secrets, and I'd like to know if the developers plan to address any of them in the future. There's no built in way to share secrets securely. A non technical person would be tempted to just send out the secret to their peers via IM or email, which is horribly insecure. The only safe way I've thought of to handle this is some other encrypted channel or a scheme involving PGP. Some implementation of PGP encryption built into the program for the purpose of exchanging secrets would be great. Secondly, secrets are poorly protected. I'm onl