Shish

I'm going to assume you're trolling at this point, but for the sake of clarifying the issue for future readers: No. It would not. Seriously, it wouldn't. You can stop thinking it would now, because it won't. Go take a math class and re-read my posts if you don't get why. At best, you're taking sub-atomic-sized security hole that nothing in this universe can fit through, and making it half the size. In exchange, the process for authenticating becomes more complicated, and the odds of a bug in the code (which is approximately infinity times more likely and infinity times more dangerous) go up. Meanwhile, the realistic attacks like a virus stealing your secrets remain as they were. It really isn't a worthwhile trade :| (Again, there are benefits to other auth schemes; but protection against guessing a key isn't one of them) ~ Bonus problem! Assuming that any of these suggestions for "stopping" guesswork attacks actually worked (they don't, but let's imagine) - how does one implement any of them in a strictly decentralised way, as is the main selling point of btsync?

Seems like you've started with that assumption in mind, ignored evidence against it, not given any evidence for it, and then declared it correct :-| ("I don't understand the maths, but my gut tells me [blah]" is not evidence) On the contrary, "one (sufficiently long) secret" is the most secure thing we have -> https://en.wikipedia.org/wiki/One-time_pad (To be clear: there are plenty of pros and cons for other authentication schemes - but in this thread I'm only talking about being able to guess access codes)

So username + password + code + correct time to enter code... are any of those things *impossible* to guess correctly? Nope. It's extremely unlikely, but getting in by guesswork is possible in theory. Why do we need to target? Just generate those 4 bits of data over and over again, all of them at random, eventually you'll find a match ("eventually" may mean "longer than the life of the universe", but it can happen in theory) Again, no you don't. Just randomly pick a secret+uuid, if it doesn't work, pick a new secret+uuid. Realistically you're never going to get both correct through pure guesswork; but realistically, you're never going to get a btsync secret correct through pure guesswork either. And again, a long pass phrase is /unlikely/ to be guessed, but is it *possible* to guess? Sure is. A key file? It's just data, that can be guessed too. ... so yeah. *nothing* is 100% immune to guesswork. But btsync is already 99.99999999999999999999999999999% immune, which is enough that basically ever other possible attack is more realistic, and it's a waste of time to worry about this one.

And what if someone guesses the username, password, and TOTP code? And what if someone guesses the UUID that allows them to get into a locked system? And what if someone guesses your truecrypt passphrase?

Suddenly I understand why highschool physics teaches children things that are aren't true. Having people learn something that is /close/ to the truth is much more useful than giving them the full truth and having them not understand any of it... With that in mind: Highschool explanation: No, your hash cannot be guessed. University explanation: Realistically, within the lifetime of this universe, your hash cannot be guessed.

The lottery is one in ~14,000,000. This is one in ~3,400,000,000,000,000,000,000,000,000,000,000. The odds of a random btsync collision are in the same region as the odds of everybody on the planet winning the lottery at once If you're willing to wait longer than several lifetimes of the universe before it happens once, then yes, it will happen "eventually". I get the point you're trying to make -- that if everybody prefixed their secrets with their username (for example), then there would /never/ be any collisions; but that isn't actually true, because of brute forcing and typos -- and the odds of somebody either brute-forcing or typoing an 8 character username + 8 character password that collide with someone else's are considerably higher than doing the same for a 32-character secret. In the end, it's only the /total length of all login details combined/ that matters, and so btsync's idea of "one long secret" is considerably stronger than the traditional "short username + short password".

If every person on earth had 1,000,000 unique shares, and you were making 1,000,000 guesses per second, it would be an average of 1079028300 years between each hit (Numbers not completely pulled from my ass, but there are some approximations there, like assuming the world has a population of 10 billion because dividing by 10 is easier than dividing by 7 If someone wants to be more accurate go ahead, though I'm fairly sure I'm in the right ballpark)