Mimi

The attitude is the result of Harold's attitude! I didn't like his comment. And who is talking of reinventing the wheel? Disk encryption cannot solve this issue of storing sensitive data in plaintext. As soon as the disk is decrypted during boot up, then the file is no longer secure. Encrypting the sync.dat file could be a way forward, but this means Bittorrent Sync cannot access it. It would be better if Bittorrent Sync add "salt" to the secret key before writing it to file.

I think the current secret key is OK, except that the secret key is stored in plain text. Harold Feit closed the other thread with some nonesense. You cannot take my secret key (i.e. password) and store it in plain text, and now you tell me yadayada and close my thread. Bittorrent Lab tells us the following: "Can other BitTorrent users see my shared files? No. BitTorrent Sync is based on the BitTorrent protocol, but all the traffic is encrypted using a private key derived from the shared secret. Your files can be viewed and received only by the people with whom you share your private secret. What is a "secret" and how does it work? A secret is a key that connects different devices and joins them together." So if anyone with access to my private secret can view my files, then why is the secret stored in plaintext on my computer? Would you store UNIX (and perhaps Windows) password on disc in plaintext? Bittorrent Lab, please do whatever, but don't have the client store the secret in plaintext!

I started using Bittorrent Sync since 5 days, and so far I'm happy. But the one thing I am worried about is that the secret key is stored in the config files in plain text. Even on a computer with antivirus and firewall, this still pose a security risk. A trojan horse could send this to its owner, and voila, all my files can be access from elsewhere. I understand this software has been design from scratch. Right? Have you (Bittorrent Lab) not made any security considerations? In my opinion, this is like locking your house and leaving the key outside in the key hole. This is really worrying. I thought I found the software that does exactly what I want, but now I discover that the whole secret key is no "secret" at all. I'm hoping someone from Bittorrent Lab will respond to this. Mimi