jtroth

Members
  • Content Count

    14
  • Joined

  • Last visited

About jtroth

  • Rank
    Member

Profile Information

  • Gender
    Not Telling
  1. You could use the encrypted backup key for this. It saves btsync'd files in encrypted format on target machines, Search around the forums for instructions on how to use it.
  2. Super cool, and really want to try it out. Unfortunately, can't get it working. I run python syncnet.py and the GUI comes up; I'm assuming I have the enaml dependency resolved correctly. I have python-btsync, wasn't sure where syncnet needs this so I just symlinked it into the same directory as syncnet.py. I have btsync running with default un/pass/port and have included my api key into the config.json file (does this need to run in the same directory as syncnet?). Btsync is running and the api works as expected. When I enter "sync://B4KWMK3VBJSH35YZMS7ZEMSQ6XNVBHALY", nothing happens,
  3. To encrypt a string on a linux box: echo '$BTSYNC_SECRET' | openssl enc -base64 -e -aes-256-cbc -nosalt -pass pass:correct_horse_battery_staple This generates the string "dSsDqj3ilLCNosmWNYpbzA==". You can send this, in the clear, to your friend. Your friend will then enter: echo "dSsDqj3ilLCNosmWNYpbzA==" | openssl enc -base64 -d -aes-256-cbc -nosalt -pass pass:correct_horse_battery_staple Then just tell them the password through some other channel. Sometimes if I'm lazy, I'll just put the key in a password protected pdf/rar/word doc and attach it to an email.
  4. I've made some improvements to this, and have added a more feature rich file manager. My favorite feature is that you can now edit and save text files from the web if you've entered a full-access key. File creation/uploading will probably come in the next few days. Demo: https://www.btcloudsync.com/a-mixed-bag
  5. @deadserious What functionality do you need? If you're looking to create/remove shared folders, the linux client exposes a REST api that can work in a pinch. @ctismer You're right. The BT team is probably the best in the world at solving the NAT traversal problem, but it simply does not yet have the reliability of dropbox (and reliability is usually the most important factor in transferring high value data). In my experience, LAN sync works well, and sync with publicly accessible nodes works well.....but when you have nodes behind several layers of NAT, QoS starts degrading quickly. Such
  6. This runs on BitTorrent, so the tracker (or DHT) gives a list of every host sharing a given folder. If you want to know which hosts are communicating with Alice, just ping the tracker with Alice's invite secret every second. This gives a list of every host initiating a conversation with Alice; you can then do reverse lookups on these hosts to find the initiating accounts (reverse lookups might be tough if it's difficult to enumerate all nonsa namespaces). Perhaps this is acceptable for your requirements.....I don't know your threat model. Can you elaborate on how this works? I don'
  7. I like this idea. Few questions/clarifications. Is this intended to hide "metadata"? Could an omniscient adversary determine which users are messaging each other? If nonsa is truly private, it would be substantially better than PGP and significantly more scalable than BitMessage (it might provide some strong defenses against spam as well). Is 'private metadata' a requirement with which you designed the platform? If you're hashing the user id, any reason why you aren't also hashing the writeable invite key as well? When it's hashed, spammers can't just send messages to every account in the
  8. I've seen some people set their btsync device name as their vol folder secret. So, let's say we're both friends with Dimtar, you could see my vol secret as a shared node with Dimtar's folder. A clever, decentralized way of seeing "friends of friends."
  9. Yes, I have designed the site to prevent enumeration of shared secrets and the shares' 'nicknames.' This is done with OS level permissions. I've tried to keep things as simple as possible; there is no database so no vector for sql injection. Both the BTSync process (which owns everyone's files) and the web server are given very limited access, so even if someone could get code from their shares to execute on the server, they wouldn't be able to do much (and I've also protected against remote code execution). The weak link is the BTSync process......but these guys seem like they know their
  10. BTSync is a really high quality product and I thoroughly enjoy using it. You guys are great; thanks for all your work. Over the past couple weekends, I've put together a site that gives me public access to my sync folders. Did this for a couple reasons..... 1. My computers are seldom on at the same time (when I go to work, my laptop goes to sleep, when I come back home, my work computer gets disconnected from the internet, phone has limited space), and I needed an 'always online' node. 2. I wanted read/write access to my shares without having to sync on the local device. 3. I'd like to st