CrayTo5

Members
  • Posts

    14
  • Joined

  • Last visited

  • Days Won

    1

Posts posted by CrayTo5

  1. This is an important problem, and an effective solution would significantly enhance BTSync security. The issue isn't entirely technical, nor is is limited to BTSync. It's a Social Engineering issue. Basically, if I share a secret with a "trusted" friend, and he/she betrays that trust by sharing the secret with others, the "Genie is out of the bottle" - forever. 

     

    One idea that comes to mind to mitigate:

     

    BTSync keys currently have a prefix that differentiates RW, RO, and E-RO secrets. Would it be possible to add another field that defines how many nodes can share the key? Let's say the person who originates the network intends the key to be used on precisely 10 nodes, and set this key parameter before distributing keys. Theoretically, an uninvited 11th node would fail to connect - (assuming that the undesired 11th node was the last device to join the network). 

     

    I can already think of faults with this kludgy idea, but perhaps others have better ideas to tackle this.

  2. There is no "DHT server". The D in DHT stands for Distributed.

    DHT nodes are run by basically everyone that uses DHT in sync.

    Thanks for clarifying this. So the correct thing I should have said is that trackers are managed by BT, and DHT is a distributed discovery system.

     

    Neither the tracker nor any node in the DHT actually knows what files you have stored in the secrets. They ONLY have the secret's identifier code and a list of IP+port combinations running on the identifier.

     

    Thank you for putting this statement out there. I understand that there is no public code review possible at present, so I accept at face value your explanation that files and content can't be read by trackers or over DHT. Also your description of the metadata that can be viewed by the the BT trackers or DHT is appreciated!

  3. wgregori:

     

    I believe that the tracker and DHT servers belong to Bittorrent. Apparently they are not able to see the content of your synced files. It's all a matter of trust, since BTSync is not open source, and its code can not be audited by 3rd parties. Here is a forum thread which discusses tracker vs DHT in some detail:

     

    http://forum.bittorrent.com/topic/13102-dht-vs-tracker-server/

     

    You can also opt out of tracker and DHT discovery in the settings. As Harold Feit mentioned, you can use "Predefined Hosts" .. basically direct IP address to IP address connection without touching Bittorrent hardware. This should work in cases where your devices have Static IP addresses, and also where you have UPnP configured routers or admin access to the routers your devices may be behind -  to forward the necessary ports.

     

    Hope this is helpful.

  4. Sounds like you want to sync one Synology NAS (syno1) with another Synology (syno2) over the WAN. You don't have to manually add a device, having the same BTSync secret on both devices accomplishes this.  

     

    (1) If you haven't already done so, install the BTSync on each NAS using the SynoCommunity repository.

     

    (2) Create a sync folder on  syno1 using the web-based BtSync GUI. Generate a secret, and point the UI to the folder you created. SAVE THE SECRET in a safe location.

     

    (3) On syno2, create a sync folder using the web-based GUI. Point the UI to the sync folder on syno2, BUT copy the secret generated earlier on syno1 into the secret field. 

     

    If either NAS is behind a firewalled router, and you have UPnP disabled, you might have to forward ports to the local IP address of each Synology on each LAN. Forward ports 3838 (UDP) and also the local "Listening Port" (UDP) ... which is shown in the GUI for each NAS under Preferences > Settings.

     

    Good luck.

  5. Really great advice here, thanks to all!

     

    However, if I had a mission critical secret to send remotely - I would not trust any 1 communication system, since it might be compromised - and reveal the secret to adversaries.

     

    "Shamir's Secret Sharing" is a crypto algorithm designed to solve this dilemma. It splits a secret into pieces. You can send each piece separately by different means (ex. encrypted email, OTR, SMS). Only when the intended recipient receives all the pieces can the secret be re-constructed.

     

    A very easy to use Windows implementation of this scheme is called  "Secret Sharp" 

    http://sourceforge.net/projects/secretsharp/ . There is another for Linux called ssss, but I am not familiar with it

  6. When you install BTSync on your Synology, there should have been a prompt to create a web access to configure the BTSync installation on your NAS. 

     

    In my setup, I can access this configuration page by using my web browser to log into my Synology, and then using the pull down menu to access the installed BtSync application. From here, you can click on "Add Folder", and the resulting configuration box will ask you to enter your "secret", and the path to the folder on your Synology that you desire to have synced with the folder on your your iPhone device where you keep your photos.

  7. I was experiencing problems with BTSync on my NAS. Synced perfectly to other devices inside my LAN, but not over WAN. I tested forwarding "listening port" (UDP) + port 3838 (UDP) from router to NAS -  and now I can sync over the internet.

     

    I still have 2 questions:

     

    (1) Is UDP only sufficient ... or should I go to UDP + TCP on both ports?

     

    (2) What is the purpose of opening port 3838? What service does it connect to?

     

    Thanks.