I submitted the original post and while I agree that fetching the list of trackers in the clear isn't itself insecure, it does raise questions about the end-to-end exchange. The subsequent connections appear to be encrypted, though I haven't analyzed them in detail, they do "nonce" here and there and generally look sufficiently unintelligible as to provide confidence. That being said, I guess the primary concern is whether an attacker could inject or induce a connection to an untrusted tracker and thereby cause a client to disclose its secret key, protected data, or surreptitiously join a swarm.
E.G.: A MITM/ session-replay attack which captures the initial exchange, forwards it to a malicious peer, and proxies the rest of the connection. Just because the connection is encrypted does not ensure that its initial identity is known.
Btsync Stars On Httpshaming
in Sync General Discussion
Posted · Edited by phkn1
Hi all,
I submitted the original post and while I agree that fetching the list of trackers in the clear isn't itself insecure, it does raise questions about the end-to-end exchange. The subsequent connections appear to be encrypted, though I haven't analyzed them in detail, they do "nonce" here and there and generally look sufficiently unintelligible as to provide confidence. That being said, I guess the primary concern is whether an attacker could inject or induce a connection to an untrusted tracker and thereby cause a client to disclose its secret key, protected data, or surreptitiously join a swarm.
E.G.: A MITM/ session-replay attack which captures the initial exchange, forwards it to a malicious peer, and proxies the rest of the connection. Just because the connection is encrypted does not ensure that its initial identity is known.