Morethought Posted May 2, 2013 Report Share Posted May 2, 2013 If you type in a code to get access to a folder, won't the network of peers/seeds/tracker have access to the code so that anyone up the chain of your discovery would be able to access the code? Or are you hashing the code some way so that the codes themselves are not known?I am interested what keeps your data "secret" with a peer to peer network where everyone is connected too and all you need is a code to gain access. What keeps other people from sniffing/obtaining access by listening to the network of people connected and their attempts to get initiated with some folder somewhere? Link to comment Share on other sites More sharing options...
GreatMarko Posted May 2, 2013 Report Share Posted May 2, 2013 Sync uses AES encryption for secrets.Please search the forum, there's very active thread on security here which may be of interested Link to comment Share on other sites More sharing options...
affinity Posted May 3, 2013 Report Share Posted May 3, 2013 The "stock" standard master secrets are 32 characters of base32 form -- that covers upper A-Z and 2-7 .... no zeros, no ones, everything is readable by a human (without confusion).Now there are a great deal of combinations in play here, but it only takes ONE collision to randomly occur and you can expose a bunch of otherwise private files. The 32 characters gives 160 bits coverage.... that is the weakest link, it doesn't matter that transfers are done using AES-256 if the secret is shorter and the secret is ALL that is required to gain access to the folder -- once you have access, the encryption could be AES-1024, it wouldn't matter, you already have access (through the weakest link).I do like the idea of public/private keys and I would be more comfortable with that as a second factor of authentication; but it can get too complicated for the masses. To keep it simpler, a list of authorized email addresses for a secret would virtually guarantee that you will be extremely safe from any possible random collision. You need the nice long secret AND you need an approved email address or you've got no access. The "email addresses" don't even have to be real, although it might be better if they were. Of course there will still be a problem if an email was intercepted (at any point) and such email had the secret key passed in clear text, unless fake email addresses are known to be required to connect and the fake email addresses are given via other means (not via email).On the public/private key idea, it would be good if an ssh like authorized_keys file could be kept, the only trouble with that is that it is hard to know which line belongs for which authorized accessor ... unless you keep good track of each public key component otherwise....The first creator of a secret key must become the "owner" and there needs to be a simple /hidden/ or otherwise special file in the master shared folder with a list of approved email addresses that will never be sent to another machine. ever.And it will be a WPS type failure if a secret was said to be okay and then the email address was asked for. Both need to be confirmed as 100% correct as a pair before a denial or acceptance response is given.If private/public keys can come into play, then an ssh style authorized_keys file could easily be used at the master end. Link to comment Share on other sites More sharing options...
Morethought Posted May 3, 2013 Author Report Share Posted May 3, 2013 I would prefer a user name too, cracking random codes is one thing, but if you have to do that AND know what a user name is as well? I would feel a lot safer if it was not just a random code. I know the statistics are so ridiculous but still, I feel like right now it is security through obscurity, which is always bad. It just happens that the level of obscurity is very high, sure, but I can't help but feel I would not want to put important and personal info on there with just a single code protecting it. Someone always wins the lottery somewhere. It is only a matter of time of random searching before someone hits on someone's data. It may be "improbable" but it is not "impossible", whereas it is impossible to randomly guess a code for an unknown user name. Link to comment Share on other sites More sharing options...
gurkesaft Posted July 28, 2013 Report Share Posted July 28, 2013 I agree that "just a key" is a little scary. Having a valid email address associated with it would be one way to avoid collisions.Another approach would be to require at least one device on the network to "approve" new members.Currently if someone gets their hands on your key (which isn't a password living in your brain, making it less secure), they can just hop aboard and start stealing information before anyone notices!!! Link to comment Share on other sites More sharing options...
Harold Feit Posted July 28, 2013 Report Share Posted July 28, 2013 There are already enough topics open on the security of the secret keys. Link to comment Share on other sites More sharing options...
Recommended Posts