Usefulness of one-time codes?


Recommended Posts

I just tested a one time code out from my linux VPS to my windows desktop. I thought it was going to be some secure thing where someone can use the code once and now only they can access it and not let anyone else get access... But it seems I was mistaken because after I used the one time code the properties for the folder has the full code right there to be seen and given out to other people without your permission, basically making the one time'ness completely useless it seems.

Am I wrong? I know there would be some limited usefulness of having one code but if the person who uses it can then get the full code to distribute isn't that a bit useless? I may be missing something, if so please let me know.

Link to comment
Share on other sites

It's used to transfer the real key over an encrypted channel, I believe. Useful for if you want to give someone you trust full access, but, you don't trust you means of the connection between you two.

Basically, you give them a one time key, they connect to you, the channel is encrypted, then BTSync transfers the real key, then the OTK is marked as invalid, then they reconnect using the real key.

Link to comment
Share on other sites

Oh that would make sense then. A tooltip or something to describe the purpose would be very useful. I would like to hope at some point that perhaps a second type of one time code exists where some how it lets someone gain access but not be able to have the full code to give out maybe? Not sure, it may not be possible with the technology the way it is but it is an idea, which I thought was already the case. Thats why I only just now tested it because I thought I knew what was meant by one-time but eventually wanted to test to make sure.

But that for sure is useful now you have brought that up.

Link to comment
Share on other sites

AFAIR, when you give a one-time read-only code to someone, they don't see the full (master) key in the UI. Anyway, if you're concerned with giving someone an access to some data and then worrying what they could do with it, maybe you shouldn't have given it in the first place? ;) After all, even when unable to invite others to the BTSync cloud, he or she can burn the data to CD-Rs, e-mail it to friends, print it in the newspaper, create their own BTSync cloud... you get the idea ;) What you have in mind is called DRM and is little out of scope of the data sync tool :)

Link to comment
Share on other sites

Yeah I was just thinking of like "VIP Access" folders where people can share their work etc, but not be able to go giving that same full level access out to other people. Thats what I thought a one-time full code would do. I only tested it on the offchance that I was wrong. I was lol. Still, it is useful to securely get a code to people, I just wish they would add that as an added tickbox option to prevent a person from distributing a code to other people to make sure that only the person who you gave the code can possibly access the folder via that original code. But make it optional, so you still can give someone you trust full access by using a one-time code for secure setup initially.

Link to comment
Share on other sites

that would only give people a false sense of security. golden rule goes: once you gave somebody else access to your files, they can do with them whatever they like and you can't do much about that - period. so, you should only share your files with people you trust, technology can't do nothing for ya here.

it's funny; same sorts of proposals appear on dropbox forums on and on, no arguments help...

Link to comment
Share on other sites

that would only give people a false sense of security. golden rule goes: once you gave somebody else access to your files, they can do with them whatever they like and you can't do much about that - period. so, you should only share your files with people you trust, technology can't do nothing for ya here.

it's funny; same sorts of proposals appear on dropbox forums on and on, no arguments help...

I know this, I am talking more of a "If you are a member of this you get access to that" so you want people to have full access to fully participate and share their work etc but without the temptation to go giving other people direct access to do the same as themselves. I am not worried about the data, just that a person could give full access to other people at any time. Do you know what I mean?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share