Does using a base64 secret make any difference?

[rdebath]

Most people don't seem to have noticed that you can enter a secret using the Base64 characters plus space (as long as there are 42 characters not including spaces) so the phrase "The quick brown fox jumps over the lazy dog" is actually a valid secret.

My question is what's actually done with this secret?

And how is it different from the handling of the 160bit secret?

For example, you can enter a secret of significantly more than 256 bits with this; but AES256 will only use 256 bits. Does it use SHA256 to make the real secret? Does it do the same with the 160bit secret?

[Disappointed Cat]

I've read somewhere (probably the security thread, by kos) that they use sha256 to hash the secrets and that 32 alpha-num characters are sufficient to genereate the entire keyspace. So in my book there's gonna be a collision for every 32+ char long secrets. I've generated my own 48 char long keys (384 bits) just because I can but I don't think it's doing me any extra.

(fix me)

[rdebath]

The 32 base32 characters only come to 160 bits of entropy so no, they don't fill the AES256 keyspace. But IMO they're big enough, the only reason that I don't think 128 bits is large enough is that it may be possible to engineer an birthday attack against BTSync because there are no user (share) names.

BTW: It only accepts the base64 set so 48 characters is "only" 288 bits not 384.

It might be that the info hash is 160 bits, in that case using a 256 bit key would mean that there are 79228162514264337593543950336 different passwords possible for each info hash.

This is useful because it removes the any possible utility of a birthday attack completely in two different ways.