How secure is the secret?


Recommended Posts


Sorry for such a noob question - but I was just wondering - given Bittorrent only has a single line for the secret - how secure is this?

For instance- I'm used to applications that require a username & a password, so not only would you have to guess the right pwd, you would also be required to guess the matching username against it.

With BTSync, it seems as though someone just needs to start with an auto-incremental attempt to connect to the service, and they will eventually get a secret that matches someone's computer.

Now - I admit, I'm igorant, and maybe it's much more complicated than that, or maybe BTSync has some checks in place to disable IP's from connecting if multiple attempts are made - I'm not sure, but would be interested to know.



Link to comment
Share on other sites

It's been discussed many times (search is your friend), but basically if you guessed a million secrets per second from now until the sun swallowed up the earth you'd be incredibly unlikely to get a single match, even if everyone on earth had a million secrets each. It seemed unlikely to me at first as well, but that's how the numbers work out!

Link to comment
Share on other sites

Thanks - I did try a google search, but failed in my attempt. (I guess I just don't type in the right thing for the search engine).

That's quite complex - I didn't realise it was that involved. Thanks for the feedback!

Link to comment
Share on other sites

Assuming a 164 bit number.

It's roughly equivalent to finding one atom out of all the atoms that make up the earth.

(numbers are for scale, not complete accuracy)

It would take one person a thousand years to calculate the same number of hashes as there are atoms in a grain of sand.

It would take a million people 1 day to calculate the same number of hashes as 1 grain of sand equivalent.

It those million upgraded their systems constantly it would take decades to calculate hashes equal to the number of atoms in a handful of sand.

If you expand this out to everyone on the planet after decades you would still only be equivalent to a the atoms of a dump truck full of sand.

Also stronger the hash algorithm those times would go way way up.

Assuming a 256 bit number and you go into the number of atoms in all the universe realm.

Of course this is all moot if someone has physical access to your computer. They can just copy the files out of your directory. :)

Link to comment
Share on other sites

This topic is now closed to further replies.