MSch

Is it possible for a Server to speed up sync without being able to read the files?

Recommended Posts

Hi,

can I setup a BT Sync server that helps to distribute/cache the shared folder so that clients can download from that server (like with Dropbox) while keeping this server out of the loop what content is actually shared by the users?

E.g. is there a way to get some "cache-only" secret or something?

Thanks

Share this post


Link to post
Share on other sites

You can, but it is kind of tricky. If you will setup a user will mount his home directory to TrueCrypt volume and throw away all passwords, then you can't access to the files. Otherwise you will get access to all files.

Share this post


Link to post
Share on other sites

Anyone with root access to that system will also have access to your files, secrets and everything.

Also you have to trust the person setting up the shares or have direct access, i.e. SSH.

That's why so many of us are asking for encrypted read-only secrets/nodes.

Share this post


Link to post
Share on other sites

You can, but it is kind of tricky. If you will setup a user will mount his home directory to TrueCrypt volume and throw away all passwords, then you can't access to the files. Otherwise you will get access to all files.

That isn't a solution at all and the fact that this is an "official" workaround makes me trust in BTSync's security _a lot_ less. This is so trivially insecure it's laughable.

Share this post


Link to post
Share on other sites

That isn't a solution at all and the fact that this is an "official" workaround makes me trust in BTSync's security _a lot_ less. This is so trivially insecure it's laughable.

There currently is not a method built into BTSync that would allow for what you want, your secret is used to initiate contact between peers. It is not like a file system -- you cant just call up the one file you want but encrypted there has to be the initial contact between the peers then an encrypted tunnel of sorts is formed. So kos13 recommended working with what you have, if you are giving out a secret to anyone they could in turn give that away to someone else as well – that is a human issue and not something BTSync is currently equipped to handle.

Another possible temporary workaround would to be a file based encryption schema like encfs, then each user could have their own folder that gets mounted when they log in. But again if someone owns their box it doesn't make any difference the only thing that method would accomplish would be to protect the data on the "seedbox"(for lack of a better word) which would more than likely be better protected by default than the client computers that would be accessing the data.

Share this post


Link to post
Share on other sites

That isn't a solution at all and the fact that this is an "official" workaround makes me trust in BTSync's security _a lot_ less. This is so trivially insecure it's laughable.

It is not an "official" workaround and this is not a solution at all. There is nothing that is built into Sync, that will help you to achieve what you are looking for.

I hoped that craziness of the solution will make it clear, that this is a joke and there is no other solution.

kos

Share this post


Link to post
Share on other sites

In the mean-time you could set up a script to zip the files with a password and split them into chunks. 7zip supports command line input. The password on the zip would be the security if anyone compromised the server. For an extra level of security you could have two servers and send even numbered chunks to one server and odd numbered chunks to the other. You'd obviously then need a scrip to unzip them at the other end if you wanted it automated but it'd be pretty simple.

Not ideal but should work...

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now