Possibly a stupid question, but...

[ArniVidar]

Hey guys.

I've just been introduced to the concept of Bittorrent Sync as a possible replacement for cloud storage, and am just reading up on this pretty interesting concept.

I have, however, one (possibly) stupid question:

Since the only ID of a shared folder is a secret number, that secret number is randomly generated on one end, and is then shared via DHT over the web, two people could manage to randomly create the same secret key and then share it with their friends.

Then you would have two different sets of friends that have the same number, trying to access two different 'servers' that have the same number.

What would happen?

[handle]

The chances of that happening are so slim that they are basically none. If every atom on the earth had its own secret, it would still be highly unlikely for any of them to have a collision, let alone for humans of which there are significantly less, and even less when you consider how many humans use the internet, and even less when you consider how many people use bittorrent sync.

[ArniVidar]

Yes, I understand that the odds are astronomically small, but statistically speaking it is still just as likely to happen to me as it is likely to happen to nobody.

Since this method is hailed as a new and secure way to share your very important (and often valuable) data over the internet, if there are ANY odds that it can happen, the mere possibility of somebody rambling by accident into your server is still a daunting thought.

[handle]

Another thing about cryptography is that it doesn't make things impossible. Instead, it makes things so unlikely/difficult that it might as well not be possible.

However small of a chance you think it is, it's smaller than that. And smaller than even that, etc.

The chances of winning a lottery is something like 1 in 100,000,000. That's quite a lot, and considering many people put a ticket into the lottery weekly and still win nothing ever in their lives, that's quite a small chance.

Now, this system.

The total possible number of keys with 21 bytes is a lot. Compensating for the birthday paradox, we would need to divide this number by two to find out the chances of finding a collision.

The chances of finding a collision is 1 in 187,072,209,578,355,573,530,071,658,587,684,226,515,959,365,500,928. And that's AFTER being divided by two. If this were a lottery, you could put in a ticket once every microsecond, dare every nanosecond, and still win nothing if you played for centuries.

Not only this, but this is just the default 21 bytes. If you create a longer random key, that number increases exponentially per character you add, provided it's completely random.

[ArniVidar]

All very true, but the old axiom "Anything that can happen, will happen" usually holds true as well. And with my rotten luck I'd probably see it happen twice on my server. Murphy hates me!

[handle]

If that axiom held true, the entire internet would be broken. It does not apply here.

[deux]

In terms of probability, the likelihood of your PC or laptop getting stolen is probably higher than someone generating the same secret.

[GreatMarko]

Since the only ID of a shared folder is a secret number, that secret number is randomly generated on one end, and is then shared via DHT over the web, two people could manage to randomly create the same secret key and then share it with their friends.

The chances of two people managing to "randomly create the same secret" are near impossible!

Please see "How secure are "secrets"... can they be guessed" in the Unofficial FAQ

[Shot2]

However, since secrets are not necessarily created randomly, what are the odds of two enthusiast geeks creating a same secret e.g. "ALLY0URBASEAREBEL0NGT0US"? remarkably high, methinks.