What does BTSync send to DHT or trackers?


Recommended Posts

On http://labs.bittorre...technology.html it says

The tracker server sees the combination of SHA2(secret):ip:port and helps peers connect directly

What does BTSync send if my full access secret is AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA and I use tracker or DHT?

Does it send AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA or a SHA-256 or SHA-512 or another hash of that secret?

I've turned of the relay server, because I don't want all my files stored on other peoples server, but if it sends the regular secret without hashing it the trackers can just add that to their BTSync client and get the files from me.

What does the URL look like? I know how the trackers work on regular BitTorrent Clients, so I'm curious what BTSync sends where.

And what tracker does BTSync use? Can you choose yourself?

Link to post
Share on other sites

Agree, this is also a concern to me. If those guys who run trackers can see all my folder hashes, they can just add my hashes to their BTSync clients and steal all my files. If it really operates in such a way, BTSync is not a secure product at all, and only suitable for public data distribution.

Link to post
Share on other sites

Before accusing anyone, why not taking a look for yourselves with tools like Wireshark http://www.wireshark.org/download.html ?

I have not had time to do it, but I am certain you can take a peek at the payloads being sent etc.

I'm not accusing them. I was hoping they sent a hash, and not the actual secret.

And you won't see much interesting with Wireshark if they use SSL, and BTSync looks really thought through...

The tracker will see a SHA of your secret (not the secret itself), your IP address and port number.

You can disable the use of the tracker in the folder preferences ("Use Tracker Server").

Thanks. I'm fine with that.


So what tracker does it use?

Do BitTorrent, Inc. host it, or do they use regular public trackers?

Is it just one tracker, or a list of multiple trackers?

Link to post
Share on other sites


This topic is now archived and is closed to further replies.