trintoidz Posted September 1, 2013 Report Share Posted September 1, 2013 On http://labs.bittorre...technology.html it saysThe tracker server sees the combination of SHA2(secret):ip:port and helps peers connect directlyWhat does BTSync send if my full access secret is AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA and I use tracker or DHT?Does it send AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA or a SHA-256 or SHA-512 or another hash of that secret?I've turned of the relay server, because I don't want all my files stored on other peoples server, but if it sends the regular secret without hashing it the trackers can just add that to their BTSync client and get the files from me.What does the URL look like? I know how the trackers work on regular BitTorrent Clients, so I'm curious what BTSync sends where.And what tracker does BTSync use? Can you choose yourself? Quote Link to comment Share on other sites More sharing options...
vtc Posted September 2, 2013 Report Share Posted September 2, 2013 Agree, this is also a concern to me. If those guys who run trackers can see all my folder hashes, they can just add my hashes to their BTSync clients and steal all my files. If it really operates in such a way, BTSync is not a secure product at all, and only suitable for public data distribution. Quote Link to comment Share on other sites More sharing options...
nils Posted September 2, 2013 Report Share Posted September 2, 2013 Before accusing anyone, why not taking a look for yourselves with tools like Wireshark http://www.wireshark.org/download.html ?I have not had time to do it, but I am certain you can take a peek at the payloads being sent etc. Quote Link to comment Share on other sites More sharing options...
peter.m.calloway Posted September 2, 2013 Report Share Posted September 2, 2013 The tracker will see a SHA of your secret (not the secret itself), your IP address and port number.You can disable the use of the tracker in the folder preferences ("Use Tracker Server"). Quote Link to comment Share on other sites More sharing options...
peter.m.calloway Posted September 2, 2013 Report Share Posted September 2, 2013 Additionally, you can read this thread: Quote Link to comment Share on other sites More sharing options...
trintoidz Posted September 2, 2013 Author Report Share Posted September 2, 2013 Before accusing anyone, why not taking a look for yourselves with tools like Wireshark http://www.wireshark.org/download.html ?I have not had time to do it, but I am certain you can take a peek at the payloads being sent etc.I'm not accusing them. I was hoping they sent a hash, and not the actual secret.And you won't see much interesting with Wireshark if they use SSL, and BTSync looks really thought through...The tracker will see a SHA of your secret (not the secret itself), your IP address and port number.You can disable the use of the tracker in the folder preferences ("Use Tracker Server").Thanks. I'm fine with that._______________________So what tracker does it use?Do BitTorrent, Inc. host it, or do they use regular public trackers?Is it just one tracker, or a list of multiple trackers? Quote Link to comment Share on other sites More sharing options...
peter.m.calloway Posted September 3, 2013 Report Share Posted September 3, 2013 So what tracker does it use?Do BitTorrent, Inc. host it, or do they use regular public trackers?Is it just one tracker, or a list of multiple trackers?As far as I know, the tracker is hosted by BitTorrent (with the help of Amazon EC2 according to my own investigation ?)Maybe some one from BiT could confirm or disconfirm that. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.