Protecting Access To The Keys?

[wipeout]

Hi all..

 

Just came across Bittorrent Sync yesterday and it really seems the ideal solution for our small business to maintain shared files between our 5 laptops except for one major security risk for us..

 

The issue is the admin can't protect the key of a share with a password.. So what worries me is if one of the users got hold of the key (which they can easily do by opening the app and right clicking the share) they could pass it on and allow anyone to sync the share. For us this is a major security risk especially when a staff member is leaving the company..

 

Is there any way to password protect access to the key? or is there any feature request for this functionality being worked on?

 

Thanks..

[dms2013]

Thumbs up to this idea.

[Zbig]

This one has already been talked here over and over. Once you have the data, you have the data, there's just no point in introducing an elaborate level of key viewing rights just to make unauthorized relaying of the data further this tiny little bit more inconvenient. Hint: would that stop you from just creating your own "sub-cloud" from the very same folder (or just sharing it using one of the metric gazillion of other ways, for that matter)?

[wipeout]

This one has already been talked here over and over. Once you have the data, you have the data, there's just no point in introducing an elaborate level of key viewing rights just to make unauthorized relaying of the data further this tiny little bit more inconvenient. Hint: would that stop you from just creating your own "sub-cloud" from the very same folder (or just sharing it using one of the metric gazillion of other ways, for that matter)?

 

Just like the Linux client has a user/password challenge to be able to access the web gui and share details or keys I believe it would be very useful to have an additional layer of protection for admins to restrict the creation and modification of shares and protect the keys..

 

I understand the point of view you are trying to make but I believe it's fundamentally flawed.. Following that thought process why implement key security or encryption or any other the other security measures?

 

The point of any security is making it incrementally harder for the data to be compromised.. I simply don't see how NOT having an optional password to protect access to the settings and keys is better than having the option.. Choosing to use it or not is up to your particular use case..

[goldant]

I would love to see public/private keys on bit torrent sync, but only for host verification. If you want the convenience of being able to use DHT and absolute security...etc, have a pop-up when a new public key tries to fetch/share data with your client. Both clients need to manually accept each others public key.

 

I wouldn't be surprised to see something like this in bit torrent sync enterpise.

[wipeout]

I would love to see public/private keys on bit torrent sync, but only for host verification. If you want the convenience of being able to use DHT and absolute security...etc, have a pop-up when a new public key tries to fetch/share data with your client. Both clients need to manually accept each others public key.

 

I wouldn't be surprised to see something like this in bit torrent sync enterpise.

 

That would be an interesting addition for sure but might make the use of Sync significantly more complicated for users, especially those with lower tech abilities that want something that "just works".. What I am asking for is far simpler, a way to better protect or preserve the integrity of an installation from users with little knowledge or malicious intent..

 

The scenario where a user inadvertently shares a key thinking it's the right thing to do is probably more relevant than malicious intent and since there is no ability to "remote wipe" a copy it makes sense to protect system end users from mistakenly or intentionally distributing the keys by setting an admin password to access the configuration..