Better Control Over Peer Devices: Approve New And Display History


Recommended Posts

Posted

I think most of the security concerns about BTSync (apart from it not being open source) could be addressed with a little better control over peer devices, especially new ones.

 

1. You should be able to set folder options the first time you create the folder. As it is now, you have to create the folder first, it is created will all the default options (which means the BTSync tracker knows the secret) and then you can switch to known devices or LAN sync only.

 

2. As an per-folder-option, you should choose whether you have to approve new peer devices accessing that folder. This is not perfect because device names can be spoofed and you have no control over what happens at other nodes, but it is a first step. Later there could be fingerprints or something, if needed.

 

3. The "known" peer devices for a folder (i.e. all devices that have ever synced something) should be recorded and displayed in the GUI somewhere. Maybe the type of secret the device used (RW, RO, ERO) could also be displayed.

 

These are all GUI requirements and can be done without changes to the protocol.

 

 

Nice-to-have but requiring a protocol change would be:

4. The known peer devices from #3 are distributed to other nodes as part of the share. So each device knows every other device that has ever accessed the share. This would be great for distributing networks.

 

  • 7 months later...
Posted

Totally agreed Chris. Not having proper approval for when a peer is added to a network is the single biggest drawback of BTSync and the new "link approval" doesn't solve it.

 

The more people write tools around the BTSync API the more we'll have to provide our keys which makes them easy to harvest and without any access control the data is vulnerable.

ie on some NAS devices they are unofficial compiles for BTSync. How super easy would it be to keep track of all the master keys users enter and then access their data.

 

So again I agree that your points are needed +1


This topic has some good implementation ideas for points 2,3,4

http://forum.bittorrent.com/topic/30679-now-implemented-interactive-pairing/

  • 3 weeks later...
Posted

I hope you saw a Sync 2.0. You could now granularly control user access for a folder. Some of the ideas are already implemented, but not all of them. I also want to point out, that Sync uses X509 based PKI security to achieve that. Cost of that - there are no keys for new folders.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.