Secret Need To Be Hashed Before Connecting To Relay Server


tridephysique

Recommended Posts

Hello everybody,

 

I think I see one security hole in the way bittorrent operates relating to 'relay server'.

Computers (not in the same local network) with the same secret connect to relay server. Then, relay server compares the secrets to connect the two computers. Secrets need to be sent to 'relay server', with the secret some bad guys at Bittorrent can read users' files.

 

I think secrets must be hashed before sending to relay server to compare; relay server only compare hashed secrets . This is more secure.

 

Any idea to my opinion.

Thanks.

Link to comment
Share on other sites

Please read the documentation!

 

Secrets ARE hashed when connecting to BitTorrent Servers using Relay/Tracker options.

 

The following is sent to BitTorrent Servers, when using Relay/Tracker options: SHA1(Secret):ip:port

 

"Bad guys" - as you refer to some staff at BitTorrent Inc  - cannot obtain your secret if you use Relay/Tracker options!

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.