Xaotikdesigns Posted February 22, 2013 Report Share Posted February 22, 2013 When I share a folder, Either the app, or myself generates a secret.From what I understand, this is the only thing needed to connect to a folder.What are the chances that two computers will generate the same secret? Could someone just sit at their desk and generate secrets until he gets a connection? Quote Link to comment Share on other sites More sharing options...
GreatMarko Posted February 22, 2013 Report Share Posted February 22, 2013 Yes, I've asked the same question too! Especially given that the "secret" is always the same length, and only made up of alpha-numeric characters, it would not be beyond the realms of possibility for a computer to "crack" a secret with relative ease.I think "Secrets" need to A ) be much longer, B ) be of "variable length", rather than a fixed-length, and C ) permit symbols as well as alpha-numeric characters (i.e. + - = / \ _ : , etc) Quote Link to comment Share on other sites More sharing options...
Xaotikdesigns Posted February 22, 2013 Author Report Share Posted February 22, 2013 The ability to add a custom string to the end of the secret would be good.For instance, "(randomly generated secret) then who was phone?" would give us the big random character list that could be auto-generated as it is now, plus the phrase that would contain any type of characters and be user generated.Even with the rather large pool of random secrets that are auto generated, there is still a chance that it will be duplicated. As more people start using sync and share more and more folders on their desktops and phones, it's only a matter of time until someone hits the secret lottery and finds something good.Or perhaps a way to password protect a secret. Quote Link to comment Share on other sites More sharing options...
fastest963 Posted February 23, 2013 Report Share Posted February 23, 2013 It would be nice if you had a "username" per-se and all your secrets would be prepended with that. Even if it's just a 8 character random string that is in Preferences, that would allow for more entropy.Another thing that would be useful (which I kinda brought up in another post), would be an option whether you want to create a *new* folder or add an already-synced folder. If we had that option, then if you were making a new one, it could check for collisions when it generated a secret and tell the user that it already exists or just generate a new one. Quote Link to comment Share on other sites More sharing options...
kos13 Posted February 23, 2013 Report Share Posted February 23, 2013 We plan to revisit how Secret works in next releases. It will work differently, so all your concerns will be resolved. Quote Link to comment Share on other sites More sharing options...
iMok Posted February 23, 2013 Report Share Posted February 23, 2013 Would be great to share secrets via files associated with syncapp (.syncapp? extension) with an option to encrypt with a password. At the end security risk is the same that sharing a secret via email, instant messaging or a text file with secrets Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.