Xaotikdesigns

Question on security

Recommended Posts

When I share a folder, Either the app, or myself generates a secret.

From what I understand, this is the only thing needed to connect to a folder.

What are the chances that two computers will generate the same secret? Could someone just sit at their desk and generate secrets until he gets a connection?

Share this post


Link to post
Share on other sites

Yes, I've asked the same question too! Especially given that the "secret" is always the same length, and only made up of alpha-numeric characters, it would not be beyond the realms of possibility for a computer to "crack" a secret with relative ease.

I think "Secrets" need to A ) be much longer, B ) be of "variable length", rather than a fixed-length, and C ) permit symbols as well as alpha-numeric characters (i.e. + - = / \ _ : , etc)

Share this post


Link to post
Share on other sites

The ability to add a custom string to the end of the secret would be good.

For instance, "(randomly generated secret) then who was phone?" would give us the big random character list that could be auto-generated as it is now, plus the phrase that would contain any type of characters and be user generated.

Even with the rather large pool of random secrets that are auto generated, there is still a chance that it will be duplicated. As more people start using sync and share more and more folders on their desktops and phones, it's only a matter of time until someone hits the secret lottery and finds something good.

Or perhaps a way to password protect a secret.

Share this post


Link to post
Share on other sites

It would be nice if you had a "username" per-se and all your secrets would be prepended with that. Even if it's just a 8 character random string that is in Preferences, that would allow for more entropy.

Another thing that would be useful (which I kinda brought up in another post), would be an option whether you want to create a *new* folder or add an already-synced folder. If we had that option, then if you were making a new one, it could check for collisions when it generated a secret and tell the user that it already exists or just generate a new one.

Share this post


Link to post
Share on other sites

Would be great to share secrets via files associated with syncapp (.syncapp? extension) with an option to encrypt with a password. At the end security risk is the same that sharing a secret via email, instant messaging or a text file with secrets

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.