Bittorrent Sync encryption

Question

Sync, a new product from BitTorrent, Inc., has been cited as a viable alternative to other cloud-storage platforms. The Sync FAQ indicates that an encryption scheme is being used, but does not comment on specifics.

Does there exist any information about the type of encryption that BitTorrent Sync is using, and whether or not the implementation is secure?

xkcd · Answer 1 · 2014-04-01T21:09:33.450

3

The information you asked for is given here on their official site. I am copy/pasting a small relevant excerpt below.

BitTorrent Sync was designed with privacy and security in mind. The system uses SRP for mutual authentication and for generating session keys that ensure Perfect Forward Secrecy. All traffic between devices is encrypted with AES-128 in counter mode, using a unique session key. Modification requests are all verified using Ed25519 signatures and only systems with full access keys can generate valid modification requests.

edited Apr 01 '14 at 21:09

answered Mar 24 '14 at 14:07

xkcd

761
4
10

Now, the piece of information is deleted in the official website. It would be nice to understand how the system is doing now in BTsync 2.3. – Léo Léopold Hertz 준영 Jan 22 '16 at 13:35

score 3 · Answer 2 · answered Mar 24 '14 at 15:14

3

The information provided from Bittorrent is pretty lame. Since it is not open source i don't use it. But the Free Software Foundation is working on it

answered Mar 24 '14 at 15:14

Dr.Ü

1,029
8
16

tbh its unattractive (for me atleast) because it takes so much CPU that you can't do anything else, not because of its license :) – xkcd Mar 24 '14 at 16:34
i don't know if they were using the http://en.wikipedia.org/wiki/AES_instruction_set or do you have an old CPU running? – Dr.Ü Mar 24 '14 at 16:52
Neither, I think its because of their design as they use your machine's resources to store and secure other users' data as well. So if you become part of their P2P overlay, you sort of volunteer your resources as well. – xkcd Mar 24 '14 at 16:57
Great to see that there's interest in an open source alternative – nitrl Mar 25 '14 at 00:41
1

@xkcd the Sync product does this? my understanding from reading about it is that it only transfers data between the machines you specify. – Michael Sep 15 '14 at 17:15

score 3 · Answer 3 · answered Nov 19 '14 at 06:35

Update as of Nov. 19, 2014

A security analysis of BTSync from a group at Hackito 2014 has been released, with generally unfavorable results. An official response from BitTorrent seems to address many of the issues raised.

BitTorrentsync security & privacy analysis – Hackito Session results*

*Discussion on HN

BitTorrent official response to Hackito release*

*Discusion on HN

Many HN commenters have identified Pulse/Syncthing as open source alternatives.