3

Torrent clients offer encryption of traffic using RC4, and people consider this very safe to hide traffic information from ISP.

Now since I have a website with SSL encryption, I know that RC4 has a vulnerability. But does this apply to torrents encryption?

How safe is it to encrypt torrent traffic with RC4?

RoraΖ
  • 12,317
  • 4
  • 51
  • 83
The Quantum Physicist
  • 929
  • 1
  • 6
  • 9
  • The vulnerability you're referencing is with SSL, not RC4. So the fact that RC4 is being used does not inherently mean that the encryption is unsafe. – RoraΖ Jun 24 '15 at 13:37
  • @raz May I ask, if the problem is with SSL, and not RC4, why can't it be fixed? – The Quantum Physicist Jun 24 '15 at 18:28
  • It seems I was wrong. This [question and answer](http://security.stackexchange.com/questions/32497/tls-rc4-or-not-rc4) discuss the RC4 issues. For others reading this question. – RoraΖ Jun 24 '15 at 20:27
  • Not only is the RC4 itself a weak cipher, but the key exchange method itself is only 60-80 bits in strength, according to https://en.wikipedia.org/wiki/BitTorrent_protocol_encryption#Security. I also remember reading that part of the key comes from the infohash, which is public information. – forest May 01 '16 at 06:25

1 Answers1

3

Torrent clients offer encryption of traffic using RC4, and people consider this, like, very safe to hide traffic information from ISP.

People are wrong to do so, but not because RC4 is even remotely the weak point. Simply knowing which IPs you're connecting to allows precise determination of the torrent you are downloading by an opponent who simply scrapes trackers or DHT to determine which IPs are in which swarms. This is leaving aside the even bigger problem of your torrent client actively -publishing- your IP in these lists to allow other peers to discover it.

Atsby
  • 1,098
  • 7
  • 6