Can I run a private Bittorrent Sync central server that replicates data but does not decrypt it?

4

3

Bittorrent just announced Bittorrent Sync, which as I understand it is a pure P2P sync solution without a central server that stores your data: Instead, all nodes in the network replicate amongst themselves.

The downside is that it only works if two nodes that need to exchange files are online at the same time. You can get working by having a dedicated server on your network that is always on. However, if you place that in the cloud, you risk others getting to your data.

Is there a way to place a node in a mode where it can replicate all the encrypted data (so that other nodes can always pull the latest data from it), but does not have the ability to decrypt it itself (so that if someone steals the node, your data is not compromised)?

Thilo

Posted 2013-04-24T00:48:01.787

Reputation: 2 975

Did you consider disk encryption on the middleman node? – Satoh – 2013-04-24T03:43:27.583

1That would protected the data when the server is shut down, but not when it is active (which it is supposed to be all the time), because then the disk would be mounted. – Thilo – 2013-04-24T04:00:41.673

I'd like a clarification on "if you place that in the cloud, you risk others getting to your data.". Is it by breach of server? Because they can only get the data via bittorrent sync if they know the secret. – ptman – 2013-04-24T08:02:13.213

1Please note that the data itself is not encrypted, only the connection, which is based on the "secret". Bit-torrent's main purpose is speed and efficiency, not security. So if disk encryption is not enough for you, your server cannot send you data without having the unencrypted files on it. At least with bit-torrent sync. – Satoh – 2013-04-24T14:36:04.320

The sync spec mentions "relay servers" that facilitate connections between nodes that are firewalled. Those can work without knowing the secret. I guess what I am looking at is a "proxying relay server" that can push data between nodes even when they are not online at the same time. – Thilo – 2013-04-25T03:29:34.330

Answers

1

Yes that is possible and thoroughly explained at http://forum.bittorrent.com/topic/25823-generate-encrypted-read-only-secret-without-api-key/?p=76262

In a nutshell: you only give the encrypted node an encrypted (read only)-key which allows taking part in the torrent-swarm without decrypting the files on it and all trusted nodes a key which enables decryption and/or write access.

So, on your local computer:

Do the normal "Add a Sync Folder", click "Generate", but change the first letter of the "Folder sercet" from "A" to "D" (see 1 >and 2), set the "Folder to sync", click "OK", right click on that folder from the list, click "Show Folder Preferences", copy the "Read only secret" (see 3), paste it into Notepad(or other text editor), "Encrypted Read-Only Secret" is the first 33 char of that string with the first letter >changed from a "E" to "F" (see 3 and 4)

real example this time.

1) AR7GC6JIVCTKG2XNPM7GGOSV3FI5BDDNH

2) DR7GC6JIVCTKG2XNPM7GGOSV3FI5BDDNH

3) EYF7Y3OOYZEZALVLFDQDAARXQTV2HO7IZCO2V2ZRZEAN32VY7RFH7HGOKRI

4) FYF7Y3OOYZEZALVLFDQDAARXQTV2HO7IZ

At least the current linux GUI client actually directly offers 4)

Now you can paste 4) into the encrypted node and either 2) (RW access) or 3) (RO access) to other unencrypted nodes

snv

Posted 2013-04-24T00:48:01.787

Reputation: 43

0

What about storing an iso image on the cloud/vps? you could use some sort of live cd and only set it up when you need it.

anon

Posted 2013-04-24T00:48:01.787

Reputation: 1

Asked: 2013-04-24T00:48:01.787

Viewed: 1 832 times

Active: 2014-09-02T12:27:17.693