How does the secret of Bittorrent Sync work?

10

I'm looking for an entirely Open Source alternative to Bittorrent Sync, and it seems we have almost all elements there: the Sparkleshare would do what it wanted to do, just missing the direct connection to computer no matter where using a secret. How does this Bittorrent Sync secret work, or how would you implement such a system?

[Edit: I know how to use git, with or without sparkleshare. The situation is that git needs to know which computer to connect to, so it needs a server. Bittorrent Sync does not use server, just that a computer that runs the program is online. Bittorrent Sync Knowing The Secret searches for everyone else with the same secret and synchronizes them. I'm looking for how to make this access point ID on the network, so I can use Sparkleshare without having a fixed server.]

(I would apply this either as a new protocol in Git, or as a redirect to SSH, the latter with the advantage that it can go into the server etc without having to be reachable directly, using the secret).

(Crosspost for the OS in English: link )

    
asked by anonymous 15.12.2013 / 13:18

1 answer

6

This is a translation of Jakob's SO response in English , from the post quoted in the question:

  

How was said by   BitTorrent (see   also the guide to   users ),   the secret is a randomly generated key of 20 bytes or more.   Simply the laws of probability make it virtually impossible   guess. There are four types of secrets:

     
  • (master) secrets for read and write access
  •   
  • read-only secrets
  •   
  • Secrets to be used only once (can be both full-access and read-only)
  •   
  • Encrypted encryption support for encrypted read-only access
  •   

As far as I understand (and is registered in this    discussion   in which someone tried to reverse engineer the   BitTorrent Sync in July 2013) the last three types of secrets   can be derived from the master secret. In particular this includes   encryption of files for transmission between peers.   This is why peer discovery uses hashes, so the hash can   be used to find pairs with the same secret without having to make   public the secret.

     

Before reverse engineering BitTorrent Sync, remember that   software is closed source and includes routines for updating   automatically from the bittorrent.com site. This implies in fact   that the company can change the implementation details (and install   arbitrary backdoors too). No one can guarantee that there is no   hidden method that sends its master secrets to the NSA, unless   source code to be analyzed.

    
29.12.2013 / 03:45