Dnia czwartek, 18 września 2014 14:08:14 Cathal Garvey pisze: > A warning, here. When BT released Sync but no source or protocol, I was > pretty incensed and decided I'd try to hack up an open Python client > that would be intercompatible. I went in armed with their fragmentary > and sometimes contradictory marketing nonsense (was it AES 128 or AES > 256?), PyCrypto, and WireShark. > > I never did decrypt any stuff to get their encryption protocol worked > out, so I don't have a protocol to share. I abandoned this long before > succeeding in decryption because of one critical detail I discovered, > which undermined *any* interest I had in an intercompatible app. It > became clear at this instant that the people at Bittorrent, fond as they > are of secret-sauce closed-source "encryption", hadn't a clue. > > So, they were using AES256, as it turned out! Using the base32 encoded > form of a private key. So, while they were advertising 256 bits, in > actuality they had much less entropy in the key they were using than > that. I gave up; what else can be hiding in there if they didn't grasp > the basic concept of key entropy? > > So now they're into P2P VoiP, and my response is DO NOT WANT. Bittorrent > Inc. have no cultural knowledge of the value of openness in software > design, especially in security or encryption, and based on my own > personal experience this leads to stupid design decisions that will > directly endanger the privacy and security of their users.
Thank you for this, this is highly relevant to my Internets. -- Pozdr rysiek
signature.asc
Description: This is a digitally signed message part.
