How does the secret of Bittorrent Sync work?

Asked

Viewed 508 times

10

I’m looking for a completely Open Source alternative to Bittorrent Sync, and it seems we have almost every element there: Sparkleshare would do what they wanted to do, just missing the direct connection to computer no matter where using a secret. How this Bittorrent Sync secret works, or how to implement such a system?

[Edit: I know how to use git, with or without sparkleshare. The situation is that git needs to know which computer/server to connect with, so it needs a server. Bittorrent Sync does not use a server, it is enough that a computer running the program is online. Bittorrent Sync knowing the secret searches everyone else with the same secret and synchronizes them. I am looking for how to make this access point identification on the network, so I can use Sparkleshare without having fixed server.]

(I would apply this either as a new protocol in Git, or as a redirection to SSH, the latter with the advantage that it can enter a server etc without having to be directly reachable, using the secret).

(Crosspost to the OS in English: https://stackoverflow.com/questions/20594302/how-does-the-bittorrent-sync-secret-work)

  • This type of question is not directly related to programming, it would be more appropriate, for example, to Super User. Because we do not have an equivalent in Portuguese we will be a little more permissive about it?

  • 1

    I actually want to know how it works to implement (it’s a matter of algorithm).

  • In what language/environment/protocol? What have you tried?

  • Linux environment in the case. I can even do in Bash, but without knowing how it works I can not try in any medium. My goal is to be able to enlarge Git to be able to do this kind of server-less synchronization and server location knowledge by the Git user.

  • In the English OS... so far nothing either... I decided to post in addition also in Quora, let’s see if something good comes from there...

  • @Lapingvino in cross-post has an answer that explains the theory of how it works. Is that what you wanted? Do you want code? If that’s what you wanted, I can put a translation here?

  • Yes, that’s what I wanted to know :).

Show 2 more comments

1 answer

6

This is a translation of Jakob’s response to the OS in English, of the post cited in the question:

Like was said by Bittorrent (see also the guide to users), the secret is a randomly generated key of 20 bytes or more. Simply the laws of probability make it virtually impossible guess. There are four types of secrets:

  • (master) secrets for read and write access
  • secrets for reading only
  • secrets to be used only once (can be either read-only or full access)
  • secrets with encryption (encoding) support for encrypted read-only access

As far as I understand it (and it’s registered in this discussion in which someone tried to reverse engineer the protocol of the Bittorrent Sync on July 2013) the last three types of secrets can be derived from master secret. In particular this includes the key for file encryption for peer transmission. So the discovery of pairs uses hashes so that the hash can be used to find pairs with the same secret without needing to make public the secret.

Before doing reverse engineering on Bittorrent Sync, remember that the software is closed source and includes routines to update automatically from bittorrent.com. This implies the fact that the company can change the details of the implementation (and install arbitrary backdoors as well). No one can guarantee that there is a hidden method that sends its master secrets to the NSA, other than that the source code is analysed.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.