Dnia czwartek, 18 września 2014 14:08:14 Cathal Garvey pisze:
A warning, here. When BT released Sync but no source or protocol, I was pretty incensed and decided I'd try to hack up an open Python client that would be intercompatible. I went in armed with their fragmentary and sometimes contradictory marketing nonsense (was it AES 128 or AES 256?), PyCrypto, and WireShark.
I never did decrypt any stuff to get their encryption protocol worked out, so I don't have a protocol to share. I abandoned this long before succeeding in decryption because of one critical detail I discovered, which undermined *any* interest I had in an intercompatible app. It became clear at this instant that the people at Bittorrent, fond as they are of secret-sauce closed-source "encryption", hadn't a clue.
So, they were using AES256, as it turned out! Using the base32 encoded form of a private key. So, while they were advertising 256 bits, in actuality they had much less entropy in the key they were using than that. I gave up; what else can be hiding in there if they didn't grasp the basic concept of key entropy?
So now they're into P2P VoiP, and my response is DO NOT WANT. Bittorrent Inc. have no cultural knowledge of the value of openness in software design, especially in security or encryption, and based on my own personal experience this leads to stupid design decisions that will directly endanger the privacy and security of their users.
Thank you for this, this is highly relevant to my Internets. -- Pozdr rysiek