Bittorrent Bleep

Cathal Garvey cathalgarvey at
Thu Sep 18 06:08:14 PDT 2014

A warning, here. When BT released Sync but no source or protocol, I was
pretty incensed and decided I'd try to hack up an open Python client
that would be intercompatible. I went in armed with their fragmentary
and sometimes contradictory marketing nonsense (was it AES 128 or AES
256?), PyCrypto, and WireShark.

I never did decrypt any stuff to get their encryption protocol worked
out, so I don't have a protocol to share. I abandoned this long before
succeeding in decryption because of one critical detail I discovered,
which undermined *any* interest I had in an intercompatible app. It
became clear at this instant that the people at Bittorrent, fond as they
are of secret-sauce closed-source "encryption", hadn't a clue.

So, they were using AES256, as it turned out! Using the base32 encoded
form of a private key. So, while they were advertising 256 bits, in
actuality they had much less entropy in the key they were using than
that. I gave up; what else can be hiding in there if they didn't grasp
the basic concept of key entropy?

So now they're into P2P VoiP, and my response is DO NOT WANT. Bittorrent
Inc. have no cultural knowledge of the value of openness in software
design, especially in security or encryption, and based on my own
personal experience this leads to stupid design decisions that will
directly endanger the privacy and security of their users.

On 18/09/14 13:22,  Александр  wrote:

Twitter: @onetruecathal, @formabiolabs
Phone: +353876363185
Blog: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x988B9099.asc
Type: application/pgp-keys
Size: 6176 bytes
Desc: not available
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the cypherpunks mailing list