rysiek at hackerspace.pl
Thu Sep 18 07:04:23 PDT 2014
Dnia czwartek, 18 września 2014 14:08:14 Cathal Garvey pisze:
> A warning, here. When BT released Sync but no source or protocol, I was
> pretty incensed and decided I'd try to hack up an open Python client
> that would be intercompatible. I went in armed with their fragmentary
> and sometimes contradictory marketing nonsense (was it AES 128 or AES
> 256?), PyCrypto, and WireShark.
> I never did decrypt any stuff to get their encryption protocol worked
> out, so I don't have a protocol to share. I abandoned this long before
> succeeding in decryption because of one critical detail I discovered,
> which undermined *any* interest I had in an intercompatible app. It
> became clear at this instant that the people at Bittorrent, fond as they
> are of secret-sauce closed-source "encryption", hadn't a clue.
> So, they were using AES256, as it turned out! Using the base32 encoded
> form of a private key. So, while they were advertising 256 bits, in
> actuality they had much less entropy in the key they were using than
> that. I gave up; what else can be hiding in there if they didn't grasp
> the basic concept of key entropy?
> So now they're into P2P VoiP, and my response is DO NOT WANT. Bittorrent
> Inc. have no cultural knowledge of the value of openness in software
> design, especially in security or encryption, and based on my own
> personal experience this leads to stupid design decisions that will
> directly endanger the privacy and security of their users.
Thank you for this, this is highly relevant to my Internets.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 411 bytes
Desc: This is a digitally signed message part.
More information about the cypherpunks