back to article BitTorrent trialling P2P secure messaging

BitTorrent wants to (a) take another step towards either respectability, or (b) take itself further outside the mainstream by defying Uncle Sam (take your pick), announcing that it's trialling a secure, serverless messaging application. The P2P messaging system is taking alpha sign-ons now, here. The idea is that if messages …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

This is nothing special

It is the reliance on out-of-band key exchange that prevents general adoption of schemes like this. People like convenience, and true security is not convenient.

1
0
Bronze badge

Re: This is nothing special

AIUI there would be nothing (patents aside) to stop Bittorrent Inc. from creating client software which uses one of their own servers for the "out-of-band" exchange. Nor anyone else who wants to run such a service, or create such a client.

That key exchange and directory services are not built into the communication protocol is probably a good thing, overall. "Do one thing, and do it well."

1
0
Silver badge

Re: This is nothing special

Upvoted, but there is a slight difference to other schemes. There's little need to spend on marketing and torrenters probably have servers running rather than a mac air which switches off after 60 seconds of inactivity.

Probably the best thing to do is offer a bluetooth-like pairing (but with more complexity) so you can configure/accept "friend requests" with easy to remember, but long phrases http://xkcd.com/936/. Also torrenters have slightly more tech know-how or dedication than your average fb user, so they've got a good starting userbase.

The "special" doesn't have to be in the tech, it might just be in the target-market selection and the ability to survive without profit or government interference.

0
0
Silver badge
Black Helicopters

FTFY

He stated that while Alec Perkins' work is "an interesting use of BitTorrent Sync", BitTorrent Chat will have the backdoor "built entirely by one of our internal teams".

4
0
Silver badge

But we already have a secure, decentralised NSA-annoying program.

It's called Retroshare, and it does exactly that this new software claims it will do. Except it does it in a fairly mature manner already. Cross-platform, stable. Encrypted IM with peer authentication, plus mail function, file sharing and even decentralised forums. Why start over from scratch when there is already a piece of software available that does the job fairly well?

1
0
Bronze badge

Re: But we already have a secure, decentralised NSA-annoying program.

<quote>RetroShare is a cross-platform private p2p sharing program. It lets you share securely your friends, using a web-of-trust to authenticate peers and OpenSSL to encrypt all communication</quote>

Source: http://sourceforge.net/projects/retroshare/

If I remember correctly, there is concern that SSL is not secure from attacks by the three- (and four-) letter agencies. The BitSync application uses AES256. I'm not a crypto expert, though, just sayin' that the two aren't exactly equivalent.

3
0
Silver badge

Re: But we already have a secure, decentralised NSA-annoying program.

Sort of. SSL isn't a cipher as such. It's a means of negotiating which cipher to use. There is concern that the defaults most software uses may be vulnerable (In particular a lack of forward secrecy), but it's a simple operation to drop those and use better ones if both ends support it.

0
0
Silver badge

Re: But we already have a secure, decentralised NSA-annoying program.

>Why start over from scratch when there is already a piece of software available that does the job fairly well?

You shouldn't, but sometimes marketing demands it. BT has mindshare, Retroshare, whatever its technical merits doesn't have that.

Ideally, BT would join with RS but sometimes egos get in the way.

0
0
Silver badge

BitMessage

BitMessage has been also around for a while. Needs some work on the UX but seems to do job well enough.

0
0
Anonymous Coward

BitTorrent is closed source, you also have to sign up for this.

Nice try, NSA.

This is the same reason I would never use Bitlocker; who knows what kind of master key or backdoors there are in there

Never trust closed source encryption/security software!

3
1
This topic is closed for new posts.

Forums