

Bittorrent Sync: Security Is Our Highest Priority - mseri
http://forum.bittorrent.com/topic/32592-bittorrent-sync-security-is-our-highest-priority/

======
toggle
> BitTorrent Sync remains the most secure and private way to to move data
> between two or more devices.

That very first sentence will always be false as long as it isn't open source.
(Even the protocol isn't publicly documented, last I checked.) I'm not an
open-source purist, but the way they always promote as being the most secure,
private option out there while completely ignoring that fact is frustrating.

I haven't tried using it, but Pulse[0] appears to be an open source
replacement for BitTorrent Sync. I figure it's relevant to this thread.

[0]: [https://ind.ie/pulse/](https://ind.ie/pulse/)

EDIT: ef4 mentioned Syncthing in his comment. Pulse was forked from Syncthing.
I think they're still compatible with each other at the moment. Nice
explanation at [https://discourse.syncthing.net/t/syncthing-is-still-
syncthi...](https://discourse.syncthing.net/t/syncthing-is-still-
syncthing/1372).

~~~
trickz
How would open sourcing it make it more secure? I mean, I understand that
doing so would let you look at the code, and maybe even have others find and
plug security holes, but your statement seems to imply that closed source is
less secure by default, unless I'm missing something.

~~~
mkonecny
Doesn't necessarily make it more secure, but will increase the confidence that
it is the most secure through peer review. Any company will say their products
are secure/the best etc. - proof is what makes those claims legit.

~~~
tedunangst
I think 2014 should be the year we finally retire the millions of eyeballs
meme. Open sourcing something does not magically cause people to review it.

~~~
click170
No, but it does make it possible for those few who do. And that's a few more
than would have reviewed it if it was closed source.

It's not perfect, but IMO this is one of the best parts of Open Source, I can
audit it if I want to. Closed Source strips me of that option.

Edit: Clarification.

~~~
wglb
_I can audit it if I want to_ But seriously--do you? Or others that you know
working in the field?

~~~
click170
Yes I have, several times.

Sometimes it's to find out what the heck is the cause of a particular behavior
in a program, sometimes it's to know for sure that the program isn't trying to
do anything that I recognize as malicious in a security sensitive environment,
other times it's to see exactly how a game is calculating whether or not my
bullet has hit the enemy (server side calculation is more difficult to fake
than client side).

Would you honestly chose a black-box solution for a business critical need,
knowing that it could stop working at any time and won't let you know for sure
that the code is secure by auditing it (or paying a trusted security
professional to do so for you)?

I get the impression that the anti many eyes sentiment comes largely from non-
programmers, am I wrong about that?

~~~
acdha
> I get the impression that the anti many eyes sentiment comes largely from
> non-programmers, am I wrong about that?

I've only heard it from programmers, generally very good ones. Anyone who is
at all following the security community knows that many eyes is possible but
generally very optimistic. That's why so many people were glad to see
Heartbleed lead to the Core Infrastructure Initiative since that will keep the
guaranteed number above zero for some key projets.

~~~
stormbrew
> Anyone who is at all following the security community knows that many eyes
> is possible but generally very optimistic.

I think this is true, but I also think that a lot of people have seen
statements from authoritative people to this effect and taken them farther, as
a complete rejection of not just the scale of the effect of 'many eyes', but a
rejection of the fundamental idea, which leads to a conclusion that the source
being available is either worthless or even detrimental.

The Core Infrastructure Initiative is not at odds with the basic notion of
many eyes, but augments it. Arbitrary groups (particularly groups with non-
commercial motives) committing monetary resources is also enabled by open
source in a way that is impossible with closed source, after all.

~~~
acdha
I would characterize this as a reaction to earlier triumphalism: some of the
more breathless OSS advocates treated many eyes as a given – open the source
and bugs will be fixed – when it's heavily dependent on project culture,
existing code quality and simply the nature of the project.

------
ef4
I'll believe you when you open source it.

I've been using syncthing and it's pretty great.

------
RRRA
Still closed source...

------
eps
While it's a pure implementation issue, it's odd that they haven't at all
addressed app's crashing through packet fuzzing, because that's an excellent
zero-day candidate.

------
jaseemabid
The last time I installed bittorrent on my mac, it came with a chrome
extension malware. I used to really love BTSync, but now I'm certainly going
to ditch it.

For once again proving the point that unless its free software, its not worth
it.

------
jrochkind1
> it is a 160 bit number, which means that it is cryptographically impossible
> to guess the hash of a specific folder.

Perhaps they know what they're talking about and are just trying to simplify
for a non-technical audience... but that kind of language does not inspire
confidence from a technical audience.

~~~
daeken
I think the use of "cryptographically" there is a bit silly, but otherwise
they're spot on. You could have a billion computers, each trying a billion
unique guesses per second, for a billion years, and you would've only guessed
0.000000000002158% of the possible values.

160 bits is a _lot_ of bits.

~~~
pbsd
Well, it would depend on the entropy of the folder. Maybe we know the general
structure of the folder, except some crucial short piece of information.
Otherwise, everyone would also be fine using SHA-1 to store passwords.

N.B: I don't know anything about the protocol, or whether the above applies.
But appealing to the strength of a hash function only makes sense for hard-to-
guess hashing material, which is not always the case.

