Jump to content
Login new information ×
Giveaway Contest ×
Login new information
Giveaway Contest

BitTorrent Chat Promises Messaging Free From Prying Eyes - Including The NSA's

Matsuda

By Matsuda
in Security & Privacy News

 Share

Recommended Posts

Matsuda

Matsuda

Posted
Posted

bittorrent-chat.jpg

BitTorrent continues its push into spy-proof products with BitTorrent Chat, a messaging app that doesn’t rely on centralized servers. BitTorrent announced its chat service in September, and started taking sign-ups for a Private Alpha, but now the company that best known for its file-sharing protocol offers some more insight into how the chat service works.

The challenge for BitTorrent was to create a service that lets users communicate without logging into a central server. Not having a centralized service ensures that communications won’t be susceptible to security breaches or government data requests.

BitTorrent Chat uses public key encryption to keep conversations out of the wrong hands. Users exchange their public keys to initiate a chat without revealing their identities, while a private key remains secret to each user.

bittorrent_chat_diagram-100220753-orig.p
The difference between traditional messaging services and BitTorrent's new chat service, which is still in alpha status

Once the chat begins, BitTorrent Chat generates a temporary encryption key that only applies to that specific conversation. The temporary key is deleted when the conversation ends, ensuring that it can’t be accessed in the future, even if one user’s private key becomes compromised.

To make the connection between users, BitTorrent Chat relies on a “Distributed Hash Table,” or DHT, which is basically a way to route requests through a peer-to-peer network. BitTorrent says this is akin to asking a neighbor if they know the person you’re looking for, and that person asks someone else, who asks someone else, and so on—except a new DHT protocol uses encryption to keep IP addresses secure.

“Eventually, you’ll get to a peer (neighbor) who knows the address of the person you’re looking for” wrote BitTorrent engineer Abraham Goldoor in a blog post. “They return this address to you. This is done in such a way that only you know who you are looking for.”

Impressive as that may sound, it’s all academic until BitTorrent Chat actually launches, and we can see how useful it is. For now, BitTorrent is still taking sign-ups for the private alpha, and there’s no word on when the service will launch.




search_button.gifSource

Link to comment
Share on other sites
  • Replies 6
  • Views 1.1k
  • Created
  • Last Reply

Top Posters In This Topic

  • nIGHT

    3

  • janedoe

    2

  • Sonar

    1

  • Matsuda

    1

Popular Days

Top Posters In This Topic

Popular Days

nIGHT

nIGHT

Posted
Posted (edited)

@janedoe Look at the design above. No tor or vpn included on it. Of course, each users may choose to use a vpn/tor service but it still has access to the server when initiating a connection. Plus, it uses a known encryption scheme, 256, 512, 1024, 2048...4096 bit sccheme, hehehe! But why not make a new encryption scheme that is unknown yet to anybody? The server can be hijacked like what they did on Google's server then its game over. In the near future, you will see a 'product' and you will understand what I meant about it. :yes:

Edited by nIGHT
Link to comment
Share on other sites
janedoe

janedoe

Posted
Posted (edited)

@janedoe Look at the design above. No tor or vpn included on it. Of course, each users may choose to use a vpn/tor service but it still has access to the server when initiating a connection. Plus, it uses a known encryption scheme, 256, 512, 1024, 2048...4096 bit sccheme, hehehe! But why not make a new encryption scheme that is unknown yet to anybody? The server can be hijacked like what they did on Google's server then its game over. In the near future, you will see a 'product' and you will understand what I meant about it. :yes:

Tor or VPN? This BT chat service as far as I can see only promises that your conversation will remain private, not that your identity will remain perfectly unknown and anonymous. Also when you talk of bits let me tell you, all encryption can be broken given sufficient resources. The bits only determine how long it might require to brute force something; they don't guarantee that the encryption is 100% impossible to break. Finally there is absolutely nothing wrong with using a known encryption scheme. "Security by obscurity" is the most idiotic thing to rely on. Open source third-party audited code implementing well-known, academically and practically rigorously tested and proven encryption algorithms is the best practice, not inventing some new hopefully secure scheme with no proof or overview and relying only on obscurity to keep you "safe". Finally, what server are you talking about that might be hijacked? The article and especially image make it perfectly clear that BT chat doesn't rely on a centralized server that can be compromised.

I'm not saying this product will be great or necessarily do 100% of what it claims, but your reasons for objecting aren't sound IMO.

Edited by janedoe
Link to comment
Share on other sites
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...