BitTorrent introduces secure, serverless messaging system
Posted on 20 December 2013.
Back in September, the company behind the BitTorrent P2P protocol and the BitTorrent and μTorrent file-sharing software announced that they have started working on BitTorrent Chat, a serverless messaging system that will allow users to talk to their friends using P2P.


“The primary weakness that we see in the available communications platforms is that they all rely on some central server to route and store all of your communication. Even if your provider can deliver industry-standard security, they cannot provide you with any kind of assurance that your communication is private. All it takes is the right (or wrong) person gaining access to your provider’s central servers, and your privacy evaporates,” explained Abraham Goldoor, software engineer on the BitTorrent Chat team, adding that they realised they were “uniquely qualified” to build a different platform.

Goldoor finally lifted the veil a bit and explained how BitTorrent Chat will work:

With BitTorrent Chat, there aren’t any “usernames” per se. You don’t login in the classic sense. Instead, your identity is a cryptographic key pair. To everyone on the BitTorrent Chat network at large, you ARE your public key. This means that, if you want, you can use Chat without telling anyone who you are. Two users only need to exchange each other’s public keys to be able to chat.

Using public key encryption provides us with a number of benefits. The most obvious is the ability to encrypt messages to your sender using your private key and their public key. But in public key encryption, if someone gains access to your private key, all of your past (and future) messages could be decrypted and read. In Chat, we are implementing forward secrecy. Every time you begin a conversation with one of your contacts, a temporary encryption key will be generated. Using each of your keypairs, this key will be generated for this one conversation and that conversation only, and then deleted forever.

To “translate” a public key into an IP address, the system will use a distributed hash table (DHT). To make this system secure, they have updated their DHT protocol to support encryption.

It’s unknown when the system will be officially available to the general public, but users can try it out by signing up for the private alpha test version.









Spotlight

The psychology of phishing

Posted on 23 July 2014.  |  Cybercriminals no longer send out thousands of emails at random hoping to get a handful of hits, today they create highly targeted phishing emails which are tailored to suit their recipients.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Jul 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //