What I Just Learned About BT Encryption

**madbeer** · 12-26-2007, 08:51 AM

Originally Posted by pro267

I believe the security implemented in most clients uses RC4.
I've never heard of a secure stream cipher, and RC4 is no exception.

This is completely false.

RC4 isn't broken -- its implementation in WEP was (if thats what you are referring to)

TLS commonly uses RC4, and I haven't seen any recent attacks on it. If so, kiss your online banking goodbye.

AES in CTR mode functions like a stream cipher, and (i think) is used in WPA

Please tell me why you think stream ciphers are insecure.

Originally Posted by grimms

I worked at Comcast.

(snip)

Encrytion will not stop your isp from knowing that your hogging up bandwidth from BT downloads. they still know your downloading BT content they just don't know what your downloading. Use a proxy to be almost entirely safe. Even though you'll never be entirely safe. VPN tunnels are the most safe proof though.

How can they tell my encrpyted traffic is BT? My only guess is that the Protocol Encryption used in bt clients has some estblishment messages sent in the clear, which the isp could 'grep'. Although I havent looked at the protocol so I cant say for sure.

In any case, tunneling your traffic via any method sucks -- be it a vpn tunnel, socks proxy, etc. It doubles my bandwidth usage(now traffic has to go from my home network to the proxy network, and from the proxy network to my destination) and often requires me to pay MORE to get the speeds my ISP is advertising in the first place (no one uses public proxies for bt I hope, we have to PAY for a seedbox or proxy, or some dedicated hardaware or know someone who will let us use their box as a stepping stone).

In other words, leave comcast.

**DanielleD87** · 12-26-2007, 09:13 AM

they 'grep' for an ip or url from such en such address. like oink.cd. then from there they see multiple IP addresses connect that are reported in the data from such en such url. i'm not 100% sure on every detail of the process of how they identify the protocol, but I am 100% sure that if you turn off tracker announces in your bt client settings and manually add the IP addresses for that torrent then you will not be throttled, so the throttling is highly dependent on the tracker announce host name.

**madbeer** · 12-26-2007, 09:20 AM

Originally Posted by DanielleD87

they 'grep' for an ip or url from such en such address. like oink.cd. then from there they see multiple IP addresses connect that are reported in the data from such en such url. i'm not 100% sure on every detail of the process of how they identify the protocol, but I am 100% sure that if you turn off tracker announces in your bt client settings and manually add the IP addresses for that torrent then you will not be throttled, so the throttling is highly dependent on the tracker announce host name.

I like that idea.

alas, even if we do that _and_ use protocol encryption the ISP's can still do fingerprinting on the protocol encryption negotiation our clients use, and throttle based on that.

**DanielleD87** · 12-26-2007, 09:58 AM

yep. that is why comcrap is being sued ^_^

**arkiebrian** · 12-26-2007, 02:32 PM

Good stuff in here...thanks to all.

**jayz707** · 12-26-2007, 03:12 PM

i think comcast is using something more basic, than grepping for URLs and all that(which won't scale very well and will need more processor cycles => n/w lag + money). they can use some AI stuff(neural networks) to identify traffic patterns of BT users. although it should be possible to completely encrypt all the BT traffic in a secure way. you still exhibit traffic patterns to your ISP as you and the internet is connected through your ISP. so he can do traffic shaping on that traffic. i don't think that they need to snoop into your packets for this.... generally snoopping in and reading traffic is a big overhead and i don't think comcast need that. because that would roast there routers, and create huge lags. the easiest way for them to control traffic would be to track patters. and once these neural n/w's are trained well they should identify BT usage/traffic pretty easily....

this also should be able to passed through, if your client can stimulate random patterns or something like that... but IMHO you should go to a ISP who lets you use BT... then your life and the programmer's life will be much easier...

cheers!

**Adebisi** · 12-26-2007, 06:09 PM

Originally Posted by arkiebrian

Good stuff in here...thanks to all.

Yup.. very interesting, thanks.

**Giveaway** · 12-26-2007, 06:28 PM

what are the cons of encryption? does it slow down pc?

**wrongun92** · 12-26-2007, 06:46 PM

it would use a liitle more of the cpu I suppose.

Here's another thought:

If a user (you) that has enabled the encryption initiates the connection into a client that has encryption disabled, then the transfer would be encrypted, irrespective of when I have enabled or disabled encryption but if my client with disabled encryption initiates the connection to the client with the enabled encryption then the transfer would not be encrypted and therefore would also be shaped.

**madbeer** · 12-26-2007, 06:48 PM