Company Cracks BitTorrent Protocol Encryption and Introduces Tracker Whitelists
(Click here to view the original thread with full colors/images)Posted by: Hairbautt
http://torrentfreak.com//images/ipoque.gif"The cat-and-mouse game continues."
TorrentFreak is reporting that a German-based computer company--Ipoque--has developed a bandwidth management device to eliminate unwanted, encrypted Bittorrent (BT) protocols. There are no details provided on how their new system works, but Ipoque is known for providing bandwidth managing solutions for schools and Internet Service Providers (ISPs).
Ipoque is also featured to have a “whitelist” that can allow legal BT sites and trackers as an exception to the system while blocking all other encrypted BT traffic. Their new hardware maybe the solution that some companies are searching for since many organizations--such as Rogers ISP (see below)--are looking to throttle encrypted BT tranfers.
:source: Source: TorrentFreak (http://torrentfreak.com/company-cracks-bittorrent-protocol-encryption-and-introduces-tracker-whitelists/)
:view: Related: Rogers Fights BitTorrent by Throttling All Encrypted Transfers (http://filesharingtalk.com/vb3/news-section/t-rogers-fights-bittorrent-throttling-all-encrypted-transfers-173559)
Posted by: vipaar
Oh well, looks like another method of encryption will have to be developed,
Posted by: lightshow
RC4 encryption can have from a 40 bit to 128 bit key
While 40-bit encryption is available, it is not recommended for sensitive data because RC4 40-bit encryption can be brute force cracked in a relative short period of time (1 day to 2 weeks).
http://www.informit.com/guides/content.asp?g=security&seqNum=100&rl=1
I don't know what length key RC4 supported clients use (utorrent, azerous, etc.), but 1 day to 2 weeks for each RC4 key isn't valid to check if it's internals are valid in time to see if they are going to a whitelisted tracker.
I think instead, they have a database of the IP's of the whitelisted trackers and do not let any encrypted traffic go to an IP out of that range...
O wait, no that's stupid. The only thing they can see is the destination address & source address + port#. And since most clients run on no standardized ports now, they won't know what the encrypted traffic is unless they just have a policy of taking all traffic and blocking it if it's encryped on a certain port range.
Which is stupid since it can come from another legit source other than bittorent.
Oh, and they can break RC4 encryption (with time [depending on cypher strength]), but rest assured, it is not cracked.
Posted by: j0hn
Oh well, looks like another method of encryption will have to be developed,
i doubt that
with ludde no longer developing utorrent, i dont expect any further development of encryption on their part. bram cohen has already aired his dislike of encryption. although i dont think he'll remove it from utorrent, i dont think he'll advance it either.
Posted by: General2k
There will be a work around for it. Every time I see something like this I think of this quote.
It's just another chapter in the pointless rivalry between Springfield and Shelbyville. They built a mini mall, so we built a bigger mini mall. They made the world's largest pizza, so we burnt down their City Hall.