What I Just Learned About BT Encryption

[wrongun92]

but IMHO you should go to a ISP who lets you use BT... then your life and the programmer's life will be much easier...

exactly

torrent protocol isnt frowned upon on its own I think. Its the content that shifts through the conveyor belts of the torrent world.

[j0hn]

alot of false data posted in this thread
using encryption DOES stop ur isp seeing that ur using bittorrent
some companies have specifically developed techniques on breaking the encryption, and some isps have bought these products and actively use them.

comcast do a different method to other isps. they actually send a tcp stop message when uploading, so they fuck ur ability to upload on torrents. if ur with comcast, i recommend switching isps. to hell with using an isp that actually interferes with ur surfing activities. throttling protocols is bad enough, but allowing the protocl and meddling with it is even worse.

[madbeer]

alot of false data posted in this thread
using encryption DOES stop ur isp seeing that ur using bittorrent
some companies have specifically developed techniques on breaking the encryption, and some isps have bought these products and actively use them.

as already mentioned, the protocol encrpytion needs to send some negotion messages in the clear to establish session information. So the ISP's (or any other people snooping) _can_ tell you are using BT, but not _what_ you are sending.

I call bullshit on ISP's trying to break the encryption. Where do you get your info?

[DanielleD87]

you're wrong j0hn.

wrongun92: the bt protocol is frowned upon. ISPs only care about money not what is being transfered. bt is frowned upon because it sends and receives data to and from everywhere in the planet using a lot more of the internet backbone where normal downloading usually connects to a server locally closer to you using less backbone. think of it like a road. if you load up a truck full of supplies and drive 30 mins vs driving 3 days. driving 30 mins will use less of the road but the same amount of supplies will be transfered then driving 3 days. on the internet grabbing data from farther away doesn't have much of a consequence to the end user like it does for an isp so we don't notice any problem with it. the more data being grabbed farther away the more 'road' or pipes are being used and the more it costs them. they would rather have their users download and upload data locally not across the planet. comcraps throttling cuts the users who are far away and lets you send to users who are local to you. this actually speeds up the download for comcast users on public bt sites because all of the seeds can't send to someone in europe so they have the spare bandwidth to send to you if you are on the comcrap network.


edit: also even if i hate comcast with a passion i do think they are on the right track just not there yet. what they need to do is not limit the speed of the user no matter how much bw they use. aka if you pay for 1megbit/s upload you get 124kB/s upload 24/7 regardless if you upload 1 kb or 1gb a day. All they need to do is use sandvine to identify who is geographically closer and give priority. aka if you're max upload is 30kB/s and everyone you are seeding to is in europe then it is split evenly but if 1 person is in the US and 5 are in europe then maybe you might end up seeding 20kB/s to the 1 person in the US and 2kB/s to each person in europe totaling 30kB/s so no one notices seeding or receiving except that the ISP saves money.

[wrongun92]

I meant frowned in the connotation of its legality.

I agree with the fact that it takes up a lot of bandwidth and the isps are probably wary of this.

[pro267]

This is completely false.

Oh really?
You're welcome to search the web for attacks on RC4. I'll mention the Klein and FMS attacks as examples, but I'm sure you'll find many more. Here's a nice article which demonstrates some of the security issues and possible attacks on RC4:
http://cage.ugent.be/~klein/RC4/RC4-en.ps

RC4 isn't broken -- its implementation in WEP was (if thats what you are referring to)

Don't even get me started about WEP..

TLS commonly uses RC4, and I haven't seen any recent attacks on it. If so, kiss your online banking goodbye.

That's inaccurate. TLS/SSL are cryptographic protocols used to authenticate (mostly using PKI), setup encrypted sessions and exchange symmetric keys for different encryption protocols. In SSL/TLS, one of the peers offers cipher suites (basically all the encryption protocols it supports such as 3DES, AES, Camellia, RC4 etc.), and the other peer chooses one of them, typically the strongest one which it supports. In professional systems RC4 is rarely chosen and you would mostly see AES or 3DES.

AES in CTR mode functions like a stream cipher, and (i think) is used in WPA

Please tell me why you think stream ciphers are insecure.

First of all, AES is primarily a block cipher that was "raped" to act like a stream cipher in CTR, with some security features neglected in the process. Secondly, please consider this: in recent years, the cryptographic community has been trying to find candidates for a standard stream cipher algorithm, in a similar process to the way Rijndael was selected as the standard algorithm for block ciphers (also known as AES). All candidates failed miserabely; they were all found to be insecure within 1.5 years or less from the time they were suggested. If that's not proof enough that current stream ciphers are not secure enough then I don't know what is..

[madbeer]

to drunk to quote, a better response tomorrow:

both FMS's and Kleins cryptanalisis work contributed to destroying WEP. Show me an attack on RC4 as implemented in SSL/TLS (there are some attacks for older versions of SSL)

define "professional systems"? What cipher do normal users browsers often select? ( I don't know, and I was speculating when I made the previous statement about RC4)

So you think RC4 is broken?

[arkiebrian]

alot of false data posted in this thread
using encryption DOES stop ur isp seeing that ur using bittorrent
some companies have specifically developed techniques on breaking the encryption, and some isps have bought these products and actively use them.

as already mentioned, the protocol encrpytion needs to send some negotion messages in the clear to establish session information. So the ISP's (or any other people snooping) _can_ tell you are using BT, but not _what_ you are sending.

I call bullshit on ISP's trying to break the encryption. Where do you get your info?

...but as Danielle pointed out if there's a mole in the private tracker and you're sharing with him then the specific files can be identified, of course.

[filonome]

RC4 is not broken, why do you suggest it is?