Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

BitTorrent dismisses security concerns raised about its Sync app

Lucian Constantin | Nov. 20, 2014
The cryptographic implementation is solid and cannot be compromsied through a remote server, the company says.

In order to support these claims, BitTorrent also published a letter from iSEC Partners, a security firm that was contracted earlier this year to audit BitTorrent Sync's cryptographic implementation. According to the letter, iSEC's review covered the program's implementation and usage of cryptographic primites like hashing, encryption and randomness generation; the key exchange mechanism; the invite and approval process; folder discovery by remote peers and possible cryptographic attacks on Sync infrastructure.

"BitTorrent Sync applied generally accepted cryptographic practices in the design and implementation of Sync 1.4 as of July 2014," the iSEC letter reads.

ISEC Partners was also contracted by the Open Crypto Audit Project to perform an audit of TrueCrypt source code earlier this year.


Previous Page  1  2 

Sign up for Computerworld eNewsletters.