Feeds

BitTorrent trialling P2P secure messaging

Going where Lavabit and Silent Circle fear to tread

Secure remote control for conventional and virtual desktops

BitTorrent wants to (a) take another step towards either respectability, or (b) take itself further outside the mainstream by defying Uncle Sam (take your pick), announcing that it's trialling a secure, serverless messaging application.

The P2P messaging system is taking alpha sign-ons now, here.

The idea is that if messages can be encrypted properly – which presumably means working out algorithms that don't have trap-doors or backdoors – then without a centralised server processing the messages, government interception should be harder to implement.

Alec Perkins did the groundwork for the a similar system, and has published an outline here*.

If Perkins' work represents the current state of the BitTorrent messaging alpha, then it currently relies on an out-of-band exchange for the exchange of users' keys. He notes that if BitTorrent Sync were upgraded, it could support key exchange in the future. A small node.js Webserver provides the UI to the system.

Each user (contact, or message channel) has a folder containing inbox and outbox. Users provide each other with read-only keys providing access to their in- and out-boxes (note that a different key is used for each). The recipient of a message can only read the message in the sender's outbox: they can't change the message. All messages are encrypted with AES 256 with secrets greater than 20 bytes.

BitTorrent is offering alpha sign-ups here. ®

Update: Since this was published, a representative of the BitTorrent team has contacted The Register. He stated that while Alec Perkins' work is "an interesting use of BitTorrent Sync", BitTorrent Chat will be "built entirely by one of our internal teams". ®

Intelligent flash storage arrays

Whitepapers

Seattle children’s accelerates Citrix login times by 500% with cross-tier insight
Seattle Children’s is a leading research hospital with a large and growing Citrix XenDesktop deployment. See how they used ExtraHop to accelerate launch times.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Protecting against web application threats using SSL
SSL encryption can protect server‐to‐server communications, client devices, cloud resources, and other endpoints in order to help prevent the risk of data loss and losing customer trust.