Feeds

BitTorrent trialling P2P secure messaging

Going where Lavabit and Silent Circle fear to tread

Next gen security for virtualised datacentres

BitTorrent wants to (a) take another step towards either respectability, or (b) take itself further outside the mainstream by defying Uncle Sam (take your pick), announcing that it's trialling a secure, serverless messaging application.

The P2P messaging system is taking alpha sign-ons now, here.

The idea is that if messages can be encrypted properly – which presumably means working out algorithms that don't have trap-doors or backdoors – then without a centralised server processing the messages, government interception should be harder to implement.

Alec Perkins did the groundwork for the a similar system, and has published an outline here*.

If Perkins' work represents the current state of the BitTorrent messaging alpha, then it currently relies on an out-of-band exchange for the exchange of users' keys. He notes that if BitTorrent Sync were upgraded, it could support key exchange in the future. A small node.js Webserver provides the UI to the system.

Each user (contact, or message channel) has a folder containing inbox and outbox. Users provide each other with read-only keys providing access to their in- and out-boxes (note that a different key is used for each). The recipient of a message can only read the message in the sender's outbox: they can't change the message. All messages are encrypted with AES 256 with secrets greater than 20 bytes.

BitTorrent is offering alpha sign-ups here. ®

Update: Since this was published, a representative of the BitTorrent team has contacted The Register. He stated that while Alec Perkins' work is "an interesting use of BitTorrent Sync", BitTorrent Chat will be "built entirely by one of our internal teams". ®

The essential guide to IT transformation

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
prev story

Whitepapers

Best practices for enterprise data
Discussing how technology providers have innovated in order to solve new challenges, creating a new framework for enterprise data.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?