Is it possible to setup a node in a way that it get the files but not decrypted?. Like giving a special hash/id to a friend or setup a server with reliable but untrusted storage, and have that node get the data but encrypted?
Cheers,
Is it possible to setup a node in a way that it get the files but not decrypted?. Like giving a special hash/id to a friend or setup a server with reliable but untrusted storage, and have that node get the data but encrypted?
Cheers,
This would be a killer feature. P2P sync is only great if it’s backed with reliable high-bandwidth nodes which would usually be in clouds and cheap data centers. The github discussion kicked off nicely so I posted my 2 cents there.
Note: I had to break the links here, because of silly restrictions, which prevent users from posting multiple links.
When implementing the crypto, here my suggestion for a robust and safe implementation:
The NaCL is a recent encryption library by the famous cryptographer Daniel J. Bernstein. It is based on the elliptical curve Curve25519, considered secure and - what is important - easy to implement. It tries to minify the things, which can go wrong Now a library called Libsodium makes it even easier - and failure-proof - to use the encryption.
So I’d suggest to use this when implementing crypto-stuff there (it includes a secure pseudo random nubmer generator and more). Alternatively - if you really need it - Libsodium also offers AES GCM, which is the mode you should use for AES.
BTW if any admin might want to add this info to hxxps://github.com/syncthing/syncthing/issues/109 - as the issue was closed there, please do as it really won’t help if someone implements this important stuff in a wrong way.
Yes. This is also recommended in the year old crypto proposal I wrote, which I’m sure you’ve read. It’s linked from the other thread you revived as well. I think the odds of someone suddenly implementing at rest crypto in syncthing without discussing it with us here first are pretty much zero. If they do, the choice of algorithms will probably be one of the simpler mistakes to fix.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.