The stages of Bittorrent encryption

March 28, 2008

Recently it's been mentioned in the news that versions of BitTorrent have gotten more encryption. Because this sort of thing interests me (partly due to my long standing interest in BitTorrent), I've decided to summarize the various current sorts of BitTorrent encryption.

BitTorrent encryption efforts have been designed to hide BitTorrent, so they have acted to make it less recognizable.

Traffic shapers started out recognizing (and choking) the distinct client to client communication, so people obfuscated and encrypted it. A unique session key is arranged between each pair of clients using Diffie-Hellman key exchange initiated by the connecting client; trackers are not involved except to optionally track clients that offer or require encrypted connections.

(The specifics of the DH key exchange seem resistant to being recognized by traffic shapers.)

This still left the communication between client and tracker completely unencrypted, including the peer list that the tracker gives to clients, and some traffic shapers exploited this to determine peer IPs and block communication with them. The new encryption obfuscates this list by essentially encrypting it with a secret shared between the tracker and the clients.

(The shared secret is reasonably clever: it is the SHA1 hash of the torrent meta-information, which is now carefully not passed around between client and tracker. Not negotiating a per-client secret significantly lowers CPU overhead for very active trackers, since they can encrypt blocks of peer IPs once and then just hand them out.)

This still leaves the overall client to tracker communication in the clear, which means that a traffic shaper could exploit this to choke the bandwidth of a known client that started sending and receiving streams of random data with various IP addresses. Thus, the likely next stage in BitTorrent encryption is to encrypt all of it; since the client talks to the tracker with HTTP, the easiest way would be to use ordinary SSL (although this would require more tracker CPU power).

Written on 28 March 2008.
« An idea for a browser anti-phish feature
Tradeoffs in where you store volume management metadata »

Page tools: View Source, Add Comment.
Search:
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Fri Mar 28 23:33:10 2008
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.