AES feature

[blixten85]

I request AES (military grade) encryption as an option for those who want to use encryption. Regardless if you are using a VPN or not.

The RC4 encryption is weak and thus not safe.

EDIT:
While it is remarkable for its simplicity and speed in software, multiple vulnerabilities have been discovered in RC4, rendering it insecure.
https://en.wikipedia.org/wiki/RC4

ECDSA is also an option. But something that is stronger than RC4 is definitely required.

[arvidn]

RC4 is used for obfuscation. There is no confidentiality, as it's susceptible to man-in-the-middle attacks.
Could you elaborate what exactly you're suggesting?
In fact, https://github.com/bittorrent/bittorrent.org may be a better venue to propose extensions

[arvidn]

let's use the HTTPS analogy. In bittorrent you are the server. Servers accepting SSL connections (e.g. HTTPS) provide a certificate to the client, and the client authenticates it. The server operators must apply for new certificates regularly with a certificate authority. The client must trust the certificate authority that signed the server's certificate.

It sounds like you're, essentially, asking for a system with the same security properties as HTTPS, but without any of the certificate infrastructure.

The changes lies with the software, i.e the torrent clients and the tracker. That's where the magic needs to happen.

The changes you speak of are elusive. If you think they are clear, please specify how it would work.

And the ones who need to do some hand-wavy wand magic is the programmers such as yourself. Right?

It sounds like you're in the market for some snake oil :)

[blixten85]

No what i am asking for is that SSL functions gets fixed without me have to do anything for it.
How this is fixed is nothing i have an opinion about, really. Except if i have to do it myself. Then i want a step by step guide on how to do it.

I am not here for snake oil, i am here to put programmers to work. ;)

[arvidn]

the SSL functions already work, there's nothing to fix.

If you want something that doesn't provide confidentiality, but claims to; that's where the snake oil comes in.

[blixten85]

The SSL is RC4? And that is a flawed and weak encryption and it needs to be updated?

[arvidn]

RC4 is not used for SSL torrents. RC4 is only used in a separate and orthogonal feature meant to obfuscate the bittorrent protocol. (see the first post in this thread).

[i990049]

bitcomet support aes-128, you can use it.

[master255]

Overlay encrypted torrent networks exist, but only certain torrent clients use them.
For example, Media Library uses Libp2p and HTTPS networks to transfer torrents.
HTTPS is a torrent web server. It requires a white IP address to work. Therefore, it is not practical. But it can also be used.
Libp2p bypasses this limitation and allows data to be transferred through two encrypted channels simultaneously. And it does not require a white IP address to work.

Therefore, in the settings, you can disable Internet access and disable UPnP publishing (this will completely disable DHT, Upnp torrents, and all Internet access). Enable torrent publishing in Libp2p and you will get torrents that have their own Libp2p DHT, run on encrypted protocols, and are completely protected from external intrusions and data decryption!

The only downside is that it only works between Media Library clients, but across the entire planet :-)