Hi there,
if i set
encryption = require,require_RC4,allow_incoming,try_outgoing,enable_retry
will all transfer and connections be encrypted? It is not very well documentated what all those possibilities mean and what they do when combined. Thanks in advance for your help.
No, they won't.
Take a look at here for more info.
And note that magnet links won't work this way.
Well, i alread read this one but it does not make things clear at all. When i use the line above, i only get connections to peers that seem to be encrypted (Flag E in ruTorrent). But what do i need to do to make sure that all traffic is encrypted. What is the difference between required and required_rc4?
Edit: And all the transfers i could check so far in rtorrent had the L or R flag, which should be an indicator for encrypted transfers.
Well, it can be the case. :)
What is the difference between required and required_rc4?
I don't know.
will all transfer and connections be encrypted?
That's an interesting question:
https://security.stackexchange.com/questions/90017/rc4-encryption-of-torrents-safely
https://security.stackexchange.com/questions/149378/what-is-torrent-encryption-and-does-it-make-my-traffic-anonymous
If you dont know what the difference is, how can you give advices how to user proper encryption? Sorry to be rude, but that does not help at all. I see you are willing to help, but not able to.
https announce is a must, but what do i have to do to get connection to encrypted peers only and using encrypted traffic as well?
Here's the start of some documentation for the command, a bit of it is just regurgitating what @chros73 said in the earlier ticket. Keep in mind though, bittorrent's encryption is less about data protection and more about avoiding traffic shaping.
This command takes a comma-separated list of flags, as seen in
strings.encryption, and uses them to determine how to handle connections to other peers (i.e. tracker and DHT connections are not effected by this setting). The flags are all applied simultaneously, which means that certain applied flags may not take effect (e.g. forprefer_plaintext,require_rc4, plaintext will never used despite the flag being applied). rTorrent has support for both plaintext "encryption" (uses no extra CPU cycles, provides only obfuscation of the header) and RC4 encryption (encrypts the entire header and message, at the cost of a few CPU cycles), with flags to control the behavior of both
none - The default, don't attempt any encryptionallow_incoming - Allow incoming encrypted connections from other peerstry_outgoing - Attempt to set up encryption when initiating a connectionrequire - Require encryption, and reject to peers who don't support itrequire_RC4 - Require RC4 encryption specificallyrequire_rc4 - Same as aboveenable_retry - If a peer is rejected for not supporting the encryption we need, retry the handshakeprefer_plaintext - Prefer plaintext encryptionSo for forcing secure connections, require,require_rc4 is probably your best bet.
Thank you for clarifying.
Sorry to be rude
No worries, that's why I wrote that I don't know.
@kannibalox : thanks for the detailed description, you can also put it on the wiki somewhere.
Wouldn't encryption = require,require_RC4 be the same as encryption = require_RC4, since the require,require_RC4 is redundant?
I suppose encryption = require,require_RC4 allows (prefers?) plaintext obfuscation while encryption = require_RC4 accepts only RC4 encryption. Confirmation from someone in the know would be nice, though.
So for forcing secure connections, require,require_rc4 is probably your best bet.
Going by this, wouldn't encryption = require,require_RC4,enable_retry do the same with higher chance of success?
encryption = require,require_RC4 - This means require encryption, and specifically only allow RC4 encryption. No plaintext obfuscation or unencrypted connections allowedencryption = require_RC4 - I haven't tested it, but looking at the code I believe it would only reject plaintext obfuscation; connections would either be entirely unencrypted or use RC4. encryption = require,require_RC4,enable_retry - enable_retry only kicks in if a connection is dropped while unencrypted, so it doesn't do anything if encryption is required. You can see this in the connection_info log levelSorry to resurrect this issue, but I wanted a quick confirmation.
If you have set-up encryption = require,require_RC4, does allow_incoming or try_outgoing do anything?
I don't understand your question, @kannibalox just answered exactly this right above.
@Cubox- Correct, they are redundant when setting require and require_RC4.
Which, in the year of our lord two thousand and nineteen, why on earth people are using non-encrypted communications is beyond me, and why there is even the ability to configure it to use non-encrypted communications.
To add on to what @chros73 said, bittorrent's encryption spec is barely more than obfuscation, it provides essentially no security regardless of which client you're using.
How can I configure rTorrent to prefer encryption but not force it?
Most helpful comment
If you dont know what the difference is, how can you give advices how to user proper encryption? Sorry to be rude, but that does not help at all. I see you are willing to help, but not able to.
https announce is a must, but what do i have to do to get connection to encrypted peers only and using encrypted traffic as well?