Rtorrent: No issue, just a question about encryption

Created on 7 Dec 2017  路  17Comments  路  Source: rakshasa/rtorrent

Hi there,

if i set

encryption = require,require_RC4,allow_incoming,try_outgoing,enable_retry

will all transfer and connections be encrypted? It is not very well documentated what all those possibilities mean and what they do when combined. Thanks in advance for your help.

Most helpful comment

If you dont know what the difference is, how can you give advices how to user proper encryption? Sorry to be rude, but that does not help at all. I see you are willing to help, but not able to.

https announce is a must, but what do i have to do to get connection to encrypted peers only and using encrypted traffic as well?

All 17 comments

No, they won't.
Take a look at here for more info.

And note that magnet links won't work this way.

Well, i alread read this one but it does not make things clear at all. When i use the line above, i only get connections to peers that seem to be encrypted (Flag E in ruTorrent). But what do i need to do to make sure that all traffic is encrypted. What is the difference between required and required_rc4?

Edit: And all the transfers i could check so far in rtorrent had the L or R flag, which should be an indicator for encrypted transfers.

Well, it can be the case. :)

What is the difference between required and required_rc4?

I don't know.

will all transfer and connections be encrypted?

That's an interesting question:

  • the above setting only applies to peer-to-peer communication, nothing else
  • that means that tracker (http (not https), udp) and dht communication will be still unencrypted

https://security.stackexchange.com/questions/90017/rc4-encryption-of-torrents-safely
https://security.stackexchange.com/questions/149378/what-is-torrent-encryption-and-does-it-make-my-traffic-anonymous

If you dont know what the difference is, how can you give advices how to user proper encryption? Sorry to be rude, but that does not help at all. I see you are willing to help, but not able to.

https announce is a must, but what do i have to do to get connection to encrypted peers only and using encrypted traffic as well?

Here's the start of some documentation for the command, a bit of it is just regurgitating what @chros73 said in the earlier ticket. Keep in mind though, bittorrent's encryption is less about data protection and more about avoiding traffic shaping.

This command takes a comma-separated list of flags, as seen in strings.encryption, and uses them to determine how to handle connections to other peers (i.e. tracker and DHT connections are not effected by this setting). The flags are all applied simultaneously, which means that certain applied flags may not take effect (e.g. for prefer_plaintext,require_rc4, plaintext will never used despite the flag being applied). rTorrent has support for both plaintext "encryption" (uses no extra CPU cycles, provides only obfuscation of the header) and RC4 encryption (encrypts the entire header and message, at the cost of a few CPU cycles), with flags to control the behavior of both

  • none - The default, don't attempt any encryption
  • allow_incoming - Allow incoming encrypted connections from other peers
  • try_outgoing - Attempt to set up encryption when initiating a connection
  • require - Require encryption, and reject to peers who don't support it
  • require_RC4 - Require RC4 encryption specifically
  • require_rc4 - Same as above
  • enable_retry - If a peer is rejected for not supporting the encryption we need, retry the handshake
  • prefer_plaintext - Prefer plaintext encryption

So for forcing secure connections, require,require_rc4 is probably your best bet.

Thank you for clarifying.

Sorry to be rude

No worries, that's why I wrote that I don't know.

@kannibalox : thanks for the detailed description, you can also put it on the wiki somewhere.

Wouldn't encryption = require,require_RC4 be the same as encryption = require_RC4, since the require,require_RC4 is redundant?

I suppose encryption = require,require_RC4 allows (prefers?) plaintext obfuscation while encryption = require_RC4 accepts only RC4 encryption. Confirmation from someone in the know would be nice, though.

So for forcing secure connections, require,require_rc4 is probably your best bet.

Going by this, wouldn't encryption = require,require_RC4,enable_retry do the same with higher chance of success?

  • encryption = require,require_RC4 - This means require encryption, and specifically only allow RC4 encryption. No plaintext obfuscation or unencrypted connections allowed
  • encryption = require_RC4 - I haven't tested it, but looking at the code I believe it would only reject plaintext obfuscation; connections would either be entirely unencrypted or use RC4.
  • encryption = require,require_RC4,enable_retry - enable_retry only kicks in if a connection is dropped while unencrypted, so it doesn't do anything if encryption is required. You can see this in the connection_info log level

Sorry to resurrect this issue, but I wanted a quick confirmation.
If you have set-up encryption = require,require_RC4, does allow_incoming or try_outgoing do anything?

I don't understand your question, @kannibalox just answered exactly this right above.

@Cubox- Correct, they are redundant when setting require and require_RC4.

Which, in the year of our lord two thousand and nineteen, why on earth people are using non-encrypted communications is beyond me, and why there is even the ability to configure it to use non-encrypted communications.

  • uses more CPU
  • tracker / trackerless communication can be still non-encrypted
  • someone may use VPN

To add on to what @chros73 said, bittorrent's encryption spec is barely more than obfuscation, it provides essentially no security regardless of which client you're using.

How can I configure rTorrent to prefer encryption but not force it?

Was this page helpful?
0 / 5 - 0 ratings