AES feature

[blixten85]

I request AES (military grade) encryption as an option for those who want to use encryption. Regardless if you are using a VPN or not.

The RC4 encryption is weak and thus not safe.

EDIT:
While it is remarkable for its simplicity and speed in software, multiple vulnerabilities have been discovered in RC4, rendering it insecure.
https://en.wikipedia.org/wiki/RC4

ECDSA is also an option. But something that is stronger than RC4 is definitely required.

[arvidn]

RC4 is used for obfuscation. There is no confidentiality, as it's susceptible to man-in-the-middle attacks.
Could you elaborate what exactly you're suggesting?
In fact, https://github.com/bittorrent/bittorrent.org may be a better venue to propose extensions

[arvidn]

let's use the HTTPS analogy. In bittorrent you are the server. Servers accepting SSL connections (e.g. HTTPS) provide a certificate to the client, and the client authenticates it. The server operators must apply for new certificates regularly with a certificate authority. The client must trust the certificate authority that signed the server's certificate.

It sounds like you're, essentially, asking for a system with the same security properties as HTTPS, but without any of the certificate infrastructure.

The changes lies with the software, i.e the torrent clients and the tracker. That's where the magic needs to happen.

The changes you speak of are elusive. If you think they are clear, please specify how it would work.

And the ones who need to do some hand-wavy wand magic is the programmers such as yourself. Right?

It sounds like you're in the market for some snake oil :)

[blixten85]

No what i am asking for is that SSL functions gets fixed without me have to do anything for it.
How this is fixed is nothing i have an opinion about, really. Except if i have to do it myself. Then i want a step by step guide on how to do it.

I am not here for snake oil, i am here to put programmers to work. ;)

[arvidn]

the SSL functions already work, there's nothing to fix.

If you want something that doesn't provide confidentiality, but claims to; that's where the snake oil comes in.

[blixten85]

The SSL is RC4? And that is a flawed and weak encryption and it needs to be updated?

[arvidn]

RC4 is not used for SSL torrents. RC4 is only used in a separate and orthogonal feature meant to obfuscate the bittorrent protocol. (see the first post in this thread).