Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.
Sign upMitM Attack webRTC in WebTorrent #1048
Comments
This comment has been minimized.
This comment has been minimized.
|
We one use the RTCDataChannel, the only thing that could go wrong that path is getting or sending the incorrect bytes, wasting bandwidth. The protection is in the trackers, the signaling servers. The community servers are fine. If you choose to run your own private tracker, make sure to setup your own security. |
This comment has been minimized.
This comment has been minimized.
|
Also, torrent files contain hashes of all the pieces in the torrent, so it doesn't matter if you're MitM'd. Your client won't accept pieces that fail hash verification. Also, there's no expectation of privacy in the torrent protocol, as you'll literally connect to anyone that a tracker tells you to. |
This comment has been minimized.
This comment has been minimized.
|
This thread has been automatically locked because it has not had recent activity. To discuss futher, please open a new issue. |
MitM Attack is possible for webRTC, so is it for webTorrent too ?
https://webrtchacks.com/webrtc-and-man-in-the-middle-attacks/
is there any implementation to prevent webTorrent from this risk ?