Open Source Continuous File Synchronization
Go to file
Jakob Borg 31b5156191 lib/util: Add secure random numbers source (fixes #3178)
The math/rand package contains lots of convenient functions, for example
to get an integer in a specified range without running into issues
caused by just truncating a number from a different distribution and so
on. But it's insecure, and we use if for things that benefit from being
more secure like session IDs, CSRF tokens and API keys.

This implements a math/rand.Source that reads from crypto/rand.Reader,
this bridging the gap between them. It also updates our RandomString to
use the new source, thus giving us secure session IDs and CSRF tokens.

Some future work remains:

 - Fix API keys by making the generation in the UI use this code as well

 - Refactor out these things into an actual random package, and audit
   our use of randomness everywhere

I'll leave both of those for the future in order to not muddy the waters
on this diff...

GitHub-Pull-Request: https://github.com/syncthing/syncthing/pull/3180
2016-05-25 06:38:38 +00:00
assets Add .gitattributes; normalize line endings 2015-04-25 23:16:46 +09:00
cmd cmd/syncthing: Correctly set, parse and compare modified time HTTP headers (fixes #3165) 2016-05-23 12:16:14 +00:00
debian build: Parameterize build targets 2016-04-06 22:18:30 +01:00
etc etc: Add documentation key to syncthing-resume.service 2016-05-17 20:19:35 +00:00
gui gui: Remove extra href on folder panel titles 2016-05-22 16:17:33 +00:00
lib lib/util: Add secure random numbers source (fixes #3178) 2016-05-25 06:38:38 +00:00
man gui, man: Update docs & translations 2016-05-21 22:44:55 +09:00
script script: Don't verify authors on commits tagged 'Skip-check: authors' 2016-05-08 10:47:57 +00:00
test lib/connections: Un-deprecate relaysEnabled (fixes #3074) 2016-05-17 00:05:38 +00:00
vendor vendor: Replace github.com/jackpal/gateway with github.com/calmh/gateway (fixes #3142) 2016-05-22 09:04:27 +00:00
.gitattributes build: Generate gui.files.go on the fly, remove from repo 2016-03-28 10:03:13 +00:00
.gitignore build: Parameterize build targets 2016-04-06 22:18:30 +01:00
.mailmap Include ref#, show author nickname in release notes 2014-12-07 12:52:18 +01:00
AUTHORS etc: Add documentation key to syncthing-resume.service 2016-05-17 20:19:35 +00:00
build.go build.go: add gometalinter to lint runs 2016-05-23 21:19:08 +00:00
build.sh Use Go 1.5 vendoring instead of Godeps 2016-03-05 21:21:24 +01:00
CONDUCT.md Add Code of Conduct 2014-12-02 15:57:31 +01:00
CONTRIBUTING.md Links are nice, too 2015-06-10 00:04:53 +02:00
ISSUE_TEMPLATE.md issue_template: Add note about security issues 2016-05-21 22:49:37 +09:00
LICENSE MPLv2 2015-03-17 16:02:27 +01:00
NICKS etc: Add documentation key to syncthing-resume.service 2016-05-17 20:19:35 +00:00
PULL_REQUEST_TEMPLATE.md pull_request_template: Add note about docs needing update 2016-03-26 07:00:12 +00:00
README.md readme: Remove Appveyor icon 2016-04-22 20:30:37 +00:00

Syncthing

Latest Build (Official) API Documentation MPLv2 License

This is the Syncthing project which pursues the following goals:

  1. Define a protocol for synchronization of a folder between a number of collaborating devices. This protocol should be well defined, unambiguous, easily understood, free to use, efficient, secure and language neutral. This is called the Block Exchange Protocol.

  2. Provide the reference implementation to demonstrate the usability of said protocol. This is the syncthing utility. We hope that alternative, compatible implementations of the protocol will arise.

The two are evolving together; the protocol is not to be considered stable until Syncthing 1.0 is released, at which point it is locked down for incompatible changes.

Getting Started

Take a look at the getting started guide.

There are a few examples for keeping Syncthing running in the background on your system in the etc directory. There are also several GUI implementations for Windows, Mac and Linux.

Getting in Touch

The first and best point of contact is the Forum. There is also an IRC channel, #syncthing on freenode (with a web client), for talking directly to developers and users. If you've found something that is clearly a bug, feel free to report it in the GitHub issue tracker.

Building

Building Syncthing from source is easy, and there's a guide that describes it for both Unix and Windows systems.

Signed Releases

As of v0.10.15 and onwards release binaries are GPG signed with the key D26E6ED000654A3E, available from https://syncthing.net/security.html and most key servers.

There is also a built in automatic upgrade mechanism (disabled in some distribution channels) which uses a compiled in ECDSA signature. Mac OS X binaries are also properly code signed.

Documentation

Please see the Syncthing documentation site.

All code is licensed under the MPLv2 License.