Synergy now supports encryption

We’ve just added experimental encryption support to Synergy. This will provide extra security to those using Synergy over WiFi or a large network (e.g. a university) where packets may be monitored.

Plain text messages in Synergy look a bit like this:

DKDN p
DKDN a
DKDN s
DKDN s
DKDN w
DKDN o
DKDN r
DKDN d

Okay so it’s simplified (key up messages and extra data omitted), but you get the point. For the keen eyed, you’ll have noticed that “password” has been typed. Adding encryption solves this problem by turning the key presses into data unreadable to humans.

We use AES (Rijndael) symmetric private key encryption, meaning that both the client and server have the same key (we do this by asking users to enter the same password on all machines). We also send a randomly generated IV (initialization vector) frequently to make it a little bit harder for an observer to decrypt.

Invalid message from client

Synergy 1.4.11 has the following bug:

  • Bug #3565 – Encryption fails when typing fast (Invalid message from client)

If you’re experiencing this problem, please try the latest nightly build.

As always, thanks for your support!

37 thoughts on “Synergy now supports encryption

  1. Nick Horvath

    Is there an easy way to rerun the setup wizard to disable the encryption? I’m running synergy on Ubuntu. Thanks.

    Reply
    1. Nick Post author

      Yes, just use the –crypto-pass and –crypto-mode args (we forgot to add them to –help). I would recommend using an hash (md5 or sha1 for example) as the password, and base it on something long. For the mode, you can use any of these (pick at random): ofb, cfb, ctr, gcm

      Reply
      1. silviu

        Worth mentioning that (at least for me) only the hash worked :) I took it from synergy.conf (as I need to run the cli to be able to set the yscroll option). Trying the password in clear as an option would result in “WARNING: failed to connect to server: Protocol error from server”

        Reply
        1. Bryce Griner

          How did you obtain the md5 hash of the password? I’ve been looking everywhere for synergy.conf and I’ve been trying all kinds of tools to get an md5 hash of my password. If I use

          synergyc –crypto-pass mypassword –crypt-mode gcm server_name

          it does not work. I have replaced mypassword above with my password as well as the md5 hash of my password and neither work. What am I missing?

          If I use synergy on the command line and set up encryption there it works, but I need this to automatically startup when the computer restarts.

          This is on Ubuntu machine by the way.

          Reply
          1. Jeff Zepeda

            You should use the standard md5sum application to get the md5 checksum of your password. From a linux/unix command line:

            $ md5sum

            Alternatively, create a text file with your password (don’t press enter after the password) and run: $md5sum passwordfilename.txt

          2. damian

            Confirmed that there is an issue when launching synergyc in the command line with encryption and server on GUI. It works for me only if I run both server and client on command line:

            Win XP (server):
            synergys.exe -c “c:\synergy.conf” –crypto-pass –crypto-mode cfb

            Ubuntu 13.04 (client):
            synergyc –crypto-mode cfb –crypto-pass -n

            Starting server via GUI with with the right password causes client to display “WARNING: failed to connect to server: Protocol error from server”. I’ve tried to set clear-text password, md5 hash, sha1 hash on client site and none of them worked.

            Sorry for my English :)

          3. Andrew

            The hashed pw can be retrieved from the synergy server log (with verbose logging on) or on Linux you can run:
            echo -n yourpassword | md5sum
            This hashed password should work in place of “mypassword” above.

            Also leave off –crypt-mode.

      2. Shaheen Georgee

        It would be great to be able to point synergyc at the conf file for the encryption settings, instead of specifying the –crypto-mode and –crypto-pass flags. I described the scenario I have in mind on my site.

        Reply
  2. Matt

    Pressing the Enter key on the keypad on a windows client box seems to act as the Windows Key… I saw a note in an older build saying this was fixed but it seems to be back. I have encryption off.

    Reply
  3. Matt

    So I am running synergy as a server on Windows 7 and Mac os X 10.8 as a client. When you use the keyboard from the Windows machine on the Mac and press the windows key with encryption on this bug happens. Its not caused by typing too fast in this case, just a single key. Oh and I still have mouse being hidden errors:

    WARNING: cursor may not be visible

    Reply
    1. Nick Post author

      There will be a fix for the encryption in the next release. Are the mouse hidden errors from when you move a physical mouse on Mac client?

      Reply
      1. Brooks

        I am getting this error as I move my physical mouse between macs. The major issue that I’m running into is Synergy is disconnecting from the server on random keystrokes, reseting my mouse and keyboard back to my server. I have to physically move the mouse back to my client machine to continue typing.

        Reply
  4. Claudius

    Is there an explanation for the terms OFB/CFB/CTR/GCM anywhere? I have no idea what they are referring to. If it’s completely irrelevant, what i choose, i think this should not even be an option (but, for example be deduced from your password?).

    Reply
      1. Vince

        The wizard does prescribe choosing a random encryption mode. A random choice will not do anything to stop a determined attacker, however. The encrypted data itself can be captured and analyzed, and the method of encryption can be identified. If any of the modes are based on a flawed algorithm/implementation, or have not been thoroughly tested, they should be indicated as such to assist the end user in making an educated choice, not a random one.

        Reply
    1. CodesInChaos

      Short answer: GCM

      All of are block-cipher modes of operation. Essentially OFB/CFB/CTR turn the block-cipher into a stream cipher. There is no significant security difference between them. See https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation for details.

      GCM uses CTR mode for encrypt and adds a MAC, so it is authenticated encryption. This prevents active attacks, and thus is superior to unauthenticated modes.

      Reply
  5. badlands

    just wanted to say, i’ve been using Synergy at work for the past year and a half, and it was _the_ solution to my dual MacBook/Linux notebook setup – and it’s only gotten better since. thanks for a great product.

    Reply
  6. epfl

    did you just fix the encryption problem in build r1771? Or is it just disabled in the backend?

    Just tried it out and seems to work!!

    thanks, greatly appreciated

    Reply
      1. epfl

        awesome!! thanks a lot, great feature.
        if you guys plan to build a nice version of synergy for jailbroken iOS’es and android as well, you will probably get your startup up and running real smooth.

        Reply
  7. Eric

    How is this function started before login on a Ubuntu or Fedora system? The encryption works perfectly between my Win7 and Win8 systems but Synergy will not connect with my Ubuntu Gnome system that was configured to start synergy before login.

    Reply
  8. Rui

    Hi,
    I have set-up a Server on my Ubuntu box and a client on my XP box. During the initial configuration on the Ubuntu box it asked me for encryption info, which I no longer re-call. Anyway the setup was working since I made the matching setup on the client. Month and a half later the XP box is replaced by a Win7 box. After installing Synergy on the win 7 box I get the “protocol error” message. I suspect it’s the encryption but, on the server side I can’t find any place to change those settings. Also I have no way to go again through the initial wizard. I tried to re-install synergy but it seems to remember the previous settings. Is there any way for me to erase the configuration so it starts truly fresh or allows me to set encryption data ? I have 1.4.12.

    Regards,
    R

    Reply
  9. Alex

    Hi,

    I try to use Win7 as synergy server and Mac OS X 10.8 as client.
    I specify the password for the encryption on windows side in the gui.
    Connection from mac client only works if also specify password in the gui.
    Passing the password on the commandline does via crypto-pass does not work.
    I guess the GUI is using some kind of hash?

    Cheers
    Alex

    Reply
  10. Gummi

    Hi,

    When I run the command “synergyc -crypto-mode gcm -crypto-pass MyPassword MyServerComputer” I get the error “Unrecognized option: -crypto-mode”

    Even though I have the latest version 1.4.12 o both computers, do you know what I’m doing wrong? :)

    Best Regards,
    Gummi

    Reply
    1. Nick Post author

      Please use double dash (–) instead of a single dash (-). So it’ll be –crypto-mode and not -crypto-mode.

      Reply
  11. John

    Hi Nick,
    Am I able to place –crypto-mode and –crypto-pass
    in synergy.conf or am I only able to use encryption in interactive mode?

    If they are able to be specified then what is the format?

    Thanks

    John

    Reply
  12. Shannon

    Hi Nick, on OS X, I decided after installing the update and launching it that I wanted to use encryption, however I couldn’t find where to change that, once I’d already passed the new install screen where it’s first set up. I had to delete my .plist and start over to enable encryption. Did I miss where to make the change or is this a bug? I can change this setting on Windows 7 just fine.

    Best
    Shannon

    Reply
  13. Jeff Zepeda

    Just installed 1.4.15 on my linux PC (client). When running synergyc –crypt-mode … I received the message:
    Unrecognized option: –crypto-mode
    Looking at CApp.cpp, I see the args for crypto-pass, but not for crypto-mode, did the arg change?
    I did notice that in CApp.cpp, if –crypto-pass is used, it automatically sets the mode to “cfb”. I didn’t notice anything that would indicate this in the post for the release, but perhaps I missed it…

    Reply
  14. alex

    Just set the debug level to debug2 – then you’ll see the command executed in the log window, containing the right hash to use.
    Copied it over to the linux box and that did the trick for me.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

euccsq

Please type the text above:

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>