From eugen@leitl.org Fri Sep 6 18:07:00 2013 From: Eugen Leitl To: cypherpunks@lists.cpunks.org Subject: Re: [Freedombox-discuss] [James Vasile] tinc rollout and fbox Date: Sat, 07 Sep 2013 00:06:57 +0200 Message-ID: <20130906220657.GE29404@leitl.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============3458161856219833743==" --===============3458161856219833743== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable ----- Forwarded message from Guus Sliepen ----- Date: Fri, 6 Sep 2013 23:36:34 +0200 From: Guus Sliepen To: freedombox-discuss(a)lists.alioth.debian.org Subject: Re: [Freedombox-discuss] [James Vasile] tinc rollout and fbox User-Agent: Mutt/1.5.21 (2010-09-15) On Sat, Aug 10, 2013 at 03:37:06PM -0400, Sandy Harris wrote: > " On the 15th of September 2003, Peter Gutmann posted a security > analysis of tinc 1.0.1. He argues that the 32 bit sequence number used > by tinc is not a good IV, that tinc?s default length of 4 bytes for > the MAC is too short, and he doesn?t like tinc?s use of RSA during > authentication. We do not know of a security hole in this version of > tinc, but tinc?s security is not as strong as TLS or IPsec. We will > address these issues in tinc 2.0. >=20 > Gutmann is a well-known and respected expert. His best-known > paper was one back in the 90s on reading "erased" disk drives > and what bit patterns it took to block that. Most "secure erase" > utilities around use those suggestions (even though current > drives are quite different, so those may be inappropriate now). > He has done /a lot/ of other stuff as well. >=20 > The current Tinc release is 1.0.21 >=20 > My reading of that is that Tinc has known problems and > they probably will not be fixed soon. To me, that means > it is not ready for serious consideration as a component > for FreedomBox. The documentation is perhaps a little outdated. All problems mentioned by Gutmann have been adressed in a new protocol that has been included in tinc 1.1pre3 and later. If people are interested in using tinc to connect freedomboxes together, I would be happy to help fix any problems that might come up. Even if tinc (as = it is) is not suitable for the Freedombox, I am very interested in discussing wh= at the requirements are for the Freedombox regarding VPN functionality. --=20 Met vriendelijke groet / with kind regards, Guus Sliepen _______________________________________________ Freedombox-discuss mailing list Freedombox-discuss(a)lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss ----- End forwarded message ----- --=20 Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 --===============3458161856219833743==--