----- Forwarded message from Sandy Harris <sandyinchina@gmail.com> ----- Date: Sat, 10 Aug 2013 15:37:06 -0400 From: Sandy Harris <sandyinchina@gmail.com> To: freedombox list <freedombox-discuss@lists.alioth.debian.org> Subject: Re: [Freedombox-discuss] [James Vasile] tinc rollout and fbox Nick Daly <nick.m.daly@gmail.com> wrote:

There's been some recent work on Tinc that I'm really excited about. ...

Poke at it, let me know what you think.

Their docs include this paragraph: " On the 15th of September 2003, Peter Gutmann posted a security analysis of tinc 1.0.1. He argues that the 32 bit sequence number used by tinc is not a good IV, that tinc’s default length of 4 bytes for the MAC is too short, and he doesn’t like tinc’s use of RSA during authentication. We do not know of a security hole in this version of tinc, but tinc’s security is not as strong as TLS or IPsec. We will address these issues in tinc 2.0. Gutmann is a well-known and respected expert. His best-known paper was one back in the 90s on reading "erased" disk drives and what bit patterns it took to block that. Most "secure erase" utilities around use those suggestions (even though current drives are quite different, so those may be inappropriate now). He has done /a lot/ of other stuff as well. The current Tinc release is 1.0.21 My reading of that is that Tinc has known problems and they probably will not be fixed soon. To me, that means it is not ready for serious consideration as a component for FreedomBox. _______________________________________________ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5