[speak-freely] SpeakFreely ParanoidPatch - update (fwd)
Thomas Shaddack
shaddack at ns.arachne.cz
Thu May 1 00:27:41 PDT 2003
The best way to celebrate the International Workers Day is work.
Enjoy its fruit.
---------- Forwarded message ----------
Date: Thu, 1 May 2003 07:41:15 +0200 (CEST)
Subject: [speak-freely] SpeakFreely ParanoidPatch - update
From: Thomas Shaddack <speakfreely at shaddack.mauriceward.com>
To: speak-freely at fourmilab.ch
New changes in my higher-security SpeakFreely patch for Linux.
Location: http://213.246.91.154/patches/speakfreely/
Purpose: To make it more difficult for any adversaries (hackers, spies,
hostile governments, forensic experts, Thinkpol, ...) to recover keys used
in SpeakFreely communication. Keep in mind that current technologies allow
capturing the entire encrypted conversation, storing it for unlimited
time, and decrypting it later, after seizing the machine used as the
endpoint and recovering the key stored there. Particularly important for
high-tech high-surveillance low-freedom countries.
News:
SpeakFreely version 7.6a/Linux fully supported. Maintenance of the patch
for version 7.5 abandoned.
Option for locking memory against being swapped; useful for both
preventing leakage of the keys to swap file, and for increasing
performance in high-swapping low-memory situations.
Possibility to read encryption keys from stdin; another process then
can do the key handshake with the other side, then run sfspeaker and
sfmike and feed them with the negotiated session key - possibly with
different key for each direction.
-H option, a more usual alias to -U (--help is now supported too).
A little change, but convenient.
Patches for manpages, so the new options are described there.
Name sfParanoidPatch assigned to the project.
In the older version (1.0):
Support for reading key from a file
Overwriting the key value if specified as a parameter, making it invisible
for 'ps -ef'
Support for executing a command immediately after running sfmike, eg. for
unmounting encrypted loop from where the key was read
Support for running under a specified UID and GID and in chroot jail, if
launched as root; provides additional security hardening.
Enjoy! :)
* * *
To unsubscribe from this mailing list, send E-mail containing
the word "unsubscribe" in the message body (*not* as the
Subject) to speak-freely-request at fourmilab.ch
More information about the cypherpunks-legacy
mailing list