[Freedombox-discuss] [James Vasile] tinc rollout and fbox
Eugen Leitl
eugen@leitl.org
Sun Aug 11 10:26:59 PDT 2013
----- Forwarded message from Sandy Harris <sandyinchina@gmail.com> -----
Date: Sat, 10 Aug 2013 15:37:06 -0400
From: Sandy Harris <sandyinchina@gmail.com>
To: freedombox list <freedombox-discuss@lists.alioth.debian.org>
Subject: Re: [Freedombox-discuss] [James Vasile] tinc rollout and fbox
Nick Daly <nick.m.daly@gmail.com> wrote:
> There's been some recent work on Tinc that I'm really excited about.
> ...
> Poke at it, let me know what you think.
Their docs include this paragraph:
" On the 15th of September 2003, Peter Gutmann posted a security
analysis of tinc 1.0.1. He argues that the 32 bit sequence number used
by tinc is not a good IV, that tinc’s default length of 4 bytes for
the MAC is too short, and he doesn’t like tinc’s use of RSA during
authentication. We do not know of a security hole in this version of
tinc, but tinc’s security is not as strong as TLS or IPsec. We will
address these issues in tinc 2.0.
Gutmann is a well-known and respected expert. His best-known
paper was one back in the 90s on reading "erased" disk drives
and what bit patterns it took to block that. Most "secure erase"
utilities around use those suggestions (even though current
drives are quite different, so those may be inappropriate now).
He has done /a lot/ of other stuff as well.
The current Tinc release is 1.0.21
My reading of that is that Tinc has known problems and
they probably will not be fixed soon. To me, that means
it is not ready for serious consideration as a component
for FreedomBox.
_______________________________________________
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
More information about the cypherpunks
mailing list