[Freedombox-discuss] [James Vasile] tinc rollout and fbox
Eugen Leitl
eugen@leitl.org
Fri Sep 6 15:06:57 PDT 2013
----- Forwarded message from Guus Sliepen <guus@tinc-vpn.org> -----
Date: Fri, 6 Sep 2013 23:36:34 +0200
From: Guus Sliepen <guus@tinc-vpn.org>
To: freedombox-discuss@lists.alioth.debian.org
Subject: Re: [Freedombox-discuss] [James Vasile] tinc rollout and fbox
User-Agent: Mutt/1.5.21 (2010-09-15)
On Sat, Aug 10, 2013 at 03:37:06PM -0400, Sandy Harris wrote:
> " On the 15th of September 2003, Peter Gutmann posted a security
> analysis of tinc 1.0.1. He argues that the 32 bit sequence number used
> by tinc is not a good IV, that tinc?s default length of 4 bytes for
> the MAC is too short, and he doesn?t like tinc?s use of RSA during
> authentication. We do not know of a security hole in this version of
> tinc, but tinc?s security is not as strong as TLS or IPsec. We will
> address these issues in tinc 2.0.
>
> Gutmann is a well-known and respected expert. His best-known
> paper was one back in the 90s on reading "erased" disk drives
> and what bit patterns it took to block that. Most "secure erase"
> utilities around use those suggestions (even though current
> drives are quite different, so those may be inappropriate now).
> He has done /a lot/ of other stuff as well.
>
> The current Tinc release is 1.0.21
>
> My reading of that is that Tinc has known problems and
> they probably will not be fixed soon. To me, that means
> it is not ready for serious consideration as a component
> for FreedomBox.
The documentation is perhaps a little outdated. All problems mentioned by
Gutmann have been adressed in a new protocol that has been included in tinc
1.1pre3 and later.
If people are interested in using tinc to connect freedomboxes together, I
would be happy to help fix any problems that might come up. Even if tinc (as it
is) is not suitable for the Freedombox, I am very interested in discussing what
the requirements are for the Freedombox regarding VPN functionality.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus@tinc-vpn.org>
_______________________________________________
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
More information about the cypherpunks
mailing list