[URGENT] tinc has a security hole of about 50 million km^2
Ivo Timmermans
zarq at spark.icicle.yi.org
Sun Aug 27 15:28:14 CEST 2000
Sending your passphrase encrypted is all fine, but tinc sends the key
with which it was encrypted about a second later...
Anyone being able to intercept these two requests is authorized on the
VPN.
We need asymmetric authentication _now_.
--
Ivo Timmermans
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://brouwer.uvt.nl/pipermail/tinc-devel/attachments/20000827/cb7eef42/attachment.pgp
More information about the Tinc-devel
mailing list