Security issues in tinc
Guus Sliepen
guus at sliepen.eu.org
Fri Sep 26 11:45:13 CEST 2003
Hello,
More than a week ago Peter Gutmann contacted us and showed us a writeup
in which he analysed CIPE, VTun and tinc. A few days ago he posted this
to a cryptography mailing list, and someone posted this on Slashdot.
In response we've added a new section to the website dedicated to the
current security issues. Currently, you can find our response to Peter
Gutmann's analysis there:
http://tinc.nl.linux.org/security
I'd like to note that although his analysis sounds very serious, we
believe there is still no easy way to gain access to a VPN created with
tinc, nor is it easily possible to decrypt traffic; it's just that at
some points tinc is currently not as strong as SSH or SSL.
We do plan to address the issues in tinc 2.0, which will use a protocol
incompatible with tinc 1.x.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at sliepen.eu.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://brouwer.uvt.nl/pipermail/tinc-devel/attachments/20030926/d9f58007/attachment.pgp
More information about the Tinc-devel
mailing list