This is the security documentation for tinc, a Virtual Private Network daemon.
- Copyright 2001-2002 Guus Sliepen <guus@sliepen.warande.net>,
- 2001-2002 Wessel Dankers <wsl@nl.linux.org>
+ Copyright 2001-2006 Guus Sliepen <guus@tinc-vpn.org>,
+ 2001-2006 Wessel Dankers <wsl@tinc-vpn.org>
Permission is granted to make and distribute verbatim copies of
this documentation provided the copyright notice and this
provided that the entire resulting derived work is distributed
under the terms of a permission notice identical to this one.
- $Id: SECURITY2,v 1.2 2002/04/12 08:25:01 guus Exp $
-
Proposed new authentication scheme
----------------------------------
server CHAL_REPLY 928ffe
+-> 160 bits SHA1 of H1
-After the correct challenge replies are recieved, both ends have proved
+After the correct challenge replies are received, both ends have proved
their identity. Further information is exchanged.
-client ACK 655 12.23.34.45 123 0
- | | | +-> options
- | | +----> estimated weight
- | +------------> IP address of server as seen by client
- +--------------------> UDP port of client
-
-server ACK 655 21.32.43.54 321 0
- | | | +-> options
- | | +----> estimated weight
- | +------------> IP address of client as seen by server
- +--------------------> UDP port of server
+client ACK 655 123 0
+ | | +-> options
+ | +----> estimated weight
+ +--------> listening port of client
+
+server ACK 655 321 0
+ | | +-> options
+ | +----> estimated weight
+ +--------> listening port of server
--------------------------------------------------------------------------
This new scheme has several improvements, both in efficiency and security.
projects / tinc / blobdiff