X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=doc%2FSECURITY2;h=dfa4540526c346d55ff385c96d3a7d5151b43c9e;hp=3922f3fa4da9b151a8f0468cb53999b025004610;hb=78fc59e994c764d072bf0045177f690a378d1308;hpb=bb0870498037565209e24fbb2ffa07b815350a0b diff --git a/doc/SECURITY2 b/doc/SECURITY2 index 3922f3fa..dfa45405 100644 --- a/doc/SECURITY2 +++ b/doc/SECURITY2 @@ -1,7 +1,7 @@ This is the security documentation for tinc, a Virtual Private Network daemon. - Copyright 2001 Guus Sliepen , - 2001 Wessel Dankers + Copyright 2001-2006 Guus Sliepen , + 2001-2006 Wessel Dankers Permission is granted to make and distribute verbatim copies of this documentation provided the copyright notice and this @@ -12,7 +12,7 @@ This is the security documentation for tinc, a Virtual Private Network daemon. provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. - $Id: SECURITY2,v 1.1.2.1 2001/02/13 09:54:29 guus Exp $ + $Id$ Proposed new authentication scheme ---------------------------------- @@ -27,13 +27,11 @@ client server -client ID client 9 0 - | | +-> options +client ID client 12 | +---> version +-------> name of tinc daemon -server ID server 9 0 - | | +-> options +server ID server 12 | +---> version +-------> name of tinc daemon @@ -64,6 +62,19 @@ client CHAL_REPLY 816a86 server CHAL_REPLY 928ffe +-> 160 bits SHA1 of H1 + +After the correct challenge replies are recieved, both ends have proved +their identity. Further information is exchanged. + +client ACK 655 123 0 + | | +-> options + | +----> estimated weight + +--------> listening port of client + +server ACK 655 321 0 + | | +-> options + | +----> estimated weight + +--------> listening port of server -------------------------------------------------------------------------- This new scheme has several improvements, both in efficiency and security. @@ -107,9 +118,6 @@ Fourth: the first thing that is send via the symmetric cipher encrypted connection is a totally random string, so that there is no known plaintext (for an attacker) in the beginning of the encrypted stream. - -An explicit ACK is no longer needed, the CHAL_REPLY serves as an ACK. - Some things to be discussed: - What should CHALLEN be? Same as RSAKEYLEN? 256 bits? More/less?