Previous: , Up: Technical information   [Contents][Index]

8.3 Security

Tinc got its name from “TINC,” short for There Is No Cabal; the alleged Cabal was/is an organisation that was said to keep an eye on the entire Internet. As this is exactly what you don’t want, we named the tinc project after TINC.

But in order to be “immune” to eavesdropping, you’ll have to encrypt your data. Because tinc is a Secure VPN (SVPN) daemon, it does exactly that: encrypt. However, encryption in itself does not prevent an attacker from modifying the encrypted data. Therefore, tinc also authenticates the data. Finally, tinc uses sequence numbers (which themselves are also authenticated) to prevent an attacker from replaying valid packets.

Since version 1.1pre3, tinc has two protocols used to protect your data; the legacy protocol, and the new Simple Peer-to-Peer Security (SPTPS) protocol. The SPTPS protocol is designed to address some weaknesses in the legacy protocol. The new authentication protocol is used when two nodes connect to each other that both have the ExperimentalProtocol option set to yes, otherwise the legacy protocol will be used.