-In August 2000, we discovered the existence of a security hole in all versions
-of tinc up to and including 1.0pre2. This had to do with the way we exchanged
-keys. Since then, we have been working on a new authentication scheme to make
-tinc as secure as possible. The current version uses the OpenSSL library and
-uses strong authentication with RSA keys.
-
-On the 29th of December 2001, Jerome Etienne posted a security analysis of tinc
-1.0pre4. Due to a lack of sequence numbers and a message authentication code
-for each packet, an attacker could possibly disrupt certain network services or
-launch a denial of service attack by replaying intercepted packets. The current
-version adds sequence numbers and message authentication codes to prevent such
-attacks.
-
-On September the 15th of 2003, Peter Gutmann contacted us and showed us a
-writeup describing various security issues in several VPN daemons. He showed
-that tinc lacks perfect forward security, the connection authentication could
-be done more properly, that the sequence number we use as an IV is not the best
-practice and that the default length of the HMAC for packets is too short in
-his opinion. We do not know of a way to exploit these weaknesses, but we will
-address these issues in tinc 2.0.
-
-Cryptography is a hard thing to get right. We cannot make any
-guarantees. Time, review and feedback are the only things that can
-prove the security of any cryptographic product. If you wish to review
-tinc or give us feedback, you are stronly encouraged to do so.