X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=doc%2FSECURITY2;h=4276a018e5084c114db6959d1d5265015424536f;hp=3922f3fa4da9b151a8f0468cb53999b025004610;hb=f0aa9641e82fb6e09c1e485366d14dddaa7f7c36;hpb=c2752b961c9262386b940c2c053b9909bee22859 diff --git a/doc/SECURITY2 b/doc/SECURITY2 index 3922f3fa..4276a018 100644 --- a/doc/SECURITY2 +++ b/doc/SECURITY2 @@ -1,7 +1,7 @@ This is the security documentation for tinc, a Virtual Private Network daemon. - Copyright 2001 Guus Sliepen , - 2001 Wessel Dankers + Copyright 2001-2002 Guus Sliepen , + 2001-2002 Wessel Dankers Permission is granted to make and distribute verbatim copies of this documentation provided the copyright notice and this @@ -12,7 +12,7 @@ This is the security documentation for tinc, a Virtual Private Network daemon. provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. - $Id: SECURITY2,v 1.1.2.1 2001/02/13 09:54:29 guus Exp $ + $Id: SECURITY2,v 1.1.2.2 2002/02/10 21:57:51 guus Exp $ Proposed new authentication scheme ---------------------------------- @@ -27,13 +27,11 @@ client server -client ID client 9 0 - | | +-> options +client ID client 12 | +---> version +-------> name of tinc daemon -server ID server 9 0 - | | +-> options +server ID server 12 | +---> version +-------> name of tinc daemon @@ -64,6 +62,21 @@ client CHAL_REPLY 816a86 server CHAL_REPLY 928ffe +-> 160 bits SHA1 of H1 + +After the correct challenge replies are recieved, both ends have proved +their identity. Further information is exchanged. + +client ACK 655 12.23.34.45 123 0 + | | | +-> options + | | +----> estimated weight + | +------------> IP address of server as seen by client + +--------------------> UDP port of client + +server ACK 655 21.32.43.54 321 0 + | | | +-> options + | | +----> estimated weight + | +------------> IP address of client as seen by server + +--------------------> UDP port of server -------------------------------------------------------------------------- This new scheme has several improvements, both in efficiency and security. @@ -107,9 +120,6 @@ Fourth: the first thing that is send via the symmetric cipher encrypted connection is a totally random string, so that there is no known plaintext (for an attacker) in the beginning of the encrypted stream. - -An explicit ACK is no longer needed, the CHAL_REPLY serves as an ACK. - Some things to be discussed: - What should CHALLEN be? Same as RSAKEYLEN? 256 bits? More/less?