Current state of Tinc 1.1?

Guus Sliepen guus at tinc-vpn.org
Sun Dec 28 19:48:22 CET 2014


On Sun, Dec 28, 2014 at 12:25:38PM -0600, md at rpzdesign.com wrote:

> >> Although the cryptography is now separated from the rest of the logic in
> >> tinc, it is not really replaceable, since only OpenSSL is supported.
> >> However, there is also a new protocol in tinc 1.1, which uses Ed25519
> >> and ChaCha-Poly1305. The code for those algorithms is included in tinc,
> >> so the new protocol has no dependencies on external libraries.
> > 
> > Any reason not to use libsodium for this?
> 
> Or polarssl ?
> 
> www.polarssl.org

I actually tried porting tinc to use libgcrypt and libtomcrypt, but
unfortunately there is a big impedance mismatch requiring a lot of
additional code to be written just to work around it. In the end I
decided it's better to incorporate just the necessary crypto primitives
into tinc, without depending on external libraries too much.

As for PolarSSL, I don't remember it having support for ECC when I
started work on the new protocol in tinc 1.1.

-- 
Met vriendelijke groet / with kind regards,
     Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20141228/282f47fa/attachment.sig>


More information about the tinc mailing list