On Sat, Aug 10, 2013 at 03:37:06PM -0400, Sandy Harris wrote: > " On the 15th of September 2003, Peter Gutmann posted a security > analysis of tinc 1.0.1. He argues that the 32 bit sequence number used > by tinc is not a good IV, that tinc?s default length of 4 bytes for > the MAC is too short, and he doesn?t like tinc?s use of RSA during > authentication. We do not know of a security hole in this version of > tinc, but tinc?s security is not as strong as TLS or IPsec. We will > address these issues in tinc 2.0. > > Gutmann is a well-known and respected expert. His best-known > paper was one back in the 90s on reading "erased" disk drives > and what bit patterns it took to block that. Most "secure erase" > utilities around use those suggestions (even though current > drives are quite different, so those may be inappropriate now). > He has done /a lot/ of other stuff as well. > > The current Tinc release is 1.0.21 > > My reading of that is that Tinc has known problems and > they probably will not be fixed soon. To me, that means > it is not ready for serious consideration as a component > for FreedomBox.
The documentation is perhaps a little outdated. All problems mentioned by
Gutmann have been adressed in a new protocol that has been included in tinc
1.1pre3 and later.
If people are interested in using tinc to connect freedomboxes together, I
would be happy to help fix any problems that might come up. Even if tinc (as it
is) is not suitable for the Freedombox, I am very interested in discussing what
the requirements are for the Freedombox regarding VPN functionality.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <[email protected]>
signature.asc
Description: Digital signature
_______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
