simple VPN solution
i like vtun a lot, for its simplicity. no complex setup,
no NAT incompatibilities and so on ...
actually, i was looking for a program that just
bridged a stdout/stdin par (or a tcp connection) to
tun/tap, no security at all. i could then use ssh
tunneling to secure the connection. But i understand
udp makes a better protocol for tunneling, so i like
XOR 'encryption' is only used on systems that don't have libcrypto. Michael should maybe upgrade his machine in other ways before reviewing VTund. .. and maybe explore lower case a bit more.
CBC encryption. It'll be nice, but Steinar's probably been following the discussion on vtun-devel. It'll be in 3.0.0, probably. Aldem should follow the discussion there, too, and maybe offer a few tips as well as patches.
Have I got your patch, Steinar?
More secure VTUN
I've just made a patch for VTUN, which changes its algorithms from MD5 and Blowfish/ECB to SHA1 and Twofish/CBC, respectively. It appears to work properly, but it requires a bit more testing before it's released (either as part of the official VTUN tree, or here on Freshmeat as a standalone `product'). It also eliminates the need for OpenSSL (that's a 2MB download less). So... stay tuned :-)
/* Steinar */
BlowFish? It is not enough, though :)
Well, BlowFish is good, same as a lot of other encryption algorithms, but ONLY if it is used properly.
What I've found - BlowFish in VTUN is used in ECB mode, it means, in turn, that attacker could use a very wide range of cryptoanalisys to recover the key in _extremely short_ time (say, several hours). Why? It is a little bit difficult to explain _here_, but I'd suggest to take a look on design of some protocols like SSL and SSH and (especially) explanations to what attention should be paid. Of course everyone who has experience in cryptology understand what I mean, but for those who does not:
VTUN is good enough to protect you against snifers in regular environment, but if you are going to keep in secret something _really_ significant, it will not help. For casual "hacker", of course, it provides a good protection (at least there are no public known tools to crack BlowFish encryption in ECB mode).
And last... Concerning comment above "totally insecure"... Even a XOR encryption is good enough if it is implemented in a right way, and just FYI (author of comment) - almost all encryption algorithms use XOR as final transformation over plain text. "totally insecure" mean "no security at all" - but even in first versions it was not true - protection against non-professional attacker is still protection, not good enough, but anyway...
Get rid of the lame windoze distribution site. Since you
are an open source developer you could get a free webspace
and a decent subdomain at netpedia.net. I can't use lynx
to download your cool programs nor can I use wget. And I
am NOT going to "upgrade" my browser to some Misc0$oftish
An open, cross-platform journaling program.
A scientific plotting package.