Projects / VTun / Comments

Comments for VTun

23 Aug 2004 15:29 kervel

simple VPN solution
i like vtun a lot, for its simplicity. no complex setup,

no NAT incompatibilities and so on ...

actually, i was looking for a program that just

bridged a stdout/stdin par (or a tcp connection) to

tun/tap, no security at all. i could then use ssh

tunneling to secure the connection. But i understand

udp makes a better protocol for tunneling, so i like

vtun.

26 Jan 2002 22:23 cnbishop

CBC
XOR 'encryption' is only used on systems that don't have libcrypto. Michael should maybe upgrade his machine in other ways before reviewing VTund. .. and maybe explore lower case a bit more.

CBC encryption. It'll be nice, but Steinar's probably been following the discussion on vtun-devel. It'll be in 3.0.0, probably. Aldem should follow the discussion there, too, and maybe offer a few tips as well as patches.

Have I got your patch, Steinar?


05 Jun 2000 18:00 sgunderson

More secure VTUN
I've just made a patch for VTUN, which changes its algorithms from MD5 and Blowfish/ECB to SHA1 and Twofish/CBC, respectively. It appears to work properly, but it requires a bit more testing before it's released (either as part of the official VTUN tree, or here on Freshmeat as a standalone `product'). It also eliminates the need for OpenSSL (that's a 2MB download less). So... stay tuned :-)
/* Steinar */

12 Jan 2000 16:19 aldem

BlowFish? It is not enough, though :)
Well, BlowFish is good, same as a lot of other encryption algorithms, but ONLY if it is used properly.

What I've found - BlowFish in VTUN is used in ECB mode, it means, in turn, that attacker could use a very wide range of cryptoanalisys to recover the key in _extremely short_ time (say, several hours). Why? It is a little bit difficult to explain _here_, but I'd suggest to take a look on design of some protocols like SSL and SSH and (especially) explanations to what attention should be paid. Of course everyone who has experience in cryptology understand what I mean, but for those who does not:

VTUN is good enough to protect you against snifers in regular environment, but if you are going to keep in secret something _really_ significant, it will not help. For casual "hacker", of course, it provides a good protection (at least there are no public known tools to crack BlowFish encryption in ECB mode).

And last... Concerning comment above "totally insecure"... Even a XOR encryption is good enough if it is implemented in a right way, and just FYI (author of comment) - almost all encryption algorithms use XOR as final transformation over plain text. "totally insecure" mean "no security at all" - but even in first versions it was not true - protection against non-professional attacker is still protection, not good enough, but anyway...

Good luck!

04 Apr 1999 12:01 karellen

lame site
Get rid of the lame windoze distribution site. Since you
are an open source developer you could get a free webspace
and a decent subdomain at netpedia.net. I can't use lynx
to download your cool programs nor can I use wget. And I
am NOT going to "upgrade" my browser to some Misc0$oftish
crap.

Screenshot

Project Spotlight

ReciJournal

An open, cross-platform journaling program.

Screenshot

Project Spotlight

Veusz

A scientific plotting package.