Projects / VTun / Comments

Comments for VTun

23 Aug 2004 15:29 kervel

simple VPN solution
i like vtun a lot, for its simplicity. no complex setup,

no NAT incompatibilities and so on ...

actually, i was looking for a program that just

bridged a stdout/stdin par (or a tcp connection) to

tun/tap, no security at all. i could then use ssh

tunneling to secure the connection. But i understand

udp makes a better protocol for tunneling, so i like


26 Jan 2002 22:23 cnbishop

XOR 'encryption' is only used on systems that don't have libcrypto. Michael should maybe upgrade his machine in other ways before reviewing VTund. .. and maybe explore lower case a bit more.

CBC encryption. It'll be nice, but Steinar's probably been following the discussion on vtun-devel. It'll be in 3.0.0, probably. Aldem should follow the discussion there, too, and maybe offer a few tips as well as patches.

Have I got your patch, Steinar?

05 Jun 2000 18:00 sgunderson

More secure VTUN
I've just made a patch for VTUN, which changes its algorithms from MD5 and Blowfish/ECB to SHA1 and Twofish/CBC, respectively. It appears to work properly, but it requires a bit more testing before it's released (either as part of the official VTUN tree, or here on Freshmeat as a standalone `product'). It also eliminates the need for OpenSSL (that's a 2MB download less). So... stay tuned :-)
/* Steinar */

12 Jan 2000 16:19 aldem

BlowFish? It is not enough, though :)
Well, BlowFish is good, same as a lot of other encryption algorithms, but ONLY if it is used properly.

What I've found - BlowFish in VTUN is used in ECB mode, it means, in turn, that attacker could use a very wide range of cryptoanalisys to recover the key in _extremely short_ time (say, several hours). Why? It is a little bit difficult to explain _here_, but I'd suggest to take a look on design of some protocols like SSL and SSH and (especially) explanations to what attention should be paid. Of course everyone who has experience in cryptology understand what I mean, but for those who does not:

VTUN is good enough to protect you against snifers in regular environment, but if you are going to keep in secret something _really_ significant, it will not help. For casual "hacker", of course, it provides a good protection (at least there are no public known tools to crack BlowFish encryption in ECB mode).

And last... Concerning comment above "totally insecure"... Even a XOR encryption is good enough if it is implemented in a right way, and just FYI (author of comment) - almost all encryption algorithms use XOR as final transformation over plain text. "totally insecure" mean "no security at all" - but even in first versions it was not true - protection against non-professional attacker is still protection, not good enough, but anyway...

Good luck!

04 Apr 1999 12:01 karellen

lame site
Get rid of the lame windoze distribution site. Since you
are an open source developer you could get a free webspace
and a decent subdomain at I can't use lynx
to download your cool programs nor can I use wget. And I
am NOT going to "upgrade" my browser to some Misc0$oftish


Project Spotlight


An open, cross-platform journaling program.


Project Spotlight


A scientific plotting package.