Slashdot Mirror
Opportunistic Encryption of IP traffic: FreeS/WAN 2.0
Russ Nelson writes "Since 1996, John Gilmore has
dreamed of an Internet where all traffic between cooperating sites is
encrypted. He has supported the FreeS/WAN project which uses IPSEC to encrypt IP traffic on
an opportunistic encrypting basis. The team has released Linux
FreeS/WAN 2.00, their first release optimized for Opportunistic
Encryption (OE). After installation, ZERO host configuration is
required for OE! A Linux box running 2.00 will encrypt all IP packets
to other OE capable boxes whenever possible, provided you publish a
key and IPsec gateway information in DNS." Nice.
A chain is as strong as its weakest link.
This applies to cryptography as well.
In the Oppertunistic Encryption scenario, DNS is probably the weakest link. Spoof KEY records and you can launch a man-in-the-middle attack.
I've heard these systems are notoriously slow to encrypt the data depending on what is being encrypted. Is this true?
PS. Where'd the icons for the front page stories go?
If this sort of technology were to be rolled into the main distributions as well as Microsoft/Apple packages, the internet would then have a decent level of privacy.
I was wondering... would this have application for wireless, either between a workgroup bridge (like the Ciso one) or a single pci/pcmcia card and an AP or mesh of APs? Seems like it could be better than WEP, especially if it was just as easy to implement on a small scale non-DNS based solution (hosts file, ssid, hard coded ip range, etc.)
Don't blame me, I voted for Kodos
I think this idea of a "meta-SSL" is a really good one--not only can we encrypt the data stream, but also the headers. Of course, we'd still need to deal with session keys and the problem of "known response" attacks, but assuming we can fix that, this looks really promising.
(And of course, it would be best if we could implment this on the hardware of the routers themselves, rather than rely on the OS...*cough* M$ *cough*).
Q: "Why do sound techs say 'check 1, 2'?"
A: "Cause if they could count any higher they'd be lighting techs."
this uses public-key encryption, which may be an "easy" algorithm but is certainly not secure because given enough clock cycles, the public key can be used to derive the private key. I suspect the NSA has enough computing power to start packet sniffing a particular target within hours if not minutes of this going up.
You can't judge a book by the way it wears its hair.
Anyway, this will never work - there's too many clueless administrators out there who will think it's just someone attacking their core routers or overloading their DNS server, or something else equally inane, and they won't bother to check what the port really is.
Problem is, the requirements include:
"* either control over your reverse DNS (for full opportunism) or the ability to write to some forward domain (for initiator-only)
* (for full opportunism) a static IP"
Don't know about the US, but over here >90% of all cable/DSL is on dhcp and I'm fairly sure you don't control your reverse-DNS.
I'm not sure of the role the static IP plays in this, but it would be nice if it could be hacked around so that dhcp-assigned IPs could be used too (scripting updates to DNS on change of IP is easy). Maybe put them (a range of IPs instead of one) in a lower security class if need be.
Belief is the currency of delusion.
However, this is not yet a complete solution for the average user. For one thing, it's Linux only, which puts it out of reach of the majority. Secondly, and this I absolutely cannot believe, they've killed off Trinity in their Matrix sequel. But most importantly, you've got to have access to DNS to make it properly work!? Why can't a new ICMP handshake be used to exchange keys between a new connection (and queue them) so that this doesn't have to rely on a third-party?
So, while this is a good first step, I think there are greater things that will yet be accomplished.
Mod this down!
But of course it's nice to see this getting more exposure. The problem with IPSEC has always been the hassle of setting it up. Having encryption kick in "automagically", is a good thing to have.
(I realize the articles listed are 8-9 months old, but clearly the issue is still relevant.)
I'm unfortunately not running OE, as my DNS provider (UltraDNS) did not provide the capability to add KEY records to a zone at the time I went through the installation process. Not sure if they do so now; perhaps time to check! I'd be interested in discovering which DNS providers do or do not provide the ability to insert KEY records into zones.
Wonder if I could just tell my email server to only accept encrypted connections from trusted sources to stop spam. This would definately work for seperate corporate mailservers that need to connect to eachother across the internet eliminating the need to maintain them on a private network.
I mean, you install this thing, and you'll have some random connections be encrypted. But it would still be foolish to 'trust' any regular internet connections. This type of technology might give people a false sense of security.
I realize the point is just to get more encrypted data out on the net, but this just seems pointless to me.
autopr0n is like, down and stuff.
should be banned from the (stupid techie) english language.
This no more gives a false sense of security than SSL does.
"The only widely used encryption algo that the NSA can crack is 56bit DES, and it has already been phased out. "
Um...no. Straight single block 56DES has, but streaming and triple block hasn't.
Tell those ISPs to go fsck themselves.
IPSec traffic OFTEN looks like "hack" attacks - weird, short packets, protocol 50 and (sometimes 51), streams of UDP 500, etc. Because it's all binary, its more likely to trigger the "shellcode" sort of alerts. An IDS will see the binary stream "F00F" in your payloads and assume you're doing a DoS attack or something. Trust me, I know - I helped build the first version of Guardent'sIDS solution.
I want to delete my account but Slashdot doesn't allow it.
If you've got a static ip block that is smaller than 255 addresses, most ISPs will only let you assign names/keys/other to your ip addresses through classless reverse delegation (RFC 2317 http://www.ietf.cnri.reston.va.us/rfc/rfc2317.txt)
.
The problem I ran into was that KEY requests never reached my servers (CNAME, TXT, others worked fine). This made it impossible for other OE enabled systems to communicate with me since my box seemed to be configured to talk OE, yet they could never get my key to begin negotiation.
Another terrible side effect from this was that any OE server I DID try to communicate with would KEEP TRYING to negotiate with me forever until I could get them to shutdown their OE...
Has anybody thought about the fact that this removes the option of network level filtering? Think about the scenario in which a virus is created that spreads quickly via web servers (e.g. IIS). Currently, it is possible to filter out viral traffic because the routers can inspect the messages. This prevents the spread of the virus even though the hosts/severs remain vulnerable.
Once all traffic is encrypted using OE, the routers/firewalls cannot recognise the type of traffic anymore, and virii will be able to spread to all vulnerable hosts.
I really love the idea of opportunistic encryption, and I used to think that I'd like to see it added to email. Once people have exhcnaged mail with each other, all further traffic would be encrypted. This could be done in the clients, and wouldn't require any changes to the email infrastructure at all.
I know that there are lots of problems with it, mostly related to key management. It wouldn't be perfect security, it might not even be good security. But it's a lot better than plaintext.
What you'd want would be a way to take control of the keys when you thought it was necessary, an opportunistic system that would get the best key that it could find, but which would allow you to override whatever the opportunistic system would do on its own.
The problem I have with this now is that I'm not sure I oppose government surveillance any more. It's a horrible thing to say for someone who spent the early nineties lurking on cypherpunks. I think that they've been able to clamp down on terrorism pretty effectively, and I don't see much evidence that the power has been misused.
I'm getting old, and turning into one of those people I had contempt for -- a guy who is willing to trade freedom for security, and who deserves neither.
But I do think that from a technlogical standpoint, opportunistic encryption is the way to go. It's a great, clean, simple idea.
The most successful use of crypto for the general public is SSL on the web. It works because it's transparent, no one has to think about it. That's why opportunistic encryption rocks.
Perhaps -- and this is a real stretch -- what we really want is a whole new email system, one that's designed to be robust in the face of things like spam, and that includes things like encryption, etc. Dual protocol clients could "opportunistically" move communications from the old system to the new one totally transparently. After a few years, we could all turn off the old email protocol.
Opportunism is a great way to look at upgrading protocols.
Too bad the FreeS/Wan setup is just way too hard.
I've decided to wait for linux 2.5's native implementation.
If this becomes popular, I can see the intelligence agencies having a fit.
Probably.
They might lose one of their best information feeds; the internet.
Maybe. The thing is that the intelligence agencies are plagued by too much data, and sniffing the internet doesn't help much. Maybe Carnivore is useful, but I think they probably are having trouble looking through all that.
f this sort of technology were to be rolled into the main distributions as well as Microsoft/Apple packages, the internet would then have a decent level of privacy.
Maybe. There's SSL for most sites where you would really care though. And traffic analysis would still be possible unless they encrypt the IP headers (ie, go to IPSec). And a lot of the privacy loss is when the database of Merchant X gets hacked / sold out to spammers, and all the encryption in the world will do very little against that. No, I take it back, anonymous digital cash and IPSec should do something.
I hereby place the above post in the public domain.
It just isn't.
Hey! You're never too old to realize trading freedom for security is a bad idea!
I'm against terrorism as much as the next guy, but let's look at the facts here. Government is never going to release official documents giving true statistics on how often interception of secure communications resulted in capture of a terrorist.
Say they invade the privacy of 50,000 individuals, and mistakenly go after 25 people from this information. Finally, they get 2 terrorists. What do you think the news is going to say? I'd wager it'll trump up how "2 suspected terrorists were captured today, thanks to interception of emails between them and known Al Queida leaders."
It's not that you're receiving incorrect information/news. It's simply that it's filtered.
In any case, I'm a firm believer in giving people the tools they need to accomplish a task, and letting them take charge of their own destinies. Opportunistic encryption is certainly a nice "tool" to add to the computer toolbox.
Right now, the biggest problem we face with encryption tools is automatic suspicion we're doing "something bad/wrong" just because we use it. If it gets rolled into OS's as a default option, that silly argument vanishes.
I fiddled with both FreeSWAN and the OpenBSD implementation of IPSEC. Trying to get them to interoperate was a total nightmare, primarily because of the differing key exchange protocols. At the time I wanted to use OpenBSD server side because it supported hardware crypto cards while Linux didn't, which is now a non-issue with current Linux kernels.
I still think that straight IKE (Internet Key Exchange) is a better method of handling key exchange than DNS - it just seems like we're adding too many unrelated record types to DNS, which is leaving us with a mess of clients/servers that can and cannot understand certain records. The AFS folks have done the same thing, yet I don't see AFS records in DNS maps all over the place. One point I'll make about this, we used to have hesiod records in our DNS maps which we had to rip out when we last upgraded BIND because it didn't understand the record type and would puke and die on startup. DNSSEC only makes the problem worse - unless everyone agrees to support the new record types and upgrades.
OTOH: automagically performing a key exchange and then setting up a transport mode point to point IPSEC exchange is a very cool thing! Most people think IPSEC is about tunneling whole IP networks within the IPSEC protocol, but ubiquitous transport mode is really the holy grail of IPSEC. Basically it allows one to encrypt any TCP/UDP stream without regard to the underlying port side protocol - thus making ssh, httpssl, ftpssl, etc redundant. Telnet, ftp. http, etc suddenly becomes secure by default without the user having to do or know a damn thing! This is a far more elegant general purpose solution than the variety of encryption schemes we use today, each with their own idiosyncrasies, potential security holes, and command line switches.
Go FreeSWAN team!
--Maynard
Opportunistic encr#!+"*ç+324 @¦#!!!
I understand your points, and I really felt the same way before 9/11. And it's a hard thing to talk about, because the government seems to keep a lot of information from us.
But I wonder: why don't we see more terrorism here than we do? Why do other countries, who are far less involved in the rest of the world, see so much more? It's especially puzzling when you think about how open our society is -- it's easy to move around, to do whatever it is that you want to do.
Part of it, I think, is that people know that we will respond with overwhelming force. That's what happened to Afghanistan.
But part of it, I think, is the surveillance. I think it's a big part of it.
On the flip side, I don't see much of that information, the stuff they get by doing surveillance, showing up in everyday life. I know people who use drugs, who do unusual things sexually, who send emails back and forth criticizing the government and the president, etc. And nothing bad ever happens to them. Whoever is listening, if anyone is listening, isn't acting on that sort of stuff.
It seems to me that we have, as a practical matter, the freedom to do just about whatever we want. I say this because I know people who do all sorts of stuff, things that society disapproves of, even things that are illegal. And the system, such as it is, tolerates this.
The fear of surveillance is that it will produce a police state. I just don't see that we're living in a police state. I went to berlin and a couple of eastern bloc countries before the iron curtain came down, and this isn't like that. You can do what you want here.
On a practical level, I don't think there's any question that what we're giving up is more than paid for by what we get by the surveillance. The problems that I see with it are either (a) philosophical, or (b) fears about what might happen in the future, when the people running the system will probably be less scrupulous than they are now. The last thing, in particular, is a real problem for me.
It is really extraordinary, though, that the US can be as hated around the world as it is, that we can be as open as we are, even going so far as to have lots of the people who hate us living here, and that things are nonetheless quite safe.
My feeling is that we have to acknowledge that, on a certain level, before we start agitating. I'm not suggesting that things couldn't be better than they are -- just that before we talk about changing things, it makes sense to acknowledge the good things in the status quo, so as to make sure we don't inadvertently toss that stuff out when we make changes.
So, other than windows 2000's native IPsec support, is there another (legally) free-as-in-beer IPsec client for commercial windows users?
The only one I've seen was the one that came from PGPnet or Desktop or something - and it was only free for non-commercial users.
I know some commercial vendors' vpn clients do support standard IPsec connections (Nortel, Cisco, etc), but AFAIK it's not legal to use them if you haven't bought the company's products...
The FreeS/WAN IPSEC implementation is seperate from the implementation that will be included in the Linux 2.6 kernel.
The big question is - Is it compatible? and will FreeS/WAN evolve to use the IPSEC implementation.
I've used 1.9, and it worked fine for me, but I find the iproute2 and IPSEC implementation in the 2.5 development branch of the Linux kernel somewhat more interesting.
So, what exactly has changed? The US psyche has been changed because this is the first time there was a large number of innocents on your home soil. Previously, even during full-scale wars, the US mainland has been safe.
However, the many parts of the world have had death on their doorsteps for years. Why change your views on privacy and civil liberties on one event? The "Everything changed" thing just isn't true.
Why do other countries, who are far less involved in the rest of the world, see so much more?
Most terrorism is related to territorial disputes, e.g Northern Ireland/IRA, Basque Region/ETA and Saudi Arabia/Al Qaeda. Many countries don't have terrorist attacks in them at all, so I wouldn't go so far as to say the US is more or less targeted than anywhere else that has a terrorist problem.
Also, the US is no more "open" than most places in the free world, where a lot of the terrorism seems to be.
It is really extraordinary, though, that the US can be as hated around the world as it is, that we can be as open as we are, even going so far as to have lots of the people who hate us living here, and that things are nonetheless quite safe.
No one hates you. They hate some of the things your government has done. Only extremists see that as validation for killing civilians.
What do you mean, not expecting them?
How do I enable this feature in Windows 2000?
The only widely used encryption algo that the NSA can crack is 56bit DES
Feel free to believe in this yourself, but please do not 'clear some things up' this way for other people. Everything that you've said is on the must be prefaced with It is commonly believed in my circles in block letters.
WTF is a 'brute force for public key encryption' ? Did you ever heard that assymetric key recovery is essentially a factoring challenge, which is never solved with brute forcing ?
The DES/NSA statement is simply hillarious. I guess it needless to say that unless you're an NSA insider, your words worth nothing.
And, dude, pubke encryption is not 'the only one that allows authentication'. It is in fact used for this purpose in some architectures, but there are plenty authentication schemes that do just fine and rely on other cyrptographic means.
3.243F6A8885A308D313
After installation, ZERO host configuration is required for OE! A Linux box running 2.00 will encrypt all IP packets to other OE capable boxes whenever possible, provided you publish a key and IPsec gateway information in DNS." Nice.
Zero Configuration implies no work done by user.
You contradict that in the rest of your post.
In general, the problem of "how do you have a secure conversation with a stranger?" in unsolvable. If you're communicating with somebody you know, you can set up pre-shared keys or X.509 keys or some equivalent and use them. We've had VPNs for a couple of years, and FreeS/WAN has done them, which address the problem of only talking to your friends. This stuff is relatively cool, except that most people don't have good control over their reverse DNS, even if they do have static IP.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
One can just send a public key out to anyone who wants it.
It has nothing to do with the mathematics of the algorithm, which are also rather trivial. Ever seen Cube? Kazan could crack such keys mentally!
You can't judge a book by the way it wears its hair.
Anyway, this will never work - there's too many clueless [ISP] administrators out there who will think it's just someone attacking their core routers or overloading their DNS server, or something else equally inane, and they won't bother to check what the port really is.
I assume you're talking about ISP administrators, since you mention core routers, and because FreeSWAN won't attempt ANYTHING unusual with an end site unless that site published an invitation in its DNS records.
Perhaps the scenairo you mentioned was common when IPSec was first being rolled out. But at this point it's much more common, so that shouldn't be an issue.
And if it still IS an issue, it will stop being an issue once FreeSWAN is rolled out, so that IPSec traffic is much more common.
But if your ISP has enough manpower to hassle everyone who turns on IPSec after the next couple weeks, you're being overcharged and need to switch carriers. B-)
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Unfortunately, full opportunism (both incoming and outgoing connections being encrypted) requires you to have a static IP and control over your reverse DNS entries. I will have that someday, but I can't really afford it yet. Also, I doubt many people will jump for that in the future, but I guess one never knows..
There was even one company who it ended up being discovered was hacking me!
How do you know someone else didn't use your computer to hack, having nothing to do with IPsec?
Sounds like IPsec is fine and you're just a bad sys admin. (or you use Microsoft Products).
Some time ago a mailing list on a controversial subject was running on my home machine. One of the rules was that no criminal activity could be discussed or facilitated via postings to the list.
As a matter of policy, while that list was running all traffic both on the list and to and from the machine was UNencrypted.
The reasoning:
- Someone unhappy with the subject matter of the list, with being kicked off it for misbehavior, or just mad at the list operators for unrelated reasons, might file a tip with a police agency claiming illegal activity.
- Due to the list's subject matter, the tip might be considered credible.
- If the traffic to the site was UNencrypted, they could obtain a wiretap warrant and examine it offsite (and would prefer to do it this way).
- If any of the traffic to the site was encrypted, they would have to sieze and examine the machine to satisfy their investigation, causing considerable disruption. (And they might also take encrypted traffic as a confirmation of the tip.)
The list administrator says it well: Leave it unencrypted and they get to bore themselves to tears.
The list was retired (and a successor started at another site) before I needed to do encrypted traffic between home and work.
That was quite some time back, and encrypted traffic was uncommon then except for security agencies, a very few businesses, a few experimenters, and a few crooks. At this point encryption is far more common - what with VPN, SSH, and IPSec. And with ready-for-primetime FreeSWAN it will become still more comomn.
But the core of the original risk is still there: If you're using world-class encryption, and the government gets a bee in its bonnet about you doing something undesirable, they'll need to physically search your machine for evidence or keys, or plant an onsite bug such as a keyboard monitor, to find out what you're up to. (Or they'll find it less expensive to do it that way than try to crack your encryption from outside.)
Fortunately, a sudden widespread deployment of encryption can get us "over the hump" - going past the point where it is rare enough that security agencies can target people who use it, to the point where wiretapping is pointless and searches on only suspicion-plus-encryption are too expensive.
That would create an economic incentive to avoid fishing expeditions and mostly search only on credible evidence of wrongdoing (plus an occasional governmental rape of a political enemy or other terrorist action against an outgroup or annoyance-to-cops).
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Why no release something "compatible" with another systems?
that opportunistic encryption has been cracked to 2048 bits- last week- and we will demo it in ONE HOUR.
Almost no home users have control of their reverse DNS (and most of those who do don't know how to configure it).
This kind of "hope nobody does a man-in-the-middle attack when i connect for the first time" thing has been done before (perhaps better, juding by the brief description) in SSH Sentinel.
FreeS/WAN's idea is a good one, DNS is just a bad way to make it happen currently. Maybe there should be a separate simple key exchange protocol for this (based on JFK perhaps?)
Nobody is innocent here. You're born, you take your chances. No, you didn't ask to be born, but no one else did, either. Natural disasters and Microorganisms don't discriminate between those we view as "innocent" and everyone else, so why the hell should we?
We call them innocent because they're society's vulnerable point. Our children, our women. We're hell-bent on propogating the species, and not a single fucking person has ever had the balls to ask why, or come up with a good reason for doing so. We fuck because it feels good, and that's the end of it, right?
Morals, ethics, innocence, law. They're all based on our desires for fairness in life. News flash, life isn't fair, and never will be. 20,000 people die every day. Get over it.
If an Iraqi dies, and nobody knows his name or that he even existed, was he really alive? Does anyone care?
... the government only uses as much "terrorist" incidents as are required to accomplish their tasks.
..disturbing.
Don't get sucked into the propaganda that so many do. OKC, WTC attack 1, WTC attack 2, and the anthrax attacks were all shadow government inspired, lead, allowed to happen, known about in advance, all of the above. they accomplished their tasks. You said
"And it's a hard thing to talk about, because the government seems to keep a lot of information from us."
Yes, but sometimes they are lame enough to get caught at it. It's a matter of taste, how many times do you personally have to be lied to before you stop trusting someone? What's your tolerance threshold?
Are we still free? No, not even near as free as we were just a few decades ago. I'll tell you I NEVER went through random courtesy "roadblocks" before, back then. I didn't need electronic thumbprints for a "license", there wasn't a video camera on almost every corner. We didn't have random "school shootings" with a common denominator of student forced drugging and adult "mentors" that seem to always coincident time wise with important legislation action in congress. we didn't have "anthrax" attacks when other important 'security" legislation was being ramrodded through. we didn't have random "mad sniper" attacks in the DC area when, again, extremely important 'security" legislation was being "debated. on and on, there are a lot of strange "coincidences" the past several years.... Now we DID have an obvious presidential assassination that "they" got completely away with, and some of "they" are still alive name brand humans. Hint, see "secret police" as a keyword to jog the memory cells. If it's in another nation we say "secret police". Use the same terms, don't switch them around to feel more comfortable. Just be fair looking at any nation, then things get clearer. Is it as bad as east germany before the wall came down? No, it's not, but ask yourself this very important question, do you WAIT until it really is _that_ bad, or do you assemble the clues, note the trends and patterns,do some extrapolation based on what you can see and find out now, look back, do some ball park figuring, and decide it WILL get that bad if it's not stopped in it's tracks on the way there? Or do you just say "heck with it, it's not as bad as nation x" and excuse what is happening? "Well honey, shutup, you just got raped and beat up, but it could have been worse you know, that bad man could have sliced you up". It's the same sort of logic train, obviously sorta flawed, but it's a decent analogy.
I'll tell you,just anecdotally, until you *personally* have been a victim of government "wrongness", or see it happen to someone close to you, you will not make the connections as readily, you will not see it as "bad" as the actual victim,you might deny it ever even happens perhaps, you'll keep it as an intellectual curiosity. You mentioned it, you personally haven't seen it. I'll tell you personally it happened, still happens, and is getting worse. Your turn will come, you can wait, or look around for evidence it has happened, and believe me, you'll find it if you honestly look for it. Just like innocent people-anywhere- who get blown to bits, they (would if still alive) think it's a tad worse than being labeled as "collateral damage".
Best recommendation for anyone,in any nation, society, group, political party, is to STEP BACK for a sec intellectually away from being in that "group", take an honest clean room look at things. You can't see the whole if you are in the middle of it, you have to take a step back.
Oh, 9-11, back to that, just google 9-11, government prior knowledge, involvement, that will get you going. It is NOT as cut and dried as the 6 o clock news and joe government say it is. It just ain't. Basically, it's a reichstagg event. it's being used in an identical way. but, look yourself, you'll see some interesting coincidences and unanswered questions and some odd bits of data that are rather
http://www.ietf.org/rfc/rfc1149.txt
A Standard for the Transmission of IP Datagrams on Avian Carriers
This memo describes an experimental method for the encapsulation of IP datagrams in avian carriers. This specification is primarily useful in Metropolitan Area Networks. This is an experimental, not recommended standard. Distribution of this memo is unlimited.
The author's posting sounds like those people who troll about "NSA put a backdoor in PGP" and rot like that. Some of them are motivated by the fun of trolling, while some sound like they're spook sympathizers deliberately trying to undermine the public's use of crypto.
In sheenmaster@frob.us 's case, he's got a product on his website about his product FlameCrypt, which given his Slashdot posting I wouldn't touch with a 10-foot pole even if it did have documentation and the algorithms posted where you can get at it without registering on his site and/or downloading the program. Crypto people are concerned about privacy and about good documentation.... What I could find about it on Google\(tm was a reference to earlier versions that let you put in your own algorithms and "an algorithm generator program to automatically create new algorithms." Pure snake oil, which is consistent with his flame. Too bad - his web site had an entertaining counterflame about all the spelingg missteaks being intenshunnul.
*Minor exception - Elliptic Curve is 2**N, so it can get away with shorter keys than RSA or Diffie Hellman, but it's a newer theory and not everybody's convinced that a theoretical crack won't show up. It tends to have annoying patents on some of the versions as well, but it's convenient to be able to use 165-bit keys instead of 1024- or 2048-bit keys when you're trying to save space in packets or autogenerate the keys from passphrases. Also, the work factor I gave for RSA cracking is very approximate, and depends on what the best factoring algorithms are this year. But the basic principle has been constant for a long time, which is that a small linear or quadratic increase in encryption workload causes a basically exponential increase in cracker workload, and we've been on the pro-privacy side of that curve since before PGP first came out. Moore's law has meant that since PGP was good enough to use 512-bit keys on an 8086 in 1991, and 1024-bit keys on a state-of-the-art 386, back then, 2048-bit keys have been usable since about 1994 on a Walmart-quality PC, and your cellphone could have been running 1024 bit keys by about 1997 if the NSA and their equivalent thugs in Europe weren't pretending that they were forcing cellphone companies to use crippled crypto to keep the Commies from using it.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
If your reference to streaming is to things like RC4, as opposed to OFB or similar DES modes, RC4-40 is of course toast, as demonstrated so thoroughly a couple of years ago that NSA gave up on making rules about it. The distributed.net folks apparently don't know when to quit :-), so they not only cracked RC5-56 and just recently RC5-64, but are going for RC5-72. RC4-128 is just fine, except if you use it for things it wasn't designed for (3 or 4 of the 7 main things wrong with Microsoft's PPTP were boneheaded-dumb misuse of RC4's requirements, and the WEP 802.11 folks found more creative ways to use RC4 for things it wasn't meant to do.) But as long as you use it the way it was designed to be used, it's strong enough, and it's just about the minimum-CPU crypto algorithm out there for general-purpose computers.
I'm not bothered that the most common SSL implementations do RC4-128 instead of 3DES - they usually have much more serious implementation problems (:-), such as not firewalling the hardware adequately, and they should also generally be using Perfect Forward Secrecy modes and often aren't.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
A lot of credit also has to go to Netscape, who put encryption technology on everybody's desktop by including it in their browsers, which of course forced Microsoft to include it in IE as well. It's a different technical approach to attaching the crypto to the network, but you can use web browsers to downloaded encrypted files, read your webmail, etc., which is a large part of the problem space. Some of the core Netscape crypto developers were three brothers who also hung around Cypherpunks... The fact than a one-line ascii patch could "fix" the 40-bit crypto in Netscape and make it 128-bit was only partly technical convenience. And the "Develop and ship the code so people can use it" approach to protecting civil liberties is a lot more direct than ask-permission-first lawsuits, though some people went to extreme risk trying to keep their asses out of jail after doing so, like Phil Zimmermann. The FreeS/WAN people have also been taking this approach for a long time - it's developed entirely outside the US to avoid being subject to US crypto export requirements (John's a funder, and a user, not a developer for this stuff.)
Technology like this _has_ been rolled into popular software - the Internet stimulated awareness of the business need for crypto at around the same time that computers got fast enough to make it relatively practical. Virtual Private Networks are a different part of the IPSEC space than Opportunistic Encryption, since they're designed for letting approved people have a private conversation rather than letting just anybody access your machine, but they've been a standard business capability for a few years now - otherwise telecommuters would have to dial into dedicated modem pools, and if you remember running those, they were expensive and annoying to maintain. The IPSEC crew were an important part of the industry standards work, going to the various bake-offs to make sure things really interoperated, and having a free implementation that was vendor-neutral was a big help in getting everybody working together during the early still-flaky days. Middle-aged Microsoft operating systems had PPTP VPNs on them. They were terribly broken, and I think the WinXP stuff has real IPSEC built in, though that may only be XP Pro. And gradually there'll be better-working stuff there.
There are a lot of packages using SSL and SSH to do crypto
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
The debate about whether to do crypto at Layer 1, 2, 3, 4, or 7 has been going on for over a decade and a half. (Some people argue that crypto in the SSL/SSH sense is really layer 5 or 6, one of those OSI Session or Presentation Layer things that the TCP world doesn't worry too much about, but alternatively you can call it Layer 4 :-) Physical and Link-Layer crypto are fine for private networks - WEP is basically a Layer 2 crypto system which would be a good thing if it weren't badly thought out and badly implemented, and the NSA has been using Layer 2ish crypto on X.25 networks since the 80s, back when X.25 was the way you did international data networks. IPSEC has the advantage that it protects _all_ the communications between your machine and another machine, which can be really effective if that matches your communication patterns, and it means that the applications inside don't need to be modified to use crypto as long as they run over vanilla IP. Layer 4 cryptosystems like SSL and SSH are much more trouble - applications need to know about them, and they don't protect the machine against protocols that don't use them, but the operating system doesn't need to know, and intermediate routers and such don't need to know about it, so it can be more convenient to implement for applications that can use it. Layer 7 - things like PGP-or-S/MIME-encrypted email or encrypted file systems - is obviously much more customized, protects even fewer things, but sometimes it's the right way to go also.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
VPNs are an easier way to use IPSEC than Opportunistic Encryption is - they're designed for only talking to machines you know and trust and have administrative relationships with, so it's a much simpler problem. As kmcmartin points out, FreeS/WAN has had this since early on (at least in combination with the standard firewalling capabilities.) In addition to letting ipsec packets through, you actually also need to allow UDP 500, which is the connection setup protocols, and you usually want DNS as well, depending on how you plan to identify machines that you're willing to talk to.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
However, there are some cable modem companies that really object to anything VPN-like. It's nothing technical, just pure greed. They assume that if you're using IPSEC, it's a VPN for work, and they have a higher price for "business ISP service" than for "residential". There are even a few DSL companies this rude and clueless. Most Cable modem companies and some DSL companies also object to running anything server-like on their networks, because they're worried about overloading their asymmetrically small upstreams, and because they've got a leftover habit of paranoia about bad performance due to early equipment problems, all those PacBell "WebHog" TV commercials, worries about bad PR from neighborhood porn web servers hogging the cable, etc.
While most cable modem companies are still desparately clue-deficient, they've at least mostly figured out that one reason people are buying broadband in the first place is to be able to work from home, and that means that customers _are_ going to use IPSEC and not just fetch HTTP and POP3, and now that telco DSL service is widespread, they're a little more responsive to competitive pressure.
Some telco DSL providers are apparently clueless about this also, but relatively few.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Since when does MUA = OS?
Most of my background is in WAN engineering and *nix administration, but much of my current paying work is W2K administration (and a bit of *nix). Outlook Express is on my list of software that is not allowed on our company LAN. Why? It's crappy. It has what may be the worst security history of any software product (unless IE is worse), and still isn't RFC-compliant WRT handling PGP-or-GPG-signed email.
My point is that whether or not you think is crappy or not has nothing to with whether is crappy or not.
Outlook Express is a crappy application, and would be so even if it had a Linux version. I would still not allow it on our network.
By way of contrast, let's consider Konqueror, which in its latest version I have come to consider the best web browser available, on any platform. Regardless of whether you think it's running on a crappy OS or a good one, the application is outstanding. It's rendering is extremely fast, it offers the finest-grained security control of any browser I've used, and the best bookmark management system as well (IMO). The only thing any competitor has on it is Mozilla's Personal Folder Toolbar, but I can fake that one pretty well in Konqueror with minimal effort. The only other browser really close to Konqueror is Opera. Mozilla/Galeon/Netscape are in the same league but not on the same level.
I understand how bidirectional OE works, and how that is neccessary for an OE gateway.
Question is, anyone know about OE on a masquerading gateway? Their implementation seems to be for a non-masq gateway with DNS records hosted by the ISP.
Or will a simple bidirectional OE sans gateway mods work for a masq connection?
Anyone familiar with this?
Traffic sniffing between gateways is actually
rarely feasable since it usually requires
access to a router squarely in the path of the
packets. Most traffic sniffing happens on local
LANs with disparate machines that do not support
SWAN.
The real use of SWAN is for virtual private
networks. However in the common case of a
VPN with a group of known gateways, no
key exchange is necessary since you could
simply share a symmetric key. Preconfiguring
a server with a secret symmetric key is
easier from a installation+maintanance
perspective. And its easy to understand as
well --- most admins do not understand public
key crypto.
Couple this with the fact that
- Most Linux distributions will not ship with
SWAN enabled by default
- There are significant CPU overheads to
encryption.
- The latency of key exchange is not
insignificant.
- You don't need SWAN to a web server when
you have SSL/TLS. You don't need SWAN to
a shell session when you have SSH or
srptelnet etc.
use it IMO.
Of course it's essential that Linux supports it
for compatability reasons. So well done to the
SWAM team all the same.
-paul
No one hates you. They hate some of the things your government has done.
I take it you've never been called "fucking american" when you didn't understand how to use a foreign nation's subway system. I don't expect ppl to like me, but i expect them to respect me as a human being.
http://soylentnews.org/~tibman
RFC 3445
This caused massive problems so the DNS Extensions working group has eliminated it. This has been true since December 2002 and 3445is now a proposed standard as well as an RFC so the FreeS/WAN guys are making a really major mistake. The record sub-type bits they're using are now defined as RESERVED status and "MUST be set to 0 and MUST be ignored by the receiver". Once enough DNS servers have implemented RFC 3445 the records won't propagate through the system at all. There are better ways to do this - take a look the leading underscore system that SRV records use (synthetic sub-hosts on a per service basis). Special TXT records are still fully usable or they could simply go to the DNS-EXT working group and say "Hey, we'd like to define a new record type. What's the best way to do it?" Opportunistic encryption is a big step forward, but it's useless if it's broken by design and the arrogance of ignoring the IETF is the kind of thing that's slowly edging FreeS/WAN towards irrelevance.
How about:
off topic -1
stupid dickhead child -1
goatse.cx lover -1
dumbass -2
Only idiots have mod points today?
He's an ass, and the first rule of slashdot is that other asses also get mod points.