| … | |
… | |
| 12 | |
12 | |
| 13 | VPN is an acronym, it stands for: |
13 | VPN is an acronym, it stands for: |
| 14 | |
14 | |
| 15 | =over 4 |
15 | =over 4 |
| 16 | |
16 | |
| 17 | =item X<Virtual> |
17 | =item Virtual |
| 18 | |
18 | |
| 19 | Virtual means that no physical network is created (of course), but a |
19 | Virtual means that no physical network is created (of course), but a |
| 20 | network is I<emulated> by creating multiple tunnels between the member |
20 | network is I<emulated> by creating multiple tunnels between the member |
| 21 | nodes by encapsulating and sending data over another transport network. |
21 | nodes by encapsulating and sending data over another transport network. |
| 22 | |
22 | |
| 23 | Usually the emulated network is a normal IP or Ethernet, and the transport |
23 | Usually the emulated network is a normal IP or Ethernet, and the transport |
| 24 | network is the Internet. However, using a VPN system like GVPE to connect |
24 | network is the Internet. However, using a VPN system like GVPE to connect |
| 25 | nodes over other untrusted networks such as Wireless LAN is not uncommon. |
25 | nodes over other untrusted networks such as Wireless LAN is not uncommon. |
| 26 | |
26 | |
| 27 | =item X<Private> |
27 | =item Private |
| 28 | |
28 | |
| 29 | Private means that non-participating nodes cannot decode ("sniff)" nor |
29 | Private means that non-participating nodes cannot decode ("sniff)" nor |
| 30 | inject ("spoof") packets. This means that nodes can be connected over |
30 | inject ("spoof") packets. This means that nodes can be connected over |
| 31 | untrusted networks such as the public Internet without fear of being |
31 | untrusted networks such as the public Internet without fear of being |
| 32 | eavesdropped while at the same time being able to trust data sent by other |
32 | eavesdropped while at the same time being able to trust data sent by other |
| … | |
… | |
| 34 | |
34 | |
| 35 | In the case of GVPE, even participating nodes cannot sniff packets |
35 | In the case of GVPE, even participating nodes cannot sniff packets |
| 36 | send to other nodes or spoof packets as if sent from other nodes, so |
36 | send to other nodes or spoof packets as if sent from other nodes, so |
| 37 | communications between any two nodes is private to those two nodes. |
37 | communications between any two nodes is private to those two nodes. |
| 38 | |
38 | |
| 39 | =item X<Network> |
39 | =item Network |
| 40 | |
40 | |
| 41 | Network means that more than two parties can participate in the network, |
41 | Network means that more than two parties can participate in the network, |
| 42 | so for instance it's possible to connect multiple branches of a company |
42 | so for instance it's possible to connect multiple branches of a company |
| 43 | into a single network. Many so-called "VPN" solutions only create |
43 | into a single network. Many so-called "VPN" solutions only create |
| 44 | point-to-point tunnels, which in turn can be used to build larger |
44 | point-to-point tunnels, which in turn can be used to build larger |
| … | |
… | |
| 50 | |
50 | |
| 51 | =back |
51 | =back |
| 52 | |
52 | |
| 53 | =head2 GVPE DESIGN GOALS |
53 | =head2 GVPE DESIGN GOALS |
| 54 | |
54 | |
| 55 | =over 4 |
55 | =over 4 |
| 56 | |
56 | |
| 57 | =item SIMPLE DESIGN |
57 | =item SIMPLE DESIGN |
| 58 | |
58 | |
| 59 | Cipher, HMAC algorithms and other key parameters must be selected |
59 | Cipher, HMAC algorithms and other key parameters must be selected |
| 60 | at compile time - this makes it possible to only link in algorithms |
60 | at compile time - this makes it possible to only link in algorithms |
| … | |
… | |
| 117 | |
117 | |
| 118 | ./configure --enable-hmac-length=4 --enable-rand-length=0 |
118 | ./configure --enable-hmac-length=4 --enable-rand-length=0 |
| 119 | |
119 | |
| 120 | Minimize the header overhead of VPN packets (the above will result in |
120 | Minimize the header overhead of VPN packets (the above will result in |
| 121 | only 4 bytes of overhead over the raw ethernet frame). This is a insecure |
121 | only 4 bytes of overhead over the raw ethernet frame). This is a insecure |
| 122 | configuration because a HMAC length of 4 makes collision attacks based on |
122 | configuration because a HMAC length of 4 makes collision attacks almost |
| 123 | the birthday paradox pretty easy. |
123 | trivial. |
| 124 | |
124 | |
| 125 | =head2 MINIMIZE CPU TIME REQUIRED |
125 | =head2 MINIMIZE CPU TIME REQUIRED |
| 126 | |
126 | |
| 127 | ./configure --enable-cipher=bf --enable-digest=md4 |
127 | ./configure --enable-cipher=bf --enable-digest=md4 |
| 128 | |
128 | |
| … | |
… | |
| 130 | gvpe. MD4 has been broken and is quite insecure, though, so using another |
130 | gvpe. MD4 has been broken and is quite insecure, though, so using another |
| 131 | digest algorithm is recommended. |
131 | digest algorithm is recommended. |
| 132 | |
132 | |
| 133 | =head2 MAXIMIZE SECURITY |
133 | =head2 MAXIMIZE SECURITY |
| 134 | |
134 | |
| 135 | ./configure --enable-hmac-length=16 --enable-rand-length=8 --enable-digest=sha1 |
135 | ./configure --enable-hmac-length=16 --enable-rand-length=12 --enable-digest=ripemd610 |
| 136 | |
136 | |
| 137 | This uses a 16 byte HMAC checksum to authenticate packets (I guess 8-12 |
137 | This uses a 16 byte HMAC checksum to authenticate packets (I guess 8-12 |
| 138 | would also be pretty secure ;) and will additionally prefix each packet |
138 | would also be pretty secure ;) and will additionally prefix each packet |
| 139 | with 8 bytes of random data. In the long run, people should move to |
139 | with 12 bytes of random data. |
| 140 | SHA-256 and beyond). |
|
|
| 141 | |
140 | |
| 142 | In general, remember that AES-128 seems to be as secure but faster than |
141 | In general, remember that AES-128 seems to be as secure but faster than |
| 143 | AES-192 or AES-256, more randomness helps against sniffing and a longer |
142 | AES-192 or AES-256, more randomness helps against sniffing and a longer |
| 144 | HMAC helps against spoofing. MD4 is a fast digest, SHA1, RIPEMD160, SHA256 |
143 | HMAC helps against spoofing. MD4 is a fast digest, SHA1, RIPEMD160, SHA256 |
| 145 | are consecutively better, and Blowfish is a fast cipher (and also quite |
144 | are consecutively better, and Blowfish is a fast cipher (and also quite |
