ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/doc/gvpe.5.pod
(Generate patch)

Comparing gvpe/doc/gvpe.5.pod (file contents):
Revision 1.9 by pcg, Mon Sep 1 06:06:11 2008 UTC vs.
Revision 1.10 by root, Wed Jul 10 01:51:40 2013 UTC

50 50
51=back 51=back
52 52
53=head2 GVPE DESIGN GOALS 53=head2 GVPE DESIGN GOALS
54 54
55=over 4 55=over 4
56 56
57=item SIMPLE DESIGN 57=item SIMPLE DESIGN
58 58
59Cipher, HMAC algorithms and other key parameters must be selected 59Cipher, HMAC algorithms and other key parameters must be selected
60at compile time - this makes it possible to only link in algorithms 60at compile time - this makes it possible to only link in algorithms
130gvpe. MD4 has been broken and is quite insecure, though, so using another 130gvpe. MD4 has been broken and is quite insecure, though, so using another
131digest algorithm is recommended. 131digest algorithm is recommended.
132 132
133=head2 MAXIMIZE SECURITY 133=head2 MAXIMIZE SECURITY
134 134
135 ./configure --enable-hmac-length=16 --enable-rand-length=8 --enable-digest=sha1 135 ./configure --enable-hmac-length=16 --enable-rand-length=16 --enable-digest=sha384
136 136
137This uses a 16 byte HMAC checksum to authenticate packets (I guess 8-12 137This uses a 16 byte HMAC checksum to authenticate packets (I guess 8-12
138would also be pretty secure ;) and will additionally prefix each packet 138would also be pretty secure ;) and will additionally prefix each packet
139with 8 bytes of random data. In the long run, people should move to 139with 16 bytes of random data.
140SHA-256 and beyond).
141 140
142In general, remember that AES-128 seems to be as secure but faster than 141In general, remember that AES-128 seems to be as secure but faster than
143AES-192 or AES-256, more randomness helps against sniffing and a longer 142AES-192 or AES-256, more randomness helps against sniffing and a longer
144HMAC helps against spoofing. MD4 is a fast digest, SHA1, RIPEMD160, SHA256 143HMAC helps against spoofing. MD4 is a fast digest, SHA1, RIPEMD160, SHA256
145are consecutively better, and Blowfish is a fast cipher (and also quite 144are consecutively better, and Blowfish is a fast cipher (and also quite

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines