… | |
… | |
127 | .\} |
127 | .\} |
128 | .rm #[ #] #H #V #F C |
128 | .rm #[ #] #H #V #F C |
129 | .\" ======================================================================== |
129 | .\" ======================================================================== |
130 | .\" |
130 | .\" |
131 | .IX Title "GVPE 5" |
131 | .IX Title "GVPE 5" |
132 | .TH GVPE 5 "2004-06-11" "1.7" "GNU Virtual Private Ethernet" |
132 | .TH GVPE 5 "2004-09-18" "1.7" "GNU Virtual Private Ethernet" |
133 | .SH "NAME" |
133 | .SH "NAME" |
134 | GNU\-VPE \- Overview of the GNU Virtual Private Ethernet suite. |
134 | GNU\-VPE \- Overview of the GNU Virtual Private Ethernet suite. |
135 | .SH "DESCRIPTION" |
135 | .SH "DESCRIPTION" |
136 | .IX Header "DESCRIPTION" |
136 | .IX Header "DESCRIPTION" |
137 | \&\s-1GVPE\s0 is a suite designed to provide a virtual private network for multiple |
137 | \&\s-1GVPE\s0 is a suite designed to provide a virtual private network for multiple |
… | |
… | |
213 | \& ./configure --enable-hmac-length=16 --enable-rand-length=8 --enable-digest=sha1 |
213 | \& ./configure --enable-hmac-length=16 --enable-rand-length=8 --enable-digest=sha1 |
214 | .Ve |
214 | .Ve |
215 | .PP |
215 | .PP |
216 | This uses a 16 byte \s-1HMAC\s0 checksum to authenticate packets (I guess 8\-12 |
216 | This uses a 16 byte \s-1HMAC\s0 checksum to authenticate packets (I guess 8\-12 |
217 | would also be pretty secure ;) and will additionally prefix each packet |
217 | would also be pretty secure ;) and will additionally prefix each packet |
218 | with 8 bytes of random data. |
218 | with 8 bytes of random data. In the long run, people should move to |
|
|
219 | \&\s-1SHA\-224\s0 and beyond, but support in openssl is missing as of writing this |
|
|
220 | document. |
219 | .PP |
221 | .PP |
220 | In general, remember that \s-1AES\-128\s0 seems to be more secure and faster than |
222 | In general, remember that \s-1AES\-128\s0 seems to be more secure and faster than |
221 | \&\s-1AES\-192\s0 or \s-1AES\-256\s0, more randomness helps against sniffing and a longer |
223 | \&\s-1AES\-192\s0 or \s-1AES\-256\s0, more randomness helps against sniffing and a longer |
222 | \&\s-1HMAC\s0 helps against spoofing. \s-1MD4\s0 is a fast digest, \s-1SHA1\s0 or \s-1RIPEMD160\s0 are |
224 | \&\s-1HMAC\s0 helps against spoofing. \s-1MD4\s0 is a fast digest, \s-1SHA1\s0 or \s-1RIPEMD160\s0 are |
223 | better, and Blowfish is a fast cipher (and also quite secure). |
225 | better, and Blowfish is a fast cipher (and also quite secure). |