home  wiki

Mlls

mlls is project by AndrewGriffiths to encrypt packets over the datalink layer, using possibly rsa+rsa+dh. The RSA part kinda not sure about now, cause ofthe work External linkDJB is doing.

The RSA+RSA+DH part ensures perfect future security (I'm not sure if thats the exact term), because if someone breaks in and steals the longterm RSA key, doesn't mean they can read anything that was encrypted before, and anything encrypted after, (due to the once-only RSA key, and once-only DH key.).

The DH key exchange means no key is needed between connecting parties. Authenication is provided through the use of RSA and challenging. (Well, it double challenges. Each side provides part of the challenge. This prevents the evil server attack, and makes it highly unlikely someone can replay an signed challenge.)

At the moment, I think I will make it so it opens (effectively) a point-to-point encrypted tunnel between people, so the routing table in the OS, might be something like,

IP range - - - - Interface 

192.168.2.0/24 - eth0
192.168.2.3/32 - tun0
192.168.2.7/32 - tun1


Since routing is chosen on best match, the correct interface will be picked for sending out.

This technique is portable to Linux, FreeBSD, and Solaris using the TUN/TAP module. If other people using other OS's want to use this, I can prolly make a workaround for TUN/TAP, and use External linkLibnet and External linklibpcap.


Version 4 (current) modified Tue, 03 Jul 2007 23:12:10 +1000 by graybeard
[EditText] [Spelling] [Current] [Raw] [Code] [Diff] [Subscribe] [VersionHistory] [Revert] [Delete] [RecentChanges]
> home> about> events> files> members> maps> wiki board   > home   > categories   > search   > changes   > formatting   > extras> site map

Username
Password

 Remember me.
>

> forgotten password?
> register?
currently 0 users online
Node Statistics
building122
gathering192
interested464
operational249
testing201