On Jan 25, 2012, ruh Ruhsam Bernhard wrote: > /* Determine type of encryption used. For know, we are using the > * size of the message. > * > * XXX: We will want to come up with a more reliable method of > * identifying the encryption type. > */ > > Hello, > > this is really a problem. > Rijndael encrypted messages can also be longer than 400 Bytes (#define > MIN_GNUPG_MSG_SIZE 400). > > E.g. on my test machine a message of 248 characters results in 588 bytes > Rijndael encrypted message. > > How else could the encryption type be detected?
I'm in the process of changing how fwknop deals with encryption right now (working in a branch so we can merge when/if it makes sense): http://www.cipherdyne.org/cgi-bin/gitweb.cgi?p=fwknop.git;a=commitdiff;h=4c3d2188a1b94c5d33ac34d348e8d48eac858f00 I can see the message size test as being a problem in some cases such as in command mode with long command strings being included within an SPA packet. One alternative would just be to pretty much ignore packet size and just try decrypting incoming packets according to the keys defined in access.conf file. If no Rijndael key is defined in any stanza and only gpg is used, then decryption would only be attempted via gpg and vice versa. One thing that ties into this is that fwknop in Rijndael mode does not include a MAC tied to a separate key - I'm thinking of adding this as well (probably an HMAC-SHA256) as an option since then you start to get into the realm of an IND-CCA scheme. Thanks, --Mike > Please try to fix this. > > Thank you, > - Bernhard Ruhsam > > > > ------------------------------------------------------------------------------ > Keep Your Developer Skills Current with LearnDevNow! > The most comprehensive online learning library for Microsoft developers > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, > Metro Style Apps, more. Free future releases when you subscribe now! > http://p.sf.net/sfu/learndevnow-d2d > _______________________________________________ > Fwknop-discuss mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fwknop-discuss ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d _______________________________________________ Fwknop-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
