Re: [cryptography] GoVPN -- reviewable secure state-off-art crypto free software VPN daemon
Actually, in my oh so very humble opinion, world has enough reasonably good VPNs that can operate on reasonably good connections. What is lacking is something that can function transparently and effectively on a very flakey connection (thing lousy GPRS one) without introducing noticeable overhead. Given that lousy GPRS connections are unstable, any classic VPN scheme starts suffering a lot of connection re-negotiation overhead, which sucks (even if the overhead for a single instance of properly negotiating a session key is minuscle, when you do it every goddamn time connection is lost, it starts adding up really fast). Also, hearbeating tends to eat mobile battery pretty fast. Shadowsocks, by a group of Chinese developers ( https://github.com/shadowsocks ) avoids this issue by eschewing session key negotiation alltogether, and just encrypting stuff based on a user-supplied pre-shared secret. That isn't a very bad idea (if the user secret is strong enough) but it inerently lacks any forward secrecy, which is all kinds of hairy (also, it doesn't operate as a proper VPN, but a simpleton SOCKS proxy, but that is not a fundamental cryptographic issue, lol) I think some more work needs to be done to address conditions where heartbeating / frequent re-negotiation is problematic, connection is unstable, but some degree of forward secrecy is still desirable. Maybe there are clever solutions of cryptographic nature. Maybe not-so-clever solutions (like having session keys that expire X hours after being negotiated, not at end of every session) would be good enough for some usecases). But it's worth looking at, becase frankly, the Reliable and reasonably secure VPNs for reasonably good connections segment is already densely populated. Sincerely, J On Sun, May 3, 2015 at 4:44 PM, stargr...@stargrave.org wrote: GoVPN project should be interesting in this maillist: http://www.cypherpunks.ru/govpn/ Aimed to be reviewable, secure, DPI-resistant, state-off-art crypto free software VPN daemon. It is written on Go, so has small source code size. Uses fast Password Authenticated Key Exchange (PAKE) based on Diffie-Hellman (DH) Augmented Encrypted Key Exchange (A-EKE) for mutual strong zero-knowledge peers authentication, using Curve25519 and Ed25519. Data transport is encrypted (Salsa20), authenticated (Poly1305), hides message's length and timestamp by appending noise and generating constant packet rate dummy traffic. Perfect Forward Secrecy (PFS) property, resistance to dictionary attacks (PBKDF2 and server-side verifiers), replay attacks (nonces). Built-in heartbeating, rehandshaking. All traffic is indistinguishable from the noise. Feedback is appreciated! -- Happy hacking, Sergey Matveev ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] GoVPN -- reviewable secure state-off-art crypto free software VPN daemon
On May 4, 2015 5:09 AM, Jane laterc...@consultant.com wrote: Actually, in my oh so very humble opinion, world has enough reasonably good VPNs that can operate on reasonably good connections. What is lacking is something that can function transparently and effectively on a very flakey connection (thing lousy GPRS one) without introducing noticeable overhead. Given that lousy GPRS connections are unstable, any classic VPN scheme starts suffering a lot of connection re-negotiation overhead, which sucks (even if the overhead for a single instance of properly negotiating a session key is minuscle, when you do it every goddamn time connection is lost, it starts adding up really fast). Also, hearbeating tends to eat mobile battery pretty fast. What you're looking for is multi homed vpn, there are quite a few posts and articles on the subject. Both OpenVPN and IPSec can do this (though IPSec is more flexible and should do exactly what you want). ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] GoVPN -- reviewable secure state-off-art crypto free software VPN daemon
Thanks Shawn! However, upon googling and familiarizing myself with some material ( http://crazyvlan.blogspot.de/2013/06/implementing-multi-homed-and-load.html etc. ), I don't see how this solves the renegotiate session-key every time your connection breaks issue for a simple user who has a single unreliable internet link. It might be useful for a number of different, enterprise-typical conditions (such as when you have n+1 ISP connections for redundancy, and need VPN to operate seamlessly when one of them fails) However, what I have in mind is something that is geared towards a conventional user with conventional smartphone, who has a single and less-than-reliable data link with limited bandwidth (and relatively limited battery resource). Sincerely, J On Mon, May 4, 2015 at 1:33 PM, shawn wilson ag4ve...@gmail.com wrote: On May 4, 2015 5:09 AM, Jane laterc...@consultant.com wrote: Actually, in my oh so very humble opinion, world has enough reasonably good VPNs that can operate on reasonably good connections. What is lacking is something that can function transparently and effectively on a very flakey connection (thing lousy GPRS one) without introducing noticeable overhead. Given that lousy GPRS connections are unstable, any classic VPN scheme starts suffering a lot of connection re-negotiation overhead, which sucks (even if the overhead for a single instance of properly negotiating a session key is minuscle, when you do it every goddamn time connection is lost, it starts adding up really fast). Also, hearbeating tends to eat mobile battery pretty fast. What you're looking for is multi homed vpn, there are quite a few posts and articles on the subject. Both OpenVPN and IPSec can do this (though IPSec is more flexible and should do exactly what you want). ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] GoVPN -- reviewable secure state-off-art crypto free software VPN daemon
I haven't tried it, but OpenVPN has a --float option. I haven't had a chance to try it myself, but it will handover to a new IP address, essentially giving roaming over unreliable link style connectivity. See: https://community.openvpn.net/openvpn/ticket/49 What would be even nicer is some sort of mosh-like functionality where the connectivity can remain long-lived (for when your laptop/phone suspends). - Naveen On Mon, May 04, 2015 at 02:19:01PM +0300, Jane wrote: Thanks Shawn! However, upon googling and familiarizing myself with some material ( http://crazyvlan.blogspot.de/2013/06/implementing-multi-homed-and-load.html etc. ), I don't see how this solves the renegotiate session-key every time your connection breaks issue for a simple user who has a single unreliable internet link. A It might be useful for a number of different, enterprise-typical conditions (such as when you have n+1 ISP connections for redundancy, and need VPN to operate seamlessly when one of them fails) However, what I have in mind is something that is geared towards a conventional user with conventional smartphone, who has a single and less-than-reliable data link with limited bandwidth (and relatively limited battery resource). Sincerely, J On Mon, May 4, 2015 at 1:33 PM, shawn wilson ag4ve...@gmail.com wrote: On May 4, 2015 5:09 AM, Jane laterc...@consultant.com wrote: Actually, in my oh so very humble opinion, world has enough reasonably good VPNs that can operate on reasonably good connections. What is lacking is something that can function transparently and effectively on a very flakey connection (thing lousy GPRS one) without introducing noticeable overhead. Given that lousy GPRS connections are unstable, any classic VPN scheme starts suffering a lot of connection re-negotiation overhead, which sucks (even if the overhead for a single instance of properly negotiating a session key is minuscle, when you do it every goddamn time connection is lost, it starts adding up really fast). Also, hearbeating tends to eat mobile battery pretty fast. What you're looking for is multi homed vpn, there are quite a few posts and articles on the subject. Both OpenVPN and IPSec can do this (though IPSec is more flexible and should do exactly what you want). ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] GoVPN -- reviewable secure state-off-art crypto free software VPN daemon
On Mon, 4 May 2015, Naveen Nathan wrote: I haven't tried it, but OpenVPN has a --float option. I haven't had a chance to try it myself, but it will handover to a new IP address, essentially giving roaming over unreliable link style connectivity. See: https://community.openvpn.net/openvpn/ticket/49 What would be even nicer is some sort of mosh-like functionality where the connectivity can remain long-lived (for when your laptop/phone suspends). There is nothing in IKE/IPsec that prevents you from doing this. Unless you configure dead peer detection (aka liveness checks) Paul ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography