A couple of weeks back I was taking a look at some of the encryption code in Xpra and was thinking that the code could use some improvements (see bug #198). I haven't had as much time to work on this on my own as I'd like (since it's really just been in my free time on evenings/weekends), but have made some progress.
Attached is a first patch (still needs to be tested) at adding better transport-layer encryption to Xpra--it adds message authentication to each of the packets to prevent any tampering of the data stream. Please don't commit it, as it isn't ready for that yet. I'm also working on a patch to implement key exchange at the start of a connection (the patch I'm posting will require that to work); I'm currently doing some testing on that and need to get a final approval to release it. Hopefully that will be done in the next few days, and I'll send it here to be looked at too. This is definitely still work in progress, and will warrant a security review before it should be trusted, but should be a good first step. --Michael Vrable _______________________________________________ shifter-users mailing list [email protected] http://lists.devloop.org.uk/mailman/listinfo/shifter-users
