home 
wiki
wiki
Spelling: Mlls
mlls is project by AndrewGriffiths [1] to encrypt packets over the
datalink layer, using possibly rsa+rsa+dh. The RSA part kinda not sure
about now, cause ofthe work DJB [2] is doing.
The RSA+RSA+DH part ensures perfect future security (I'm not sure if
thats the exact term), because if someone breaks in and steals the
longterm RSA key, doesn't mean they can read anything that was
encrypted before, and anything encrypted after, (due to the once-only
RSA key, and once-only DH key.).
The DH key exchange means no key is needed between connecting
parties. Authenication is provided through the use of RSA and
challenging. (Well, it double challenges. Each side provides part of
the challenge. This prevents the evil server attack, and makes it
highly unlikely someone can replay an signed challenge.)
At the moment, I think I will make it so it opens (effectively) a
point-to-point encrypted tunnel between people, so the routing table
in the OS, might be something like,
IP RANGE - - - - INTERFACE
192.168.2.0/24 - eth0
192.168.2.3/32 - tun0
192.168.2.7/32 - tun1
Since routing is chosen on best match, the correct interface will be
picked for sending out.
This technique is portable to Linux, FreeBSD [3], and Solaris using
the TUN/TAP module. If other people using other OS's want to use this,
I can prolly make a workaround for TUN/TAP, and use Libnet [4] and
libpcap [5].
Links:
------
[1] http://melbournewireless.org.au/?AndrewGriffiths
[2] http://www.cr.yp.to/
[3] http://melbournewireless.org.au/?FreeBSD
[4] http://www.packetfactory.com
[5] http://www.tcpdump.org
[EditText] [Spelling] [Current] [Raw] [Code] [Diff] [Subscribe] [VersionHistory] [Revert] [Delete] [RecentChanges]