Mlls
mlls is project by AndrewGriffiths to encrypt packets over the datalink layer, using possibly rsa+rsa+dh. The RSA part kinda not sure about now, cause ofthe work DJB is doing.
The RSA+RSA+DH part ensures perfect future security (I'm not sure if thats the exact term), because if someone breaks in and steals the longterm RSA key, doesn't mean they can read anything that was encrypted before, and anything encrypted after, (due to the once-only RSA key, and once-only DH key.).
The DH key exchange means no key is needed between connecting parties. Authenication is provided through the use of RSA and challenging. (Well, it double challenges. Each side provides part of the challenge. This prevents the evil server attack, and makes it highly unlikely someone can replay an signed challenge.)
At the moment, I think I will make it so it opens (effectively) a point-to-point encrypted tunnel between people, so the routing table in the OS, might be something like,
IP range - - - - - Interface
- - - - - - - - - - - - - - - - - - -
192.168.2.0/24 - eth0
192.168.2.3/32 - tun0
192.168.2.7/32 - tun1
(If the above doesn't look nice in your browser, change the font. Alternatively, being able todo tables would help. Grr @ not being able to that up properly.)
Since routing is chosen on best match, the correct interface will be picked for sending out.
This technique is portable to Linux, FreeBSD, and Solaris using the TUN/TAP module. If other people using other OS's want to use this, I can prolly make a workaround for TUN/TAP, and use Libnet and libpcap.
Version 1 (old) modified Mon, 26 Jul 2021 12:49:29 +0000 by
graybeard [EditText] [Spelling] [Current] [Raw] [Code] [Diff] [Subscribe] [VersionHistory] [Revert] [Delete] [RecentChanges]