Mlls
mlls is project by AndrewGriffiths to encrypt packets over the datalink layer, using possibly rsa+rsa+dh. The RSA part kinda not sure about now, cause ofthe work DJB is doing.
The RSA+RSA+DH part ensures perfect future security (I'm not sure if thats the exact term), because if someone breaks in and steals the longterm RSA key, doesn't mean they can read anything that was encrypted before, and anything encrypted after, (due to the once-only RSA key, and once-only DH key.).
The DH key exchange means no key is needed between connecting parties. Authenication is provided through the use of RSA and challenging. (Well, it double challenges. Each side provides part of the challenge. This prevents the evil server attack, and makes it highly unlikely someone can replay an signed challenge.)
At the moment, I think I will make it so it opens (effectively) a point-to-point encrypted tunnel between people, so the routing table in the OS, might be something like,
IP range - - - - Interface
192.168.2.0/24 - eth0
192.168.2.3/32 - tun0
192.168.2.7/32 - tun1
Since routing is chosen on best match, the correct interface will be picked for sending out.
This technique is portable to Linux, FreeBSD, and Solaris using the TUN/TAP module. If other people using other OS's want to use this, I can prolly make a workaround for TUN/TAP, and use Libnet and libpcap.
Version 4 (current) modified Mon, 26 Jul 2021 12:49:29 +0000 by
graybeard [EditText] [Spelling] [Current] [Raw] [Code] [Diff] [Subscribe] [VersionHistory] [Revert] [Delete] [RecentChanges]