secnet status
Ian Jackson
ijackson at chiark.greenend.org.uk
Wed Jul 3 23:24:47 BST 2013
Before doing another beta, and then a release, there are some things
that need to be fixed:
* We need to get rid of CBC-MAC, really! We don't have much
algorithm agility, but we do need at the least to have some kind
of sites-fragment-based capability computation mechanism.
And we need a new transform. I propose to implement a simple
one using HMAC-SHA-512 truncated to 128 bits, and Serpent in
Counter mode (using the packet sequence number concatenated
with the block number within the packet as the counter).
* We need to replace some of our memcmps with a constant time
version. I have code to do this.
* There is an annoying tendency for a restarted secnet not to
be quite functional; in particular restarting the fixed site
can cause trouble for mobile sites. I have a patch series
half-written to fix this.
Ian.
More information about the sgo-software-discuss
mailing list