All, The first -pre release of fwknop-2.5 is available for download:
http://www.cipherdyne.org/fwknop/download/fwknop-2.5-pre1.tar.gz sha1: a9465dd13e1a267480ac1fb50ca11a93c0c235e2 There are still a few things that will be added to this release, and they are being tracked in github here: https://github.com/mrash/fwknop/issues?milestone=4&page=1&state=open The big news for 2.5 is the addition of the following: - HMAC support for both Rijndael and GPG encrypted SPA packets. The implementation is done in the encrypt-then-authenticate model which does not suffer from padding oracle attacks. This requires the usage of a separate HMAC key, but is highly recommended for several reasons including the execution of more simplistic code (relative to the encryption algorithms themselves) for verification of SPA packet authenticity before decryption on the server side. - Test suite support for both Rijndael and HMAC comparisons against OpenSSL. This allows fwknop to continue to have very lightweight inclusion of code to implement Rijndael and HMAC, but leverage the OpenSSL community as a verification that fwknop's usage conforms to how OpenSSL does things. - The fwknop project is now using Coverity for static analysis, and several bugs have been fixed. A note on backwards compatibility: if you are using Rijndael for SPA encryption instead of GPG, then by default SPA packets created by 2.5-pre1 are not compatible with older versions of fwknop. This is due to a change in how fwknop deals with Rijndael in CBC mode relating to the generation of the initialization vector along with a change relative to keys > 16 bytes. There is a "legacy" encryption mode that helps to maintain backwards compatibility, but it isn't documented well yet. My recommendation right now is that if you want to upgrade, then upgrade both the server and all clients to 2.5-pre1. For the final 2.5 release there will be comprehensive material on how to navigate backwards compatibility. Here is the complete ChangeLog so far: http://www.cipherdyne.org/cgi-bin/gitweb.cgi?p=fwknop.git;a=blob;f=ChangeLog;h=2671927f9d5f9f15914e13248547662a432507a4;hb=c83bc15c5eb9d6597df17cd9b421ab818548b210 As always, please let me know if there are any issues. Thanks, --Mike
signature.asc
Description: Digital signature
------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. This 200-page book is written by three acclaimed leaders in the field. The early access version is available now. Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
_______________________________________________ Fwknop-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
