On Tue, Apr 17, 2018 at 1:05 PM, Jesse Cox <ki4...@gmail.com> wrote: > You guys don't know me. I'm not a developer of the OS but I think I have > something which could benefit it in the long run. > > Here's the thing: I've been watching video after video about data security > and encryption and why the average person refuses to adopt encryption > standards. According to most of these videos, encryption is lacking in the > world because it's complicated and no one wants to take the time to > uncomplicate it. SSL was phased in because Netscape added it to their > browser, forcing all the others to adopt it. I don't have the time to > develop this project but I have an idea of how to implement a native > encryption over insecure networks, for all Linux devices on the network. If > this were a Linux router, it'd also be able to provide security despite > having an open network. > > Here's the idea: > > This is all over an unsecured network (so Alice and Bob both have IP > addresses -- let's say in the IPv4 spectrum for local wifi with an open > network). > > Alice wants to talk to Bob and each of them have the networking software > (virtual networking device) installed. > > The virtual device works by creating an IPv6 address for its client (so they > both have one). The IPv6 is a hash of each client's public key. > > Let's say Alice's public key hash was 00:11:22:33:44:55:66 > > And Bob's was 77:88:99:10:11:12 > > Alice's virtual interface would broadcast a message over the IPv4 network > asking for 77:88:99:10:11:12's public key (since the IP is a hash, the key > must match and since Bob is the only one with the private key to match the > hash, he's the only one who can communicate.
This is a bad assumption - a 'hash' is a reduction of a large value down to a smaller value; it is incorrect that "Bob is the only one with the private key to match the hash". Whatever the hash function, if the number of bits in the hash (IPv6 addr, 128 bits) is less than the number of bits in the key (at least 2048, could be 4096 or even higher) then there is no possible hash function that would hash each key value into a unique hash value. It's just not mathematically possible. Additionally, there are restrictions on what IPv6 value can be used. Also, you seem to be confusing MAC addresses (XX:XX:XX:XX:XX:XX) with IPv6 addresses (XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX). > > Once Bob's interface sends Alice's interface his private key Typically, you never give your private key away to anyone or any other system. It's not really "private" if you're giving it away, then it's called a "shared" key. > -- in response > to the broadcast -- the interfaces can exchange AES keys and then > communicate. The communications can't be hijacked at any point, just > stopped. > > Why is this important? > > Linux as a system has a past of creating solutions which benefit their users > well before any other system. As the push for encryption continues, history > has shown us that users will not implement safety measures themselves. I > think it'd be great for Ubuntu to set the standard for a Native Linux > Network Encryption protocol, which starts on bootup with the system in > question. This is just an idea but it'd be awesome and a major step forward > in IT security. I'm not saying this idea is not possible, it probably is possible at the L2 layer to add some native encryption involving a per-endpoint key exchange that encrypts each point-to-point L2 communication separately. However, I think that would be far, far more complex than what you've outlined, but if I'm misunderstanding you then perhaps a whitepaper with specific details on the entire process would help explain your idea. > > -- > Ubuntu-devel-discuss mailing list > Ubuntu-devel-discuss@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
