Charles Stack on Wed, 13 Sep 2000 10:43:44 -0400 (EDT)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

RE: [PLUG] secure tcp/ip communication


Unless you are familiar with secure application design, I suggest that you
look for an established, proven solution rather than attempt your own.
Failure to understand the various protocols and vulnerabilities in their
implementation could render your "solution" far more damaging than none at
all as you will have a false sense of security.

It was suggested on this list that you use ssh.  You could also use vpnd or,
if ambitious, modify your kernel to support IPSEC. Alternatively, you could
could with commercial hardware based system such as a Shiva Express to
secure your network.

But, to answer your question...yes...encryption should occur JUST BEFORE
sending and decryption should be done immediately AFTER receiving.  I would
also suggest that you compress your data first before encrypting to reduce
entropy in the data and decompress following decryption.

Charles

-----Original Message-----
From: plug-admin@lists.phillylinux.org
[mailto:plug-admin@lists.phillylinux.org]On Behalf Of
shux@subculture.org
Sent: Monday, September 11, 2000 11:37 PM
To: plug@lists.nothinbut.net
Subject: [PLUG] secure tcp/ip communication



I will soon be writing a few applications that will need to make use of
tcp/ip (using the sockets API). However, because the project involves remote
administration and access privelages, it is important that I use a secure
connection, so that passwords or other information can't be sniffed.

Does anyone have any experience using encrypted tcp/ip tunnels? Should I
just encrypt the data I will be sending using send() and decrypt it after it
is received by recv()? I looked on fm.net and found a library called
libmcrypt. I have not yet looked at its documentation. Also a quick search
with apt-cache gives me packages like tunnelv, stunnel, and sslwrap? Has
anyone on this list used any of these tools?

Thank You,
Xtian Betz

shux@subculture.org | aim: shuxlos

p.s. (should I have vi wordwrap for me? Does it bother you guys?)


______________________________________________________________________
Philadelphia Linux Users Group       -      http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion  -  http://lists.phillylinux.org/mail/listinfo/plug


______________________________________________________________________
Philadelphia Linux Users Group       -      http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion  -  http://lists.phillylinux.org/mail/listinfo/plug