mirror of https://github.com/ntop/n2n.git
Logan007
4 years ago
1 changed files with 43 additions and 0 deletions
@ -0,0 +1,43 @@ |
|||
# Cryptography in n2n |
|||
|
|||
## Payload |
|||
|
|||
### Overview |
|||
|
|||
Payload encryption currently comes four in different flavors. Supported ciphers are enabled using the indicated command line option: |
|||
|
|||
- Twofish in CBC mode (`-A2`) |
|||
- AES in CBC mode (`-A3`) |
|||
- ChaCha20 (CTR) (`-A4`) |
|||
- SPECK in CTR mode (`-A5`) |
|||
|
|||
To renounce encryption, `-A1` enables the so called `null_transform` transmitting all data unencrpytedly. |
|||
|
|||
The following quick comparing chart might help make a decision on what cipher to use: |
|||
|
|||
| Cipher | Mode | Block Size | Key Size | IV length |Speed | Built-In | Origin | |
|||
| :---: | :---:| :---: | :---: | :---: |:---: | :---: | --- | |
|||
|Twofish | CBC | 128 bits | 128 bit (?) | 32 bit | - | Y | Bruce Schneier | |
|||
|AES | CBC | 128 bits | 128, 192,256 bit | 64 bit | O..+ | N | Joan Daemen and Vincent Rijmen, NSA-approved | |
|||
|ChaCha20| CTR | Stream | 256 bit | 128 bit | +..++| N | Daniel J. Bernstein | |
|||
|SPECK | CTR | Stream | 256 bit | 128 bit | ++ | Y | NSA | |
|||
|
|||
As all block ciphers are used in CBC mode, they require a padding which results in encrypted payload sizes modulo the respective blocksize. Sizewise, this could be considered a disadvantage. On the other hand, stream ciphers need a longer initialization vector (IV) to be transmitted. |
|||
|
|||
Note that AES and ChaCha20 only are available if n2n was compiled with openSSL support while Twofish and SPECK always are available as built-ins. |
|||
|
|||
### Twofish |
|||
|
|||
### AES |
|||
|
|||
### ChaCha20 |
|||
|
|||
### SPECK |
|||
|
|||
## Header |
|||
|
|||
### Encryption |
|||
|
|||
### Checksum |
|||
|
|||
### Replay Protection |
|||
Loading…
Reference in new issue