kdxcxs
/
n2n
mirror of https://github.com/ntop/n2n.git
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

updated Crypto.md 

clarification, added details about -k cli option and N2N_KEY
pull/575/head
Logan oos Even 4 years ago
committed by GitHub
parent
9152526bf2
commit
a136fb995e
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 2 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 8
      doc/Crypto.md

8
doc/Crypto.md
View File

@ -11,8 +11,6 @@ Payload encryption currently comes in four different flavors using ciphers of di
- ChaCha20 (CTR) (`-A4`) - ChaCha20 (CTR) (`-A4`)
- SPECK in CTR mode (`-A5`) - SPECK in CTR mode (`-A5`)
To renounce encryption, `-A1` enables the so called `null_transform` transmitting all payload data unencryptedly.
The following chart might help to make a quick comparison and decide what cipher to use: The following chart might help to make a quick comparison and decide what cipher to use:
| Cipher | Mode | Block Size | Key Size | IV length |Speed | Built-In | Origin | | Cipher | Mode | Block Size | Key Size | IV length |Speed | Built-In | Origin |
@ -26,6 +24,12 @@ The two block ciphers Twofish and AES are used in CTS mode.
n2n has all four ciphers built-in as basic versions. Some of them optionally compile to faster versions by the means of available hardware support (AES-NI, SSE, AVX – please see the [Building document](./Building.md) for details. Depending on your platform, AES and ChaCha20 might also draw notable acceleration from optionally compiling with openSSL 1.1 support. n2n has all four ciphers built-in as basic versions. Some of them optionally compile to faster versions by the means of available hardware support (AES-NI, SSE, AVX – please see the [Building document](./Building.md) for details. Depending on your platform, AES and ChaCha20 might also draw notable acceleration from optionally compiling with openSSL 1.1 support.
The`-k <key>` command line parameter supplies the key. As even non-privileged users might get to see the command line parameters (try `ps -Af | grep edge`), the key can also be supplied through the `N2N_KEY` environment variable: `sudo N2N_KEY=mysecretpass edge -c mynetwork -a 192.168.100.1 -f -l supernode.ntop.org:7777`.
Providing `-k <key>` without specifying any cipher by `-A_` will default to AES encryption.
To renounce encryption, `-A1` enables the so called `null_transform` transmitting all payload data unencryptedly. Omitting `-A_` and not providing a key through `-k <key>` shows the same effect.
### Twofish ### Twofish
This implementation prepends a 128 bit random value to the plain text. Its size is adjustable by changing the `TF_PREAMBLE_SIZE` definition found in `src/transform_tf.c`. It defaults to TF_BLOCK_SIZE (== 16). As CTS uses underlying CBC mode, this basically has the same effect as a respectively shorter IV. However, this flexibility does not come for free as an additional block needs to be encrypted. This implementation prepends a 128 bit random value to the plain text. Its size is adjustable by changing the `TF_PREAMBLE_SIZE` definition found in `src/transform_tf.c`. It defaults to TF_BLOCK_SIZE (== 16). As CTS uses underlying CBC mode, this basically has the same effect as a respectively shorter IV. However, this flexibility does not come for free as an additional block needs to be encrypted.

Write Preview
Loading…
Cancel
Save